Question How To Bypass SPF/DKIM/DMARC Checks For Local Mail

[IanScott]

For various reasons, I have very strict SPF & DMARC dns records. I would like to keep them that way but has created a problem with local mail - for example, a form being filled out that should then send a notification to an email address on the same server.

What is happening is that Postfix picks up the mail from localhost IP :11 and ultimate the message is rejected. Logfile looks like this:

Oct 30 15:42:41 argo postfix/pickup[17071]: 1956868BA: uid=10027 from=<[email protected]>
Oct 30 15:42:41 argo postfix/cleanup[31067]: 1956868BA: message-id=<[email protected]>
Oct 30 15:42:41 argo postfix/qmgr[28869]: 1956868BA: from=<[email protected]>, size=9374, nrcpt=1 (queue active)
Oct 30 15:42:41 argo postfix-local[31070]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Oct 30 15:42:41 argo spamassassin[31071]: Starting the spamassassin filter...
Oct 30 15:42:41 argo spamd[2091]: spamd: connection from localhost [::1]:53830 to port 783, fd 6
Oct 30 15:42:41 argo spamd[2091]: spamd: using default config for [email protected]: /var/qmail/mailnames/MYDOMAIN.com/ian/.spamassassin/user_prefs
Oct 30 15:42:41 argo spamd[2091]: spamd: processing message <[email protected]> for [email protected]:30
Oct 30 15:42:41 argo spamd[2091]: spamd: clean message (0.2/6.0) for [email protected]:30 in 0.2 seconds, 9342 bytes.
Oct 30 15:42:41 argo spamd[2091]: spamd: result: . 0 - BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_RELAYS,TO_NO_BRKTS_HTML_ONLY,URIBL_BLOCKED scantime=0.2,size=9342,[email protected],uid=30,required_score=6.0,rhost=localhos\
t,raddr=::1,rport=53830,mid=<[email protected]>,bayes=0.000079,autolearn=no autolearn_force=no
Oct 30 15:42:41 argo dk_check[31073]: Starting the dk_check filter...
Oct 30 15:42:41 argo dk_check[31073]: DKIM verify result: DKIM Feed: No signature
Oct 30 15:42:41 argo dmarc[31074]: Starting the dmarc filter...
Oct 30 15:42:41 argo dmarc[31074]: SPF record was not found in Authentication-Results:
Oct 30 15:42:41 argo spamd[22146]: prefork: child states: II
Oct 30 15:42:41 argo dmarc[31074]: DMARC: REJECT message for [email protected]
Oct 30 15:42:41 argo postfix-local[31070]: message discarded by a mail handler

+++++++++++++++

I am trying to figure out the best way to deal with this - something in spamassassin rules somewhere? In Postfix?

 

[IanScott]

Does anyone have any ideas on this?

 

[IanScott]

Okay - just in case anyone else has run into this, it appears this is related to a know bug (I think):

Emails that are sent locally inside the server are rejected with "DMARC: REJECT message" or "DMARC: message moved to QUARANTINE"

I am not sure the "workaround 1" is such a great idea as it seems it would then allow spoofing of the domain name.

 

[G J Piper]

I had this problem. I had to set the form to add a custom header to its email output: "X-Custom-User-Agent: MY_CUSTOM_FORM" in whatever form software you're using. Wordpress forms usually have a field you can customize for this, or you can code one yourself if you have a custom form script.

Then I configured a global dovecot sieve rule that would recognize my custom header and bypass the quarantine.

Here are instructions for creating a global sieve:
Resolved - Global Dovecot Sieve Rule?

And this is what the sieve should contain:

require ["body","fileinto"];

if anyof (header :contains "X-Custom-User-Agent" "MY_CUSTOM_FORM")
{
   fileinto "INBOX";
   stop;
}