Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
ivan  
#1 Posted : Sunday, May 1, 2011 5:22:03 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
DKIM Test
http://www.appmaildev.com/en/dkim/

DomainKeys Test
http://www.appmaildev.com/en/domainkeys/

SPF Test
http://www.appmaildev.com/en/spf/


If you have any comments or questions about this tool, please add your comments here.

Edited by user Sunday, May 1, 2011 11:04:24 PM(UTC)  | Reason: Not specified

dachande  
#2 Posted : Friday, January 24, 2014 4:34:05 AM(UTC)
dachande

Rank: Newbie

Groups: Registered
Joined: 1/24/2014(UTC)
Posts: 1
Germany

Hi,

I tried to use your DKIM Signature Test Tool, but unfortunatly your mailserver (mail.appmaildev.com) tries to identify with an untrusted certificate, so your server got greylistet.

Here is a short excerpt from my postfix logs:
Code:

Jan 24 13:12:40 v3-1090 postfix/smtp(20388): certificate verification failed for mail.appmaildev.com(69.89.227.121):25: untrusted issuer /CN=AdminSystem Root
Jan 24 13:12:41 v3-1090 postfix/smtp(20388): A0F2C140E6D: to=<AAAA3gcBGAcA@appmaildev.com>, relay=mail.appmaildev.com(69.89.227.121):25, delay=2, delays=0.82/0/0.86/0.31, dsn=2.6.0, status=sent (250 2.6.0  <c3d209ac8e494f3eb51adfba4c5f5bec@internal*****.de> Queued mail for delivery)


Although the message gets out your server is (of course) added to postgreys geylist so your reply doesn't get through:

Code:

Jan 24 13:12:43 v3-1090 postfix/smtpd(20468): connect from mail.emailarchitect.net(69.89.227.124)
Jan 24 13:12:45 v3-1090 postgrey(8687): action=greylist, reason=new, client_name=mail.emailarchitect.net, client_address=69.89.227.124, sender=auth-report@appmaildev.com, recipient=andromeda@wurst****.de
Jan 24 13:12:45 v3-1090 postfix/smtpd(20468): NOQUEUE: reject: RCPT from mail.emailarchitect.net(69.89.227.124): 450 4.2.0 <andromeda@wurst****.de>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/wurst****.de.html; from=<auth-report@appmaildev.com> to=<andromeda@wurst****.de> proto=ESMTP helo=<mail.appmaildev.com>
Jan 24 13:12:45 v3-1090 postfix/smtpd(20468): disconnect from mail.emailarchitect.net(69.89.227.124)


I'm trying to temporary disable greylisting on my side, but you should consider changing to a valid certificate soon.

Cheers
Dachande

Edited by user Friday, January 24, 2014 4:37:52 AM(UTC)  | Reason: Not specified

ivan  
#3 Posted : Friday, January 24, 2014 8:12:41 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)

Thank your valuable comments, we will consider to get a certificate for SMTP service.
flajzi  
#4 Posted : Tuesday, March 20, 2018 12:09:13 PM(UTC)
flajzi

Rank: Newbie

Groups: Registered
Joined: 3/20/2018(UTC)
Posts: 2
Czech Republic

Thanks: 1 times
Was thanked: 1 time(s) in 1 post(s)
Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From: user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:

_dmarc.company.com (Root User): Non-Record
Received-SPF: pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=company.com (Root User);

Edited by user Tuesday, March 20, 2018 12:09:57 PM(UTC)  | Reason: Not specified

thanks 1 user thanked flajzi for this useful post.
ivan on 3/20/2018(UTC)
ivan  
#5 Posted : Tuesday, March 20, 2018 5:35:49 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: flajzi Go to Quoted Post
Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From: user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:

_dmarc.company.com (Root User): Non-Record
Received-SPF: pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=company.com (Root User);



yes, it is a bug to parse email address with comments. we will fix it at next version (in one week).
ivan  
#6 Posted : Wednesday, March 21, 2018 12:02:28 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: flajzi Go to Quoted Post
Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From: user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:

_dmarc.company.com (Root User): Non-Record
Received-SPF: pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=company.com (Root User);


Hi, the issue about email address with comment part has been fixed, you can try it again, thank you very much.
thanks 1 user thanked ivan for this useful post.
flajzi on 3/22/2018(UTC)
flajzi  
#7 Posted : Thursday, March 22, 2018 12:04:06 AM(UTC)
flajzi

Rank: Newbie

Groups: Registered
Joined: 3/20/2018(UTC)
Posts: 2
Czech Republic

Thanks: 1 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: ivan Go to Quoted Post

Hi, the issue about email address with comment part has been fixed, you can try it again, thank you very much.


It works now perfectly. Thank you very much!
petyy  
#8 Posted : Monday, May 6, 2019 3:12:13 AM(UTC)
petyy

Rank: Newbie

Groups: Registered
Joined: 5/6/2019(UTC)
Posts: 1
Czech Republic

Hello. It looks like your parser is case insensitive for DKIM tags. I found out that TXT record with P= instead of p= passes as correct, which by RFC shouldn't be ok... Can you fix that, please? :)
ivan  
#9 Posted : Monday, May 6, 2019 6:05:24 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: petyy Go to Quoted Post
Hello. It looks like your parser is case insensitive for DKIM tags. I found out that TXT record with P= instead of p= passes as correct, which by RFC shouldn't be ok... Can you fix that, please? :)


Quote:

From DKIM RFC:

Tags MUST be interpreted in a case-sensitive manner. Values MUST be
processed as case sensitive unless the specific tag description of
semantics specifies case insensitivity.

You're right, we used case-insensitive comparison for tags in public key. We will fix it at next release.
psychonaut  
#10 Posted : Tuesday, December 17, 2019 2:07:26 AM(UTC)
psychonaut

Rank: Newbie

Groups: Registered
Joined: 12/17/2019(UTC)
Posts: 5

hi hope you are well.

i dont think your tool is dealing with subdomains properly - when i analyse my header i find that dmarc passes, but when i send a test email to you your tool says that there is no dmarc record for the domain.

the dmarc record exists on the domain, and i am sending out on a subdomain of it.

as far as i am aware, if there is no explicit dmarc record for a subdomain, it looks to the ultimate parent domain.

so, i.e.
i am sending out as something@x.y.z.domain.tld
and the dmarc record exists on domain.tld

the tool should, once it finds no dmarc record on x.y.z.domain.tld go and look at the dmarc record for domain.tld but i dont think it is doing this.

i can provide headers and the response from the tool if you like but i dont want to post them publicly

ivan  
#11 Posted : Tuesday, December 17, 2019 2:31:08 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: psychonaut Go to Quoted Post
hi hope you are well.

i dont think your tool is dealing with subdomains properly - when i analyse my header i find that dmarc passes, but when i send a test email to you your tool says that there is no dmarc record for the domain.

the dmarc record exists on the domain, and i am sending out on a subdomain of it.

as far as i am aware, if there is no explicit dmarc record for a subdomain, it looks to the ultimate parent domain.

so, i.e.
i am sending out as something@x.y.z.domain.tld
and the dmarc record exists on domain.tld

the tool should, once it finds no dmarc record on x.y.z.domain.tld go and look at the dmarc record for domain.tld but i dont think it is doing this.

i can provide headers and the response from the tool if you like but i dont want to post them publicly



thank you very much, we will try to improve it at next version.
psychonaut  
#12 Posted : Tuesday, December 17, 2019 2:33:03 AM(UTC)
psychonaut

Rank: Newbie

Groups: Registered
Joined: 12/17/2019(UTC)
Posts: 5

can you confirm if i am correct that the tool does not work properly in the case of subdomains please? because if it does work properly then i need to find out what the problem is with my email system...
ivan  
#13 Posted : Tuesday, December 17, 2019 4:49:22 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: psychonaut Go to Quoted Post
can you confirm if i am correct that the tool does not work properly in the case of subdomains please? because if it does work properly then i need to find out what the problem is with my email system...


From DMARC rfc, our tool doesn't query Organizational Domain while sub domain policy is empty, that is our tool bug.

Code:

Quote from:  RFC 7489                          DMARC                       March 2015

6.6.3.  Policy Discovery

   As stated above, the DMARC mechanism uses DNS TXT records to
   advertise policy.  Policy discovery is accomplished via a method
   similar to the method used for SPF records.  This method, and the
   important differences between DMARC and SPF mechanisms, are discussed
   below.

   To balance the conflicting requirements of supporting wildcarding,
   allowing subdomain policy overrides, and limiting DNS query load, the
   following DNS lookup scheme is employed:

   1.  Mail Receivers MUST query the DNS for a DMARC TXT record at the
       DNS domain matching the one found in the RFC5322.From domain in
       the message.  A possibly empty set of records is returned.

   2.  Records that do not start with a "v=" tag that identifies the
       current version of DMARC are discarded.

   3.  If the set is now empty, the Mail Receiver MUST query the DNS for
       a DMARC TXT record at the DNS domain matching the Organizational
       Domain in place of the RFC5322.From domain in the message (if
       different).  This record can contain policy to be asserted for
       subdomains of the Organizational Domain.  A possibly empty set of
       records is returned.

   4.  Records that do not start with a "v=" tag that identifies the
       current version of DMARC are discarded.

   5.  If the remaining set contains multiple records or no records,
       policy discovery terminates and DMARC processing is not applied
       to this message.

   6.  If a retrieved policy record does not contain a valid "p" tag, or
       contains an "sp" tag that is not valid, then:
psychonaut  
#14 Posted : Tuesday, December 17, 2019 4:50:36 AM(UTC)
psychonaut

Rank: Newbie

Groups: Registered
Joined: 12/17/2019(UTC)
Posts: 5

phew! thats great, that means the problem is for you and not for me!

ok, let me know when you fix it please.
ivan  
#15 Posted : Monday, December 23, 2019 1:12:03 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: psychonaut Go to Quoted Post
phew! thats great, that means the problem is for you and not for me!

ok, let me know when you fix it please.


Hi, we have fixed this problem, you can try it now.
psychonaut  
#16 Posted : Monday, December 23, 2019 1:15:34 AM(UTC)
psychonaut

Rank: Newbie

Groups: Registered
Joined: 12/17/2019(UTC)
Posts: 5

doesn't work i'm afraid
ivan  
#17 Posted : Tuesday, December 24, 2019 6:38:28 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: psychonaut Go to Quoted Post
doesn't work i'm afraid


could you download and send the report to support@emailarchitect.net so that I can have a check?
psychonaut  
#18 Posted : Monday, January 6, 2020 10:18:50 AM(UTC)
psychonaut

Rank: Newbie

Groups: Registered
Joined: 12/17/2019(UTC)
Posts: 5

done, email sent. i think you may have fixed the issue in the meantime though!
pabujgl  
#19 Posted : Wednesday, September 18, 2024 6:55:01 AM(UTC)
pabujgl

Rank: Newbie

Groups: Registered
Joined: 9/18/2024(UTC)
Posts: 1
Germany

Hi there!

Is there any way to give the correct ip address of the source ip into the copied eml file? Or could you maybe add an ip field where we could enter the source ip address. At the moment just every mail i copy tells me, that SPF is wrong, because he takes 127.0.0.2 as source ip.

Thank you very much,

Patrick
ivan  
#20 Posted : Thursday, September 19, 2024 3:38:54 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: pabujgl Go to Quoted Post
Hi there!

Is there any way to give the correct ip address of the source ip into the copied eml file? Or could you maybe add an ip field where we could enter the source ip address. At the moment just every mail i copy tells me, that SPF is wrong, because he takes 127.0.0.2 as source ip.

Thank you very much,

Patrick


The source IP is parsed from the received header:
for example:
Code:

Received: from mta195c.pmx1.senderdomain.com (142.54.247.195) by
 CH3PEPF00000011.mail.protection.outlook.com (10.167.244.116) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.8005.1 via Frontend Transport; Wed, 18 Sep 2024 01:28:04 +0000


then 142.54.247.195 is the source address, so you should add such received header to indicate the correct source IP address if you test the email with upload.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.200 seconds.

EXPLORE TUTORIALS

© All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.