[conspire] (forw) [BALUG-Admin] So, DMARC. A week ago.
Akkana Peck
akkana at shallowsky.com
Fri Feb 9 09:55:23 PST 2024
Rick Moen writes:
> I know there are people who maintain (on the Web) "So, you want to run
> your own mail server" tutorials/guides, and come across them directly.
> Next time I do, I need to remember to link one or two good ones from the
> Linuxmafia.com Knowledgebase.
I don't have one to contribute, though I should probably go looking. I've been running my own mail server for decades but that doesn't mean I actually know what I'm doing, and reading some basic guides might point out things I'm not doing well.
[on DMARC not requiring DKIM]
> A caution: I _think_ that is the case, and several currently-maintained
> sites I consulted on DMARC configuration claimed so.
Overnight I received several DMARC reports, two emailed from Yahoo and one from Google (as .xml.gz) and one from google (as .zip which contains a .xml), but I'm not having much luck reading them. Is there a good way to read these silly XML reports? Debian has dmarc-cat, which gives "Error: SelectInput: bad filename" regardless of whether I point it at a .xml.gz, a .zip or a .xml; and dmarcts-report-parser, which looks ridiculously difficult to use and requires installing 32 extra Perl packages. I looked through the XML but I'm not sure what the various fields mean (in some places it says SPF failed, others say it passed, and the same for DKIM), and I tried pasting it into a couple of online dmarc message analyzers but they weren't much help either. Probably I should turn off aggregate reporting and turn on forensic reporting.
[smartlist]
> If I want to explore that, I might ask you for a tarball of your
> production configuration.
Can do -- let me know if you decide you want it.
...Akkana
More information about the conspire
mailing list