Resolved dmarc check on internal mail

[Peter]

Most of the hosting providers have some kind of administration software running in the background. So for example I can rewrite etc/resolv.conf automaticaly on startup. But in order for this functions to work, the servers have to be accessible over the preset hostnames or else these functions wont work.
This is what I suppose, I will call support tomorrow and let you know.

For today, I'm finished

Have a nice Feierabend and thanks for your assistance so far!

 

[UFHH01]

Hi Peter,

after some more digging, I found way to much settings to manually adjust the nameserver - usage at

Mail::SpamAssassin::DnsResolver

and

Net::DNS

, so I will not recommend a manual change something here.

I still recommend to change your hostname, though, which is very well possible at "Strato" - servers.

 

[danami]

Hi Peter,
after some more digging, I found way to much settings to manually adjust the nameserver - usage at "Mail::SpamAssassin:nsResolver" and "Net:NS", so I will not recommend a manual change something here.

Actually spamassassin 3.4.0+ allows you to set which DNS servers spamassassin should use using the "dns_server" config item in your /etc/mail/spamassassin/local.cf:

NETWORK TEST OPTIONS
Mail::SpamAssassin::Conf - SpamAssassin configuration file

That way you can tell spamassassin to use your ISP DNS servers and still use Google DNS in your /etc/resolv.conf

 

[Peter]

Update: I disabled DMARC check for incomming mail for now. E-Mailed with support, will change hostname soon and report if the behavior changed.

 

[GravuTrad]

Any news about how to solve it with dmark activated?

 

[GravuTrad]

Linked to this?

[PPPM-7190] DMARC is discarding (successful verified) mails

For internal mails ok, but for mails sent to external?

I have:

"554-Bad DNS PTR resource record"

"Emails from your email server were rejected because the PTR Resource Record (PTR-RR) of your IP address does not follow guidelines. Possible reasons for this can be:

• The PTR-RR states that the IP address was dynamically allocated.
• The PTR-RR is a generic standard entry of your provider. Please allocate an independent and fully qualified domain name (Fully Qualified Domain Name - FQDN) to your email server and enter the corresponding valid PTR-RR

A Reverse DNS entry or FQDN (Fully Qualified Domain Name or PTR-RR) is the unique name of an internet host. The FQDN can be used to discover the host's IP address. The Reverse DNS entry should be used as the HELO when sending emails."

and

"relay=mailin-04.mx.aol.com[152.163.0.68]:25, delay=2.1, delays=0.08/0/1.3/0.7, dsn=5.2.1, status=bounced (host mailin-04.mx.aol.com[152.163.0.68] said: 521 5.2.1 : (DMARC:F1) This message failed DMARC Evaluation and is being refused due to the policy provided by the From domain. (in reply to end of DATA command))"

 

[GravuTrad]

No ideas to solve these dmarc problems?

 

[GravuTrad]

"
Jan 14 15:36:39 sd-111173 dk_check[29658]: Starting the dk_check filter...
Jan 14 15:36:39 sd-111173 dk_check[29658]: DKIM verify result: Message is not signed
Jan 14 15:36:39 sd-111173 dmarc[29659]: Starting the dmarc filter...
Jan 14 15:36:39 sd-111173 dmarc[29659]: DMARC store policy from domain failed
Jan 14 15:36:39 sd-111173 dmarc[29659]: Unable to store SPF/DKIM results into DMARC library
Jan 14 15:36:39 sd-111173 postfix-local[29633]: Error during 'dmarc' handler
Jan 14 15:36:39 sd-111173 spamd[2301]: prefork: child states: II
Jan 14 15:36:39 sd-111173 check-quota[29665]: cannot get sender domain
Jan 14 15:36:39 sd-111173 check-quota[29665]: Unable to intialize check-quota mail handler
Jan 14 15:36:39 sd-111173 journal: plesk sendmail[29664]: Error during 'check-quota' handler"

All really seems disconfigured on the server.....

 

[GravuTrad]

None can help?