search

usmannasir / cyberpanel

Cyber Panel - The hosting control panel for OpenLiteSpeed
GNU General Public License v3.0
1.53k stars 591 forks source link

[BUG] DNS DMARC adding wrong text #1191

Closed eakteam closed 8 months ago

eakteam commented 8 months ago

When creating a website, subdomain DNS adds following line in DMARC Policy:

TXT _dmarc.example.com 3600 v=DMARC1; p=none

But the Cloudflare give a warning about policy not formated correctly and the issue is because of missin ; at the end of v=DMARC1; p=none. It should be like v=DMARC1; p=none;

Still this approach is not the best one since it gives warning in emails because of DMARC Policy set to none, and because of that i think that the best option is to automatically create default in following format:

TXT _dmarc.example.com 3600 v=DMARC1; p=quarantine;

Tested with the last configuration, and everything is OK. But if we have a lot of websites/domains/subdomains it is very time consuming to do this config manually for each of them since it should be edited manually in both Cyber Panel DNS and Cloudflare Sync.

eakteam commented 8 months ago

@usmannasir should be better with p=quarantine; instead of p=none; ?

master3395 commented 8 months ago

@usmannasir should be better with p=quarantine; instead of p=none; ?

The reason we use none instead of quarantine is because the emails that get quarantined, still get sent to SnappyMail, but if you put "quarantine", it will not even get to SnappyMail. You can have a filter within SnappyMail for Quarantine.

eakteam commented 8 months ago

@usmannasir should be better with p=quarantine; instead of p=none; ?

The reason we use none instead of quarantine is because the emails that get quarantined, still get sent to SnappyMail, but if you put "quarantine", it will not even get to SnappyMail. You can have a filter within SnappyMail for Quarantine.

If we put Quarantine email go to Spam, if you put Reject it bounces back to the sender. But with option None nothing is done for failures.

[DMARC doesn’t directly address whether or not an email is spam or otherwise fraudulent. Instead, DMARC can require that a message not only pass DKIM or SPF validation but also pass alignment. Under DMARC, a message can fail even if it passes SPF or DKIM but fails alignment.

Setting up DMARC may have a positive impact on deliverability for legitimate senders. With DMARC implementation, you can tell email receivers how to handle email messages that fail authentication and protect your domain from spoofing and other phishing attacks.

Take a second look about that please.