• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved dmarc check on internal mail

Most of the hosting providers have some kind of administration software running in the background. So for example I can rewrite etc/resolv.conf automaticaly on startup. But in order for this functions to work, the servers have to be accessible over the preset hostnames or else these functions wont work.
This is what I suppose, I will call support tomorrow and let you know.

For today, I'm finished :)

Have a nice Feierabend and thanks for your assistance so far!
 
Hi Peter,

after some more digging, I found way to much settings to manually adjust the nameserver - usage at
Code:
Mail::SpamAssassin::DnsResolver
and
Code:
Net::DNS
, so I will not recommend a manual change something here.

I still recommend to change your hostname, though, which is very well possible at "Strato" - servers. ;)
 
Last edited by a moderator:
Hi Peter,
after some more digging, I found way to much settings to manually adjust the nameserver - usage at "Mail::SpamAssassin::DnsResolver" and "Net::DNS", so I will not recommend a manual change something here.

Actually spamassassin 3.4.0+ allows you to set which DNS servers spamassassin should use using the "dns_server" config item in your /etc/mail/spamassassin/local.cf:

NETWORK TEST OPTIONS
Mail::SpamAssassin::Conf - SpamAssassin configuration file

That way you can tell spamassassin to use your ISP DNS servers and still use Google DNS in your /etc/resolv.conf
 
Update: I disabled DMARC check for incomming mail for now. E-Mailed with support, will change hostname soon and report if the behavior changed.
 
Linked to this?

[PPPM-7190] DMARC is discarding (successful verified) mails

For internal mails ok, but for mails sent to external?

I have:

"554-Bad DNS PTR resource record"

"Emails from your email server were rejected because the PTR Resource Record (PTR-RR) of your IP address does not follow guidelines. Possible reasons for this can be:

  • The PTR-RR states that the IP address was dynamically allocated.
  • The PTR-RR is a generic standard entry of your provider. Please allocate an independent and fully qualified domain name (Fully Qualified Domain Name - FQDN) to your email server and enter the corresponding valid PTR-RR
A Reverse DNS entry or FQDN (Fully Qualified Domain Name or PTR-RR) is the unique name of an internet host. The FQDN can be used to discover the host's IP address. The Reverse DNS entry should be used as the HELO when sending emails."

and

"relay=mailin-04.mx.aol.com[152.163.0.68]:25, delay=2.1, delays=0.08/0/1.3/0.7, dsn=5.2.1, status=bounced (host mailin-04.mx.aol.com[152.163.0.68] said: 521 5.2.1 : (DMARC:F1) This message failed DMARC Evaluation and is being refused due to the policy provided by the From domain. (in reply to end of DATA command))"
 
Last edited:
"
Jan 14 15:36:39 sd-111173 dk_check[29658]: Starting the dk_check filter...
Jan 14 15:36:39 sd-111173 dk_check[29658]: DKIM verify result: Message is not signed
Jan 14 15:36:39 sd-111173 dmarc[29659]: Starting the dmarc filter...
Jan 14 15:36:39 sd-111173 dmarc[29659]: DMARC store policy from domain failed
Jan 14 15:36:39 sd-111173 dmarc[29659]: Unable to store SPF/DKIM results into DMARC library
Jan 14 15:36:39 sd-111173 postfix-local[29633]: Error during 'dmarc' handler
Jan 14 15:36:39 sd-111173 spamd[2301]: prefork: child states: II
Jan 14 15:36:39 sd-111173 check-quota[29665]: cannot get sender domain
Jan 14 15:36:39 sd-111173 check-quota[29665]: Unable to intialize check-quota mail handler
Jan 14 15:36:39 sd-111173 journal: plesk sendmail[29664]: Error during 'check-quota' handler"

All really seems disconfigured on the server.....
 
Back
Top