[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Mail forwarding through a relay
From:       Dominic Raferd <dominic () timedicer ! co ! uk>
Date:       2019-09-12 7:31:29
Message-ID: CAF9Mo3Lig62kuqpo-hN5t8YUTFqTNxHdAxKvm=U4ZbxaDQAYgg () mail ! gmail ! com
[Download RAW message or body]

On Thu, 12 Sep 2019 at 10:24, Chris Wedgwood <cw@f00f.org> wrote:
> 
> > I have a postfix-3.2.6 system that acts as a mail server and
> > pop/imap using dovecot for a small domain. The problem is that
> > people are increasingly using it as a relay to a personal account,
> > such as Gmail and Yahoo.
> 
> perhaps i misunderstand
> 
> they are sending email from gmail/yahoo addresses from your MTA?  if
> so those will get blocked in many cases and marked as spam in many
> others
> 
> 
> for example with gmail:
> 
> _dmarc.gmail.com.       596     IN      TXT     "v=DMARC1; p=none; sp=quarantine; \
> rua=mailto:mailauth-reports@google.com" 
> gmail.com.              205     IN      TXT     "v=spf1 redirect=_spf.google.com"
> 
> _spf.google.com.        176     IN      TXT     "v=spf1 include:_netblocks.google.com \
> include:_netblocks2.google.com include:_netblocks3.google.com ~all" 
> ...
> 
> you MTA is not going to be included in any of those records, so you're
> MTA isn't a valid origin for @gmail.com and you're not going to be able to sign messages with a valid \
> (dkim) signature either. this is how spf/dmarc works


but note in the DMARC record that you quote: ' p=none': Gmail is
telling other servers *not* to block (or quarantine) emails from
@gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast:

# dig +short _dmarc.yahoo.com TXT
"v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua@yahoo.com;"


[prev in list] [next in list] [prev in thread] [next in thread]