Como configurar o SPF e o DMARC para hosts de satélite?

1

Se eu enviar e-mails diretamente do host de retransmissão - tudo funciona como um encanto. Todas as verificações são passadas.

Delivered-To: [email protected]
Received: by 10.100.182.171 with SMTP id t40csp2626933pjb;
        Thu, 26 Apr 2018 10:46:48 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/9tRGhIYiEqgkaJpGdNZz2kdBMwayri8Jw1FpQbkXwwi7FVsResUJWGCGUJo1ldjN0B58F
X-Received: by 10.46.151.151 with SMTP id y23mr16275963lji.52.1524764808385;
        Thu, 26 Apr 2018 10:46:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524764808; cv=none;
        d=google.com; s=arc-20160816;
        b=cyB04HBw9TTTJAWwuEhT/qR6+lMFpIDYunmeNywATk5Ty2a3bmS9lSlIT8xYA1wvwA
         ouDJ2zRi8z4RuVurYoZqQGO+btm0R9dHvAUfV6w/WPBofgI8Kl1RaUvHZ/lONaOE3Bze
         epnp6+EXzmflmdMjsrhUb3c8Rmx+i91a+hZcZeGM5/qTuaeyzxbDM7TGnyWKkIMTrJ0i
         VD/HHYS3hhQkFKpEZpzlcI/+Z0zVRNT0pW7RLufAP8vTPWcncUiYaw2Nl7MjcorTf3vB
         qyy8EdQreIt8bnzBZASwKR2gjTyRtrN94HpYXetE2f3BKh6rO7AXkG8o2Rbxhaq3Cxip
         qYlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=date:from:message-id:to:subject:dkim-signature
         :arc-authentication-results;
        bh=8RMrWM7Bx0xwYLRGJR8xwS45EuxVliASeW9XWrVcUwk=;
        b=NvKM7lcKjS2xzOCgY3qqBp6s2tTTlqof7pK71kYab+EJeztH3H8ZODJw9OkV4qmnv+
         lyiUK7imMxEyrfERNNqcx9ocXV62emtQZac6ef9AlwXLFX/jf49w0tsp9ylvJAZO/4LS
         nPZZ1pGZoaIZ9CmuRHwE5GHfmXLxHx1LmPhqzCZD3ThHFwOxkuS7nJSmVseOuikV6ZWh
         HLjCVyPYIPoX/nF3g3kN/hSZtvKLJ28pQ8joxBofX/IBAuklSX4UGLez2Ibrb+bhrvib
         p8z/3/AOntN5HJ/KmHJU5KvX+fm8H/gB5KyZa2ii8oP8ItyArsaU6Rtyg9bUp31K+jCY
         5+mg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=FNRfL+sE;
       spf=pass (google.com: domain of [email protected] designates 119.176.231.226 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=git.host.me
Return-Path: <[email protected]>
Received: from git.host.me ([119.176.231.226])
        by mx.google.com with ESMTPS id e8si3825617ljg.267.2018.04.26.10.46.47
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 26 Apr 2018 10:46:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 119.176.231.226 as permitted sender) client-ip=119.176.231.226;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=FNRfL+sE;
       spf=pass (google.com: domain of [email protected] designates 119.176.231.226 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=git.host.me
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=git.host.me;
   s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8RMrWM7Bx0xwYLRGJR8xwS45EuxVliASeW9XWrVcUwk=; b=FNRfL+sEpXPFi8PuUR2fyt9Bkw 18AfHsXg6xsKQaMj5m3qXoe8vrvbf18HpwzH8MYImBKXdRiSIGyXOrg4XMxFYIJ7wyFCnUpiFLYDF 3kaIcIDTC0pBkbPCfyidhxxk1BwQ2jMcazTdcT8AE4giSXTGG3Hy7O3Ww8KNBTaU9vRk=;
Received: from root by git.host.me with local (Exim 4.89) (envelope-from <[email protected]>) id 1fBkyj-0007hW-Hr for [email protected]; Thu, 26 Apr 2018 23:46:45 +0600
Subject: Test Subject4
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <[email protected]>
From: GitLab <[email protected]>
Date: Thu, 26 Apr 2018 23:46:45 +0600

Mas o SPF e o DMARC falham se enviar a partir do satélite através deste relé

Delivered-To: [email protected]
Received: by 10.100.182.171 with SMTP id t40csp2596843pjb;
        Thu, 26 Apr 2018 10:18:00 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqHS5rxP0CP+5cReVbLQ0eSEuquzFPakXwEixRr2iKnnAxqj1129rFCrQ+AVU4/mAtaffWW
X-Received: by 10.46.150.137 with SMTP id q9mr8330222lji.35.1524763080357;
        Thu, 26 Apr 2018 10:18:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524763080; cv=none;
        d=google.com; s=arc-20160816;
        b=lrfP7Il7GdHHm/lCC6pOtDfbB/tzSi2miDZYJs5NS9OmBhw2NXx6+Fn2SwpQmXTtYA
         ahLZn6Y46Uy1LxslbXevD7VVIhh89O8oR/P5etNOlVHdNPr5SZdi0JsWT785sfuXciHU
         m1zJhZ0le6llShfYniO3GaDE30gZgP/l97i7u8xM+15wQpU3h1JCpvgTBrzDz/Nde0Nc
         8DCqpPgb1x0e17ezzG/+oNEhsHyZ6DkwSfSJaTXUs9thMnbgQFA2XwYfzDV0lHahVbiE
         g2mk/LEHgzFjAXICLwCcXYOnc0lT07lfHqY41xPIInQQcknV6WSR7V0WOH5GWUR0yqJS
         8aQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=date:from:message-id:to:subject:dkim-signature
         :arc-authentication-results;
        bh=yH/vUyKuWBPNLRqqzCex1QTHbG30THc7TAL6MFazZhc=;
        b=F+VqDKrcESEUQT4Xg9mhU0sm88mezc4ZRqFBl9yOQa/2Bbyfm4Nv17jSGVsQST/kDI
         XZXhX7bUkR/Qz2B771K7oQNl2rMrL6LNnr6W3jfR7mNl5q2O33N4kp/c6n/Nyy4vcVa3
         d0PY6WbCpAjeSG2eZhBanTWP6x9bnu8NAmpB2HeCjIWQWijSLTmGB8zR6WmsSZuyJZTY
         75bfPNPn1uxvs8/eCtgx0kcn93u/ESty+98HEl2Jk4Kph9bODahOTk+AGfdGnM9XKx/a
         KJ8s10K8oK+ENuewofwxQSrO954yhIQd1q2oFcKuIYz7RVCQIayQVNWlscvlVJ9jLXK5
         eL5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=nMYm74MJ;
       spf=neutral (google.com: 119.176.231.226 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Return-Path: <[email protected]>
Received: from git.host.me ([119.176.231.226])
        by mx.google.com with ESMTPS id 7-v6si7910546lft.38.2018.04.26.10.18.00
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 26 Apr 2018 10:18:00 -0700 (PDT)
Received-SPF: neutral (google.com: 119.176.231.226 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=119.176.231.226;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=nMYm74MJ;
       spf=neutral (google.com: 119.176.231.226 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=git.host.me;
   s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yH/vUyKuWBPNLRqqzCex1QTHbG30THc7TAL6MFazZhc=; b=nMYm74MJpGXuswasjPd9bBZ9jf CEuuqQEj6LLLUUUMVwsGFHz4htEILACtC2My2P4EUvc0rEGJoykL5qSETL33fbttlHj3z0z0GjbCN WlGTnol6YR6IgHwnh2Fh8IidTLAAayiq44uCw0ditde0MUSm22ioI1XlV8cJNuIB8wDs=;
Received: from postgres.inf.host.me ([192.168.1.204] helo=postgres.inf) by git.host.me with esmtp (Exim 4.89) (envelope-from <[email protected]>) id 1fBkWs-0006W6-1i for [email protected]; Thu, 26 Apr 2018 23:17:58 +0600
Received: from root by postgres.inf with local (Exim 4.89) (envelope-from <[email protected]>) id 1fBkWs-00023Q-00 for [email protected]; Thu, 26 Apr 2018 23:17:58 +0600
Subject: Test Subject3
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <[email protected]>
From: [email protected]
Date: Thu, 26 Apr 2018 23:17:57 +0600

O que deve ser ajustado ou configurado no Exim para passar o SPF e o DMARC? Por que o Google verifica os dados do host de satélite, mas não o servidor de retransmissão real?

    
por Falseclock 26.04.2018 / 20:17

1 resposta

0

A regra geral do DMARC é verificar o cabeçalho From: , já que é aquele que é entendido como remetente aqui. Portanto, no caso de um segundo e-mail, o proprietário do DNS de postgres.inf pode dizer com que seriedade nós tratamos o e-mail de saída From: de seu domínio. Isso é conhecido como DMARC.

Como esse domínio não tem registros DMARC ou SPF publicados no DNS, e como a assinatura DKIM vem de um domínio diferente (não d=postgres.inf ), o destinatário não pode chegar a nenhuma conclusão.

    
por 26.04.2018 / 20:51