On 30 November 2018 3:10:26 am AEDT, Odhiambo Washington via Exim-users <exim-users@???> wrote:
>I have configured DMARC for one of the domains I manage, and all the
>tools
>I used for testing gave me the all clear. I then decided to use the
>REJECT
>policy.
>Today, I was testing the implementation of DMARC checks on one other
>server. I sent a test mail from one domain to another and got a
>rejection.
>Please help me understand what has happened from the log snippet below:
>
>2018-11-29 18:48:00 1gSOXo-0002Yp-Fd PDKIM: d=titan.co.ke s=csl [failed
>key
>import]
Your issue is here.
>2018-11-29 18:48:01 1gSOXo-0002Yp-Fd DMARC results:
>spf_domain=titan.co.ke
>dmarc_domain=titan.co.ke spf_align=no dkim_align=no
>enforcement='Reject'
>2018-11-29 18:48:01 1gSOXo-0002Yp-Fd H=gw.titan.co.ke [197.232.25.162]
>I=[41.57.103.122]:25 Warning: DMARC DEBUG: 'reject' for titan.co.ke
>2018-11-29 18:48:01 1gSOXo-0002Yp-Fd H=gw.titan.co.ke [197.232.25.162]
>I=[41.57.103.122]:25 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no
>F=<
>XXXX@???> rejected after DATA: Message from titan.co.ke failed
>sender's DMARC policy, REJECT
>2018-11-29 18:48:01 SMTP connection from gw.titan.co.ke
>[197.232.25.162]
>I=[41.57.103.122]:25 closed by QUIT
>
>A test for DMARC for the domain:
>root@gw:/etc/exim/opendmarc # /usr/local/sbin/opendmarc-check
>titan.co.ke
>DMARC record for titan.co.ke:
> Sample percentage: 100
> DKIM alignment: relaxed
> SPF alignment: relaxed
> Domain policy: reject
> Subdomain policy: reject *<======== could this be the issue??*
This means that if a mail from foo.titan.co.ke for example was received it should use a reject policy for email which doesn't have a valid dkim signature or is sent from a host which is permitted in the spf policy.
> Aggregate report URIs:
> mailto:postmaster@titan.co.ke
> Failure report URIs:
> mailto:postmaster@titan.co.ke