enekux
commented
6 years ago +1
But I think the proper lines to check in the logs would be:
-
SPF (postfix-policyd-spf-python): Jun 19 14:33:21 mx1 policyd-spf[32051]: None; .... Jun 19 14:32:53 mx1 policyd-spf[24854]: Pass; .... Jun 19 14:17:20 mx1 policyd-spf[20871]: Fail; .... Jun 19 14:35:59 mx1 policyd-spf[2315]: Softfail; ....
-
DKIM (opendkim): here I don't know if we can identify clearly enough different results, I see this type: Jun 19 14:37:39 mx1 opendkim[17499]: 17D581E2A0: bad signature data Jun 19 14:40:58 mx1 opendkim[17499]: D0B3F1E29A: message has signatures from kuponlandia.in, amazonses.com Jun 19 14:40:58 mx1 opendkim[17499]: D0B3F1E29A: s=mdpolsbwcxpptb7otdn73qg2km75bkhd d=kuponlandia.in SSL Jun 19 14:40:58 mx1 opendkim[17499]: 48E861E2A0: s=k1 d=oeaw.ac.at SSL error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
-
DMARC (opendmarc): Jun 19 14:38:21 mx1 opendmarc[1409]: F14AB1DDD0: domain.com none Jun 19 14:38:21 mx1 opendmarc[1409]: F14AB1DDD0: domain.com pass Jun 19 14:38:21 mx1 opendmarc[1409]: F14AB1DDD0: domain.com fail
To keep track about incoming/outgoing signed/validated/failed SPF and DKIM records it would be nice to have that feature in an upcoming sendmail report. A postscreen option would be nice too.
i.e. SPF + DKIM in:
Feb 14 09:38:17 mail amavis[25650]: (25650-04) Passed CLEAN {RelayedInbound}, [40.100.x.x]:33160 [40.100.x.x] xyz.abc@domain.com -> info@mydomain.com, Queue-ID: DFA8A20EA, Message-ID: VI1PR0302xxxxxxxxxAA3447319ACAF580@domain.com, mail_id: vxMxxxxxkbRF, Hits: -3.298, size: 16059, queued_as: BE1xxxx89F, dkim_sd=selector1-domain.com, 1837 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_MSPIKE_H2=-3.296,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001]
SPF in: Feb 15 14:26:45 mail amavis[25709]: (25709-15) Passed CLEAN {RelayedInbound}, [212.0.x.x]:63329 [192.168.0.1] info@domain.com -> info@mydomain.com, Queue-ID: 40Dxxx8A1, Message-ID: 462E4E98-2B0B-xxxx-xxxx-58F678236C6D@gmx.net, mail_id: brShxxxxx3y1, Hits: -0.201, size: 2002, queued_as: 2FCxxxx9D5, 1815 ms, Tests: [FREEMAIL_FROM=0.001,RCVD_IN_DNSWL_LOW=-0.7,RCVD_IN_SORBS_SPAM=0.5,RP_MATCHES_RCVD=-0.001,SPF_PASS=-0.001]
Postscreen: Feb 20 19:56:34 v19368 postfix/postscreen[20462]: CONNECT from [216.x.x.x]:53699 to [31.x.x.x]:25
I've been using a policy deamon for postgreying called iredapd form the iRedMail project. Would be nice to add this daemon as well to the sendmailreport.
The logs look like this: Feb 20 19:12:58 mail postfix/postscreen[11395]: PASS NEW [216.x.x.x]:51520 ... Feb 20 19:22:29 mail postfix/postscreen[14248]: PASS OLD [216.x.x.x]:51992 Feb 20 19:22:29 mail postfix/smtpd[14249]: NOQUEUE: reject: RCPT from www4.checktls.com[216.x.x.x]: 451 4.7.1 info@mydomain.com: Recipient address rejected: Intentional policy rejection, please try again later; from=test@assuretls.checktls.com to=info@mydomain.com proto=ESMTP helo=
...
Feb 20 19:56:34 mail postfix/postscreen[20462]: CONNECT from [216.68.85.112]:53699 to [31.172.95.219]:25
Feb 20 19:56:34 mail postfix/postscreen[20462]: PASS OLD [216.x.x.x]:53699
Feb 20 19:56:34 mail postfix/smtpd[20463]: connect from www4.checktls.com[216.x.x.x]
Feb 20 19:56:34 mail postfix/smtpd[20463]: Anonymous TLS connection established from www4.checktls.com[216.x.x.x]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)