I have configured DMARC for one of the domains I manage, and all the tools
I used for testing gave me the all clear. I then decided to use the REJECT
policy.
Today, I was testing the implementation of DMARC checks on one other
server. I sent a test mail from one domain to another and got a rejection.
Please help me understand what has happened from the log snippet below:
2018-11-29 18:48:00 1gSOXo-0002Yp-Fd PDKIM: d=titan.co.ke s=csl [failed key
import]
2018-11-29 18:48:01 1gSOXo-0002Yp-Fd DMARC results: spf_domain=titan.co.ke
dmarc_domain=titan.co.ke spf_align=no dkim_align=no enforcement='Reject'
2018-11-29 18:48:01 1gSOXo-0002Yp-Fd H=gw.titan.co.ke [197.232.25.162]
I=[41.57.103.122]:25 Warning: DMARC DEBUG: 'reject' for titan.co.ke
2018-11-29 18:48:01 1gSOXo-0002Yp-Fd H=gw.titan.co.ke [197.232.25.162]
I=[41.57.103.122]:25 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<
XXXX@???> rejected after DATA: Message from titan.co.ke failed
sender's DMARC policy, REJECT
2018-11-29 18:48:01 SMTP connection from gw.titan.co.ke [197.232.25.162]
I=[41.57.103.122]:25 closed by QUIT
A test for DMARC for the domain:
root@gw:/etc/exim/opendmarc # /usr/local/sbin/opendmarc-check titan.co.ke
DMARC record for titan.co.ke:
Sample percentage: 100
DKIM alignment: relaxed
SPF alignment: relaxed
Domain policy: reject
Subdomain policy: reject *<======== could this be the issue??*
Aggregate report URIs:
mailto:postmaster@titan.co.ke
Failure report URIs:
mailto:postmaster@titan.co.ke
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
