Topic: DMARC reports bouncing

[holck]

I have setup DMARC reporting and it works very well. I do, however, have a small issue. Every night the server sends DMARC reports to the various email servers. But many of these reports are not accepted - here is a typical response

Code: [Select]

Hi. This is the qmail-send program at ibsgaarden.dk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<isabella@travelmyeurope.com>:
45.55.43.173 does not like recipient.
Remote host said: 550 5.1.1 <isabella@travelmyeurope.com>: Recipient address rejected: User unknown in local recipient table
Giving up on 45.55.43.173.
isabella@travelmyeurope.com is indeed the email reporting address specified in the DMARC record for travelmyeurope.com:

Code: [Select]

v=DMARC1; p=quarantine; rua=mailto:isabella@travelmyeurope.com; ruf=mailto:isabella@travelmyeurope.com; adkim=s; aspf=s; pct=100; rf=afrf; ri=14400; sp=quarantine
It would be nice to have these bounce-messages handled more or less automatically (deleted?). There is nothing much I can do with them.

[Jean-Philippe Pialasse]

smeserver-mailsorting could help to do this by making a filter with procmail or dropmail.

[SchulzStefan]

Old thread - I know.

Code: [Select]

v=DMARC1; p=quarantine; rua=mailto:isabella@travelmyeurope.com; ruf=mailto:isabella@travelmyeurope.com; adkim=s; aspf=s; pct=100; rf=afrf; ri=14400; sp=quarantine
It would be nice to have these bounce-messages handled more or less automatically (deleted?). There is nothing much I can do with them.

To the DMARC policy I'm wondering what's the output of

- qpsmtpd-print-dns, and
- db configuration show qpsmtpd

It's not clear to me refering to https://wiki.contribs.org/Email#Inbound_DKIM_.2F_SPF_.2F_DMARC if/what/how the settings of DKIM/SPF/DMARC have to be changed.

regards,
stefan

[holck]

Old thread - I know.

To the DMARC policy I'm wondering what's the output of

- qpsmtpd-print-dns, and
- db configuration show qpsmtpd

It's not clear to me refering to https://wiki.contribs.org/Email#Inbound_DKIM_.2F_SPF_.2F_DMARC if/what/how the settings of DKIM/SPF/DMARC have to be changed.

regards,
stefan

Code: [Select]

# sudo /sbin/e-smith/qpsmtpd-print-dns

Here are sample DNS entries you should add in your public DNS
The DKIM entry can be copied as is, but others will probably need to be adjusted
to your need. For example, you should either change the reporting email adress
for DMARC (or create the needed pseudonym)


default._domainkey IN TXT "v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvESfnPGKsXaRs0yLIrYVQ7P6n079HXBzXx2BDER7su/Fs6//OTC3Gq2nIc0i3hhbk3WTjPADrIcu4EpOmOZ7XhDMOXoBnnki/mS5nv8ZdBY6PzPKHTQmPs1MBxTN2BOIwY6fl6FXc2emMjJrJrslppCmV2OZCE01daHaOsMKzkQIDAQAB;t=y"
@ IN SPF "v=spf1 mx a -all"
@ IN TXT "v=spf1 mx a -all"
_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback@ibsgaarden.dk; pct=100"


Code: [Select]

qpsmtpd=service
    A_Record_RBL=b.barracudacentral.org: Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DKIMSigning=enabled
    DMARCReporting=enabled
    DNSBL=enabled
    LogLevel=4
    MaxScannerSize=50000000
    RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,psbl.surriel.com,zen.spamhaus.org,b.barracudacentral.org: Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>
    RHSBL=enabled
    RelayRequiresAuth=enabled
    SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net,dbl.spamhaus.org
    TlsBeforeAuth=1
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=enabled
    access=public
    qplogsumm=disabled
    status=enabled