dmarc on centos 6.5 over ISPconfig 3.0.5.4p8

Discussion in 'ISPConfig 3 Priority Support' started by nmazza, Jun 15, 2015.

  1. nmazza

    nmazza New Member HowtoForge Supporter

  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    If you have already installed dkim-latest_ispconfig3 you can use the dmarc-wizard. just enabled dns and create a dmarc for a domain and afterwards insert the records on linode. the wizard is similar to http://www.kitterman.com/dmarc/assistant.html

    I donĀ“t think that you really need a dmarc-check. AFAIK dmarc is valid if dkim OR spf passes. So a dkim-signed mail will pass the check even if the spf-record fails.
     
    Last edited: Jun 15, 2015
  3. nmazza

    nmazza New Member HowtoForge Supporter

    Hello, Florian
    Because some of my clients, on [email protected] in my production SERVER sofihacloud.com.ar, until now ISPConfig 3.0.5.4 sp5
    Says
    This is the mail system at host mail.sofihacloud.com.ar.
    I'm sorry to have to inform you that your message could not be delivered to one or more recipients.
    It's attached below. For further assistance, please send mail to postmaster.
    If you do so, please include this problem report. You can delete your own text from the attached returned message.

    The mail system <[email protected]>: host gmail-smtp-in.l.google.com[2607:f8b0:4003:c0c::1b] said: 550-5.7.1 [2600:3c00::f03c:91ff:fe70:19fd 12] Our system has detected that 550-5.7.1 this message is likely unsolicited mail. To reduce the amount of spam 550-5.7.1 sent to Gmail, this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information. x205si2794710oix.80 - gsmtp (in reply to end of DATA command)

    Let me explain my idea,
    If I installed DKIM and DMARC would solve this problem, so I started with sofiha-isp.com is a test server once worked OK, do the same on the production server
    Regards
    Nestor
     
  4. nmazza

    nmazza New Member HowtoForge Supporter

  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You can use this record. But you should use p=none for testing only. If your setup works, change the policy later. I have also an account on dmarcian.com to the dmarc-reports in a readables format.
     
  6. nmazza

    nmazza New Member HowtoForge Supporter

    Hello, again
    What's the policy for production environment?
    quarantine or reject
    from what I can see GMAIL using reject
    Regards
    Nestor
     
  7. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    report -> quarantine -> reject. It would switch the policy step-by-step.
     

Share This Page