Rank: Administration
Groups: Administrators
Thanks: 9 times
Rank: Newbie
Groups: Registered
Joined: 1/24/2014(UTC)
Posts: 1
Hi,
I tried to use your DKIM Signature Test Tool, but unfortunatly your mailserver (mail.appmaildev.com) tries to identify with an untrusted certificate, so your server got greylistet.
Here is a short excerpt from my postfix logs:
Code:
Jan 24 13:12:40 v3-1090 postfix/smtp(20388): certificate verification failed for mail.appmaildev.com(69.89.227.121):25: untrusted issuer /CN=AdminSystem Root
Jan 24 13:12:41 v3-1090 postfix/smtp(20388): A0F2C140E6D: to=<AAAA3gcBGAcA@appmaildev.com>, relay=mail.appmaildev.com(69.89.227.121):25, delay=2, delays=0.82/0/0.86/0.31, dsn=2.6.0, status=sent (250 2.6.0 <c3d209ac8e494f3eb51adfba4c5f5bec@internal*****.de> Queued mail for delivery)
Although the message gets out your server is (of course) added to postgreys geylist so your reply doesn't get through:
Code:
Jan 24 13:12:43 v3-1090 postfix/smtpd(20468): connect from mail.emailarchitect.net(69.89.227.124)
Jan 24 13:12:45 v3-1090 postgrey(8687): action=greylist, reason=new, client_name=mail.emailarchitect.net, client_address=69.89.227.124, sender=auth-report@appmaildev.com, recipient=andromeda@wurst****.de
Jan 24 13:12:45 v3-1090 postfix/smtpd(20468): NOQUEUE: reject: RCPT from mail.emailarchitect.net(69.89.227.124): 450 4.2.0 <andromeda@wurst****.de>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/wurst****.de.html; from=<auth-report@appmaildev.com> to=<andromeda@wurst****.de> proto=ESMTP helo=<mail.appmaildev.com>
Jan 24 13:12:45 v3-1090 postfix/smtpd(20468): disconnect from mail.emailarchitect.net(69.89.227.124)
I'm trying to temporary disable greylisting on my side, but you should consider changing to a valid certificate soon.
Cheers
Dachande
Edited by user Friday, January 24, 2014 4:37:52 AM(UTC)
| Reason: Not specified
Rank: Administration
Groups: Administrators
Thanks: 9 times
Rank: Newbie
Groups: Registered
Joined: 3/20/2018(UTC)
Posts: 2
Thanks: 1 times
Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From:
user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:
_dmarc.company.com (Root User) : Non-Record
Received-SPF: pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=
company.com (Root User) ;
Edited by user Tuesday, March 20, 2018 12:09:57 PM(UTC)
| Reason: Not specified
1 user thanked flajzi for this useful post.
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: flajzi Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From:
user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:
_dmarc.company.com (Root User) : Non-Record
Received-SPF: pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=
company.com (Root User) ;
yes, it is a bug to parse email address with comments. we will fix it at next version (in one week).
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: flajzi Hello,
it seems your DMARC parser in DKIM test cannot correctly process parentheses (or it doesn't ignore all characters after e-mail) in From: field. When my Postfix server sends an e-mail with header "From:
user@company.com (Root User)" instead of "From: Root User <user@company.com>, your DMARC test script shows this:
_dmarc.company.com (Root User) : Non-Record
Received-SPF: pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4
Authentication-Results: appmaildev.com;
dkim=pass header.d=mail.company.com;
spf=pass (appmaildev.com: domain of
user@company.com designates 15.9.17.4 as permitted sender) client-ip=15.9.17.4;
dmarc=permerror (adkim=r aspf=r p=none) header.from=
company.com (Root User) ;
Hi, the issue about email address with comment part has been fixed, you can try it again, thank you very much.
1 user thanked ivan for this useful post.
Rank: Newbie
Groups: Registered
Joined: 3/20/2018(UTC)
Posts: 2
Thanks: 1 times
Originally Posted by: ivan
It works now perfectly. Thank you very much!
Rank: Newbie
Groups: Registered
Joined: 5/6/2019(UTC)
Posts: 1
Hello. It looks like your parser is case insensitive for DKIM tags. I found out that TXT record with P= instead of p= passes as correct, which by RFC shouldn't be ok... Can you fix that, please? :)
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: petyy Hello. It looks like your parser is case insensitive for DKIM tags. I found out that TXT record with P= instead of p= passes as correct, which by RFC shouldn't be ok... Can you fix that, please? :)
Quote:
You're right, we used case-insensitive comparison for tags in public key. We will fix it at next release.
Rank: Newbie
Groups: Registered
hi hope you are well.
i dont think your tool is dealing with subdomains properly - when i analyse my header i find that dmarc passes, but when i send a test email to you your tool says that there is no dmarc record for the domain.
the dmarc record exists on the domain, and i am sending out on a subdomain of it.
as far as i am aware, if there is no explicit dmarc record for a subdomain, it looks to the ultimate parent domain.
so, i.e.
i am sending out as
something@x.y.z.domain.tld and the dmarc record exists on domain.tld
the tool should, once it finds no dmarc record on x.y.z.domain.tld go and look at the dmarc record for domain.tld but i dont think it is doing this.
i can provide headers and the response from the tool if you like but i dont want to post them publicly
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: psychonaut hi hope you are well.
i dont think your tool is dealing with subdomains properly - when i analyse my header i find that dmarc passes, but when i send a test email to you your tool says that there is no dmarc record for the domain.
the dmarc record exists on the domain, and i am sending out on a subdomain of it.
as far as i am aware, if there is no explicit dmarc record for a subdomain, it looks to the ultimate parent domain.
so, i.e.
i am sending out as
something@x.y.z.domain.tld and the dmarc record exists on domain.tld
the tool should, once it finds no dmarc record on x.y.z.domain.tld go and look at the dmarc record for domain.tld but i dont think it is doing this.
i can provide headers and the response from the tool if you like but i dont want to post them publicly
thank you very much, we will try to improve it at next version.
Rank: Newbie
Groups: Registered
can you confirm if i am correct that the tool does not work properly in the case of subdomains please? because if it does work properly then i need to find out what the problem is with my email system...
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: psychonaut can you confirm if i am correct that the tool does not work properly in the case of subdomains please? because if it does work properly then i need to find out what the problem is with my email system...
From DMARC rfc, our tool doesn't query Organizational Domain while sub domain policy is empty, that is our tool bug.
Code:
Quote from: RFC 7489 DMARC March 2015
6.6.3. Policy Discovery
As stated above, the DMARC mechanism uses DNS TXT records to
advertise policy. Policy discovery is accomplished via a method
similar to the method used for SPF records. This method, and the
important differences between DMARC and SPF mechanisms, are discussed
below.
To balance the conflicting requirements of supporting wildcarding,
allowing subdomain policy overrides, and limiting DNS query load, the
following DNS lookup scheme is employed:
1. Mail Receivers MUST query the DNS for a DMARC TXT record at the
DNS domain matching the one found in the RFC5322.From domain in
the message. A possibly empty set of records is returned.
2. Records that do not start with a "v=" tag that identifies the
current version of DMARC are discarded.
3. If the set is now empty, the Mail Receiver MUST query the DNS for
a DMARC TXT record at the DNS domain matching the Organizational
Domain in place of the RFC5322.From domain in the message (if
different). This record can contain policy to be asserted for
subdomains of the Organizational Domain. A possibly empty set of
records is returned.
4. Records that do not start with a "v=" tag that identifies the
current version of DMARC are discarded.
5. If the remaining set contains multiple records or no records,
policy discovery terminates and DMARC processing is not applied
to this message.
6. If a retrieved policy record does not contain a valid "p" tag, or
contains an "sp" tag that is not valid, then:
Rank: Newbie
Groups: Registered
phew! thats great, that means the problem is for you and not for me!
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: psychonaut phew! thats great, that means the problem is for you and not for me!
Hi, we have fixed this problem, you can try it now.
Rank: Newbie
Groups: Registered
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: psychonaut doesn't work i'm afraid
could you download and send the report to
support@emailarchitect.net so that I can have a check?
Rank: Newbie
Groups: Registered
done, email sent. i think you may have fixed the issue in the meantime though!
Rank: Newbie
Groups: Registered
Joined: 9/18/2024(UTC)
Posts: 1
Hi there!
Rank: Administration
Groups: Administrators
Thanks: 9 times
Originally Posted by: pabujgl Hi there!
The source IP is parsed from the received header:
for example:
Code:
Received: from mta195c.pmx1.senderdomain.com (142.54.247.195) by
CH3PEPF00000011.mail.protection.outlook.com (10.167.244.116) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8005.1 via Frontend Transport; Wed, 18 Sep 2024 01:28:04 +0000
then 142.54.247.195 is the source address, so you should add such received header to indicate the correct source IP address if you test the email with upload.
Forum Jump
EmailArchitect Support
Email Component Development
- EASendMail SMTP Component - .NET Version
- EASendMail SMTP Component - Windows Store Apps
- EASendMail SMTP ActiveX Object
- EAGetMail POP3 & IMAP4 Component - .NET Version
- EAGetMail POP3 & IMAP4 ActiveX Object
Exchange Server and IIS SMTP Plugin
- DomanKeys/DKIM for Exchange Server and IIS SMTP
- Disclaimer and S/MIME for Exchange Server and IIS
EmailArchitect Email Server
- EmailArchitect Email Server (General)
- EmailArchitect Email Server Development
You cannot post new topics in this forum.
cannot reply to topics in this forum.
cannot delete your posts in this forum.
cannot edit your posts in this forum.
cannot create polls in this forum.
cannot vote in polls in this forum.
