tickets #111902
openDMARC check failing
0%
Description
Hello team,
We got couple of reports from SUSE users on emails from openSUSE domain being held by mimecast. The reason for that is DNS Authentication: DMARC Fail.
Some details below:
[cid:image001.png@01D875A3.95603960]
[cid:image002.png@01D875A3.A0D19B40]
It looks like DMARC policy is actively asking for quarantining the email on the recipient side.
Could you review configuration on openSUSE mail setup side? Looks like similar issue was already reported in (https://sd.suse.com/browse/SD-87808)
Thank you
Simona
--
Simona Fornusek (Buchovecka)
Cybersecurity Design & Engineering
Files
Updated by pjessen over 2 years ago
- Category set to Email
- Private changed from Yes to No
The DMARC record for opensuse.org is:
v=DMARC1; p=none; pct=100; rua=mailto:admin-auto@opensuse.org!5m; ruf=mailto:admin-auto@opensuse.org!5m
I.e. no policy for all mails.
The SPF record for lists.opensuse.org is:
v=spf1 mx a:proxy-nue1.opensuse.org a:proxy-nue2.opensuse.org ip6:2001:67c:2178:8::/64 ~all
A mail from mailman (lists.opensuse.org) should get an SPF PASS. I don't see how it could get a SOFTFAIL.
Updated by sbuchovecka over 2 years ago
It is probably the policy of pm.me (as from Header From).
Simona
From: redmine@opensuse.org redmine@opensuse.org
Date: Wednesday, 1 June 2022 11:18
To:
Subject: [openSUSE admin - tickets #111902] DMARC check failing
[openSUSE Tracker]
Issue #111902 has been updated by pjessen.
Category set to Email
Private changed from Yes to No
The DMARC record for opensuse.org is:
v=DMARC1; p=none; pct=100; rua=mailto:admin-auto@opensuse.org!5m; ruf=mailto:admin-auto@opensuse.org!5m
I.e. no policy for all mails.
The SPF record for lists.opensuse.org is:
v=spf1 mx a:proxy-nue1.opensuse.org a:proxy-nue2.opensuse.org ip6:2001:67c:2178:8::/64 ~all
A mail from mailman (lists.opensuse.org) should get an SPF PASS. I don't see how it could get a SOFTFAIL.
tickets #111902: DMARC check failing
https://progress.opensuse.org/issues/111902#change-524792
- Author: sbuchovecka
- Status: New
- Priority: Normal
- Assignee:
- Category: Email
* Target version:¶
Hello team,
We got couple of reports from SUSE users on emails from openSUSE domain being held by mimecast. The reason for that is DNS Authentication: DMARC Fail.
Some details below:
[cid:image001.png@01D875A3.95603960]
[cid:image002.png@01D875A3.A0D19B40]
It looks like DMARC policy is actively asking for quarantining the email on the recipient side.
Could you review configuration on openSUSE mail setup side? Looks like similar issue was already reported in (https://sd.suse.com/browse/SD-87808)
Thank you
Simona
--
Simona Fornusek (Buchovecka)
Cybersecurity Design & Engineering
---Files--------------------------------
image001.png (38 KB)
image002.png (23.2 KB)
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://progress.opensuse.org/my/account
Updated by pjessen over 2 years ago
I see the initial mail on the factory list, when received on my own system, it has SPF_PASS (from spamassassin). The follow-up at 20:20 also has SPF_PASS. However, when the mail was sent to gmail recipients, Google also said '250 2.0.0 OK DMARC:Quarantine'.
It is probably the policy of pm.me (as from Header From).
Confirm, "pm.me" has 'v=DMARC1; p=quarantine;' ....
Updated by pjessen over 2 years ago
- Due date set to 2022-06-06
- Status changed from New to In Progress
Mailman does have the option of "DMARC mitigation" which involves munging the From: header, for instance. It may be activated in general or only for domains which have a DMARC policy of reject or quarantine.
In the past 90 days, some 6615 deliveries were quarantined by Google, although only 321 actual mails. Because it is based on the From: header, I can't tell what the actual sending domains were. Remarkably, no one has complained before :-)
I guess it won't hurt too activate DMARC mitigation for e.g. factory.lists and see what happens. I won't do it right now, as I am away for the next few days.