Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect rejection even sender server is listed in SPF #50

Open
iredmail opened this issue Sep 11, 2019 · 9 comments

Comments

@iredmail
Copy link

@iredmail iredmail commented Sep 11, 2019

Dear developers,

We experienced few incorrect rejections by OpenDMARC-1.3.2, even sender server IP address is explicitly listed in SPF. Here's the latest one (on Debian 10):

Postfix log:

Sep 11 09:46:05 mail postfix/cleanup[319]: 46Sv8s1Vd4z1x2H: milter-reject:
  END-OF-MESSAGE from mta202a-ord.mtasv.net[104.245.209.202]: 5.7.1
  rejected by DMARC policy for bitpanda.com; from=<pm_bounces@pm.mtasv.net>
  to=<user@mydomain.com> proto=ESMTP helo=<mta202a-ord.mtasv.net>

DNS records of the bitpanda.com mentioned in Postfix log:

v=spf1 mx include:_spf.mlsend.com include:spf.mtasv.net include:_spf.google.com include:amazonses.com ~all

DNS records of sender domain "pm.mtasv.net":

v=spf1 include:spf.mtasv.net ~all
v=DMARC1; p=none; pct=100; rua=mailto:<email>,mailto:<email>; sp=none; aspf=r;

SPF of spf.mtasv.net:

v=spf1 ip4:50.31.156.96/27 ip4:104.245.209.192/26 ip4:50.31.205.0/24 ip4:147.160.158.0/24 ~all

Sender server IP 104.245.209.202 is in network 104.245.209.192/26 (spf of spf.mtasv.net).

According to its DMARC record aspf=r, this email should be passed. But it's actually rejected.

Client disabled OpenDMARC and received further emails from same sender and sender server, it's normal business emails like he received before (from same sender and sender server).

This is just one of the few similar incorrect rejections. As a temporarily solution, we have to ask clients to disable OpenDMARC until it's fixed by upstream and updated by Linux vendors via yum/apt repo.

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

@iredmail you are better of finding a replacement for this with something else that is better maintained as I have no clue if this is as master if from 2017. iRedmail needs to have a form of dmarc in it, this would be a good alternative and it has ML which is a really neat feature https://www.rspamd.com/doc/quickstart.html#the-rspamadm-command

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

also the docs for rspamd are good

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

You will want to use https://www.rspamd.com/announce/2019/10/28/rspamd-2.1.html this version as there was an issue with dkim in 2.0 which is fixed in 2.1

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

@iredmail you would need to add the ppa as this package is not installable by default https://www.rspamd.com/downloads.html

@L1ghtn1ng

This comment has been minimized.

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

@iredmail can do a lot of things this can and can replace a lot of things in iredmail with just this, very powerful and would be a awesome addition to iredmail

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 28, 2019

@jikamens

This comment has been minimized.

Copy link

@jikamens jikamens commented Oct 29, 2019

@L1ghtn1ng the aggressive proselytizing you are doing in an OpenDMARC issue about an entirely different software package is highly inappropriate. Even your first comment was slightly out-of-line, although it could perhaps be forgiven as an honest desire to help. But going on and on and on after that is just entirely over the line. Please cut it out.

@L1ghtn1ng

This comment has been minimized.

Copy link

@L1ghtn1ng L1ghtn1ng commented Oct 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.