PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: DMARC help  (Read 53938 times)

paolop

  • Newbie
  • *
  • Karma: +2/-3
  • Posts: 3
DMARC help
« on: October 31, 2017, 09:22:30 PM »

Hello,
    I was wondering if somebody here could help me out on a thing.

We have a DMARC policy like this:
v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=r; fo=1; ri=86400; rua=mailto:dmarc@xxxx.com;

Looking at the DMARC reports, we see results like this:
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>


now, I tracked these messages down, and I can see them being sent from our own servers (IPs in SPF record) and being signed with our DKIM keys (applied by PMTA on the way out).

Any idea why the disposition is "quarantine"? I'd have expected 'none', as both SF and DK pass, and these are straight messages from the main domain (no sub-domains, etc).

Thanks,
  Paolo
Logged

AlwindB

  • Jr. Member
  • **
  • Karma: +5/-11
  • Posts: 21
    • Measuremail B.V.
Re: DMARC help
« Reply #1 on: November 06, 2017, 11:22:21 AM »

Hi Paolo,

have you checked the domain alignment? default DMARC is relaxed on SPF and DKIM.
But in your DMARC policy you've set a strict DMARC alignment requirement

https://space.dmarcian.com/how-can-spfdkim-pass-and-yet-dmarc-fail/
Logged

paolop

  • Newbie
  • *
  • Karma: +2/-3
  • Posts: 3
Re: DMARC help
« Reply #2 on: November 06, 2017, 07:31:31 PM »

Thanks for the reply.
From what I can tell these are aligned. I ran this trough all usual dmarc checkers, it came out clean.
As I can see the outbound message, I am quite sure the from, envelope from and reply-to headers all match our domain. The dmarc report I get back form the recipient domain is below.

It's really odd. it could be that the recipient email system does not process the policy properly? Similar messages to other domains seems to get teh rigth disposition ("none").

This is the report I get back (hilton.pf domain). All domains match our domain, the keys are correct, the IP is one of ours, that is listed in the SPF record.

Or am I readign this wrong?

  <policy_published>
    <domain>xxxx.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>100</pct>
    <fo>1</fo>
  </policy_published>
  <record>
    <row>
      <source_ip>(my IP)</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <envelope_from>xxxx.com</envelope_from>
      <header_from>xxxx.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>xxxx.com</domain>
        <scope>mfrom</scope>
        <result>pass</result>
      </spf>
      <dkim>
        <domain>xxxx.com</domain>
        <selector>keyz</selector>
        <result>pass</result>
      </dkim>
    </auth_results>
  </record>

Thanks
Logged