On 17.05.16 23:14 Thomas Carrie [via Exim4U General Discussion] wrote:
Hi,
If you send an email from any of your domain but foo.tld to a gmail account and have a look at the message header received in the gmail account, does the header report DKIM success such as:
Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@anybutfoo.tld; spf=pass (google.com: domain of [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=0> designates 92.132.12.72 as permitted sender)
Thomas
Hi, it says: Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@hostname.foo.tld; spf=pass (google.com: domain of user(a)domain.tld designates 2a01:xxx:xxx:xxx::2 as permitted sender) smtp.mailfrom=user(a)domain.tld; dmarc=pass (p=NONE dis=NONE) header.from=domain.tld It's more or less the result I expected. My (potential) problem is that DMARC seems to compare domain.tld's DKIM and therefore reports for all domains (but foo.tld): "No DMARC reports received yet which confirm DKIM signing." I'm not 100% sure this is an exim4u question at all so I appologize if I'm barking up the wrong tree. Just tell me to bugger off and bother another list. Just thought with exim(4u) sending the mails it might be a configuration thing. Not? How do you guys handle DMARC? I can't imagine everyone is using one SSL certificate per domain. thanks, Mika
On Tue, 17 May 2016 10:21:57 +0200 Kreuder <[hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=1>> wrote:
Hi everyone,
I'm currently giving DMARC a try and I'm wondering how to use it within my setup.
The domains that are hosted on my exim4u based installation all use mail.foo.tld as their imap and smtp server. That is because I require my customers to use SSL/TLS connections and this way I only have to manage one central certificate.
All domains have their SPF records and hostname.foo.tld has a valid DKIM record. So far so good.
But: DMARC (as far as I understand the whole process) seems to check each _domain_'s DKIM, right? And the way exim4u works (again: as far as I understand it) it's the server's DKIM that used to sign outgoing mail.
I signed up for dmarcian.com's DMARC reports -a service that collects and analyzes your DMARC reports- and it tells me that all domains (but foo.tld) lack DKIM signature.
I've set the DMARC policy to "none" for every domain so that shouldn't be a major problem for now. Still I'm wondering if there's a way to setup exim4u to sign mails using the domain's DKIM, not the server's.
Has anyone experience using DMARC? With or without exim4u? Am I missing something? Any tips or hints are highly appreciated.
thanks, Mika
_______________________________________________ users mailing list [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=2> https://exim4u.org/mailman/listinfo/users
_______________________________________________ users mailing list [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=3> https://exim4u.org/mailman/listinfo/users
------------------------------------------------------------------------ If you reply to this email, your message will be added to the discussion below: http://users.exim4u.org/Exim4u-and-DMARC-tp4023738p4023739.html To unsubscribe from Exim4U General Discussion, click here <http://users.exim4u.org/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1762531&code=bWtAc2luZ3VsYXIuZGV8MTc2MjUzMXwxODU5NzMyMjI=>. NAML <http://users.exim4u.org/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>