DMARC and vacation messages

T

toktokcity

Verified User
Joined
Apr 29, 2016
Messages
87
Location
The Netherlands
When a user enables a vacation message, the autoreply will be generated and sent by the DirectAdmin server. The problem appears when the e-mail is checked for DMARC because the server is not the e-mail domain.

Code: 
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:qqq:fffb:403:qqqq:ff:fe4a:5aa8 as permitted sender) smtp.helo=s2.qqqq.nl;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arjenzzzz.nl

This is the result. Anybody an idea how to tell that s2. is the legitimate one?
 
There is no quarantine or reject policy enabled in DMARC record for s2.qqqq.nl according to the data you posted. That's it.
 
in my experience, you needn't DMARC to insure that emails you send go to inbox.
 
Well, the problem is that Gmail discovers that the vacation message is not sent by the original e-mail address, but by the DA server. In line with for example a service like Sparkpost, I am wondering if it is possible to add the DKIM of the DA server to the DNS records of the clients domain, which makes it a legitimate user when Google checks SPF and DKIM and skips dmarc?

Would like to test, but can't find the servers DKIM and cannot create one with:

cd /usr/local/directadmin/scripts
./dkim_create.sh xx.domain.com
 
DKIM is functioning on domain level, that's not the problem.

The reputation of DA server, which is acording to Gmail not the valid source for sending vacation messages. The problem is that Gmail displays above the automatically generated reply [email protected] (domain with dkim etc.) 'by' s2.kenemedia.nl (DA server). The logic is that the DMARC is then not correct, the header is not 'arjenkorevaar.nl'.

Breaking my mind, perhaps just remove the DMARC record in the DNS?

Gmail checks SPF en DKIM which are oke with regular e-mails, the DMARC is then also oke. But in the vacation messages scenario... Is it possible to generate and let the vacation message being sent by the domain itself, so instead of s2.kenemedia.nl > arjenkorevaar.nl?
 
I guess I start understand what you are referring to. I don't use vacations in Exim, so I'm not much familiar with it ;) I prefer SIEVE rules and manage them in Roundcube. Anyway exim.conf contains these lines:

Code: 
#EDIT#58:uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {I am on vacation}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

and as you can see it has:

Code: 
from = "${local_part}@${domain}"

Doesn't it work? Or your exim.conf does not have them?

What headers are in your autoreply?
 
Thanks you do understand my noise!

This is what is in my exim file:

Code: 
#EDIT#58:
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {I am on vacation}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

This is an example of the e-mail:
Code: 
Delivered-To: [email protected]
Received: by 10.107.8.154 with SMTP id h26csp832669ioi;
        Thu, 15 Jun 2017 04:32:41 -0700 (PDT)
X-Received: by 10.80.177.151 with SMTP id m23mr3122277edd.162.1497526361523;
        Thu, 15 Jun 2017 04:32:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1497526361; cv=none;
        d=google.com; s=arc-20160816;
        b=zp4F/wrhu8FthSUdunwInXyFG1fQfT6IUHU0FAMwKPbwepXL1zFMHsvpdVZ/LGFvA5
         wj+UZJgEMST5K5HPDLXm/AuN8Q4ZgSxxBWnYdvR4X0GvQKP7y8FRmXaOjOmnTRHExgtE
         uzGz0ik+NsXJnm5zdjA5kEQa7xsg3PccUjw0E2IHJrTV+7QawTzsc1IYeL+QMGZRKPQe
         LtR2ixOcjIELSwA950N4AwaJNXFF9IlQ02Q1WZGue6M3AbQlbsrVryxw85BNuJ92ELQF
         JJLsdkzM6Mp6UE4JzOfQSg5Pn8H4kFCaQxuWBP8bef0JNC0eN63nvCzZfCHkx72bdPUr
         ovjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=date:message-id:mime-version:auto-submitted:references:in-reply-to
         :subject:to:from:arc-authentication-results;
        bh=jEWaDEerYJ1i9ymx1kx2gDJ07eGwyhbU9yz2ndx/Pjo=;
        b=BLFxiaVeg+iUDeSZHT9i5NHv7uS2i3tVDL/b3HRApUFYl8Ve2hUvjcFTFrkD3ztzfs
         YzVCypH6V837b4qbUWbEP75CtaBt0LaF2AQaGu/uFGr0NR9ADA3yrGGOWuS0aPnk5f0w
         BZTOLyeFbtYhrN5iSMz/LpVVpMn0K1c7E6Fqknu7BuLLj65U/6pXm+NpDouaccjHvdsG
         B2Ge99NxUX8x7jkd/B4ynIgTYsEd1Q+Vgj3eApW1ioUF/glexJQ2rhS8EW8rpl8PbmlV
         Pf+mmlLik4GHadOlQGS4g6qrbwhFpfpz6S2UoMupyKJAOGI+3bog0fBRuJkdqU4lFcdt
         3ZVg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) smtp.helo=s2.kenemedia.nl;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arjenkorevaar.nl
Return-Path: <>
Received: from s2.kenemedia.nl (s2.kenemedia.nl. [2a01:7c8:fffb:403:5054:ff:fe4a:5aa8])
        by mx.google.com with ESMTPS id r22si2457699eda.18.2017.06.15.04.32.41
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 15 Jun 2017 04:32:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) client-ip=2a01:7c8:fffb:403:5054:ff:fe4a:5aa8;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) smtp.helo=s2.kenemedia.nl;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arjenkorevaar.nl
Received: from mail by s2.kenemedia.nl with local (Exim 4.89) id 1dLT0z-00043N-46 for [email protected]; Thu, 15 Jun 2017 13:32:41 +0200
From: [email protected]
To: [email protected]
Subject: Re: Test
In-Reply-To: <CACkbL4-BYkcq_TC56mV5D4J6V6ay-k4PtKDVjdJof4Qt6TtEBA@mail.gmail.com>
References: <CACkbL4-BYkcq_TC56mV5D4J6V6ay-k4PtKDVjdJof4Qt6TtEBA@mail.gmail.com>
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Message-Id: <[email protected]>
Date: Thu, 15 Jun 2017 13:32:41 +0200


Sorry!

Ik ben op vakantie.
 
Well, it's rather confusing. So DMARC fails due to no DKIM? I don't see any DKIM from your server.

And why Gmail thinks that email was sent from postmaster@ ?

Did you try to install DKIM key for s2.kenemedia.nl? If not yet, then please try it.
 
Yes, I did try to install dkim on s2. but as noticed above, that did not give a result.
Code: 
[root@s2 admin]# cd /usr/local/directadmin/scripts
[root@s2 scripts]# ./dkim_create.sh s2.kenemedia.nl
Unable to find /etc/virtual/s2.kenemedia.nl

The question is also, where to find the server dkim afterwards? Perhaps it is available.

If I read the pages of Google well, they first check if spf and dkim are correct, if not correct, than they watch for dmarc.

I did try your suggestion with Roundcube, but same result.

Code: 
Delivered-To: [email protected]
Received: by 10.107.8.154 with SMTP id h26csp887349ioi;
        Thu, 15 Jun 2017 06:32:08 -0700 (PDT)
X-Received: by 10.80.209.215 with SMTP id i23mr3550418edg.165.1497533528201;
        Thu, 15 Jun 2017 06:32:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1497533528; cv=none;
        d=google.com; s=arc-20160816;
        b=IA5OlwNSti//i7S5NeOEwfPFbAB+8EUqnpsU39mWFo8VmUC23lkQ6PHoz85HmgDrNu
         ykoLc6gqAD1q9u7EGnLmiPAs/7w9vavQ/r4FixpnFkDxhKvOlzpt3zHSLGdYYOAnnWnB
         Ym8ZRYenUveTx6rT4vgnH5IAGmMTtvKQ7AK29Lya7MRxqNikRJXqCWkLiZWy2DT3DVpH
         tH20JRFoGvJziIenR624dOkH1KpmglJD/knDMnAhg0FRN3+CItXGlBSp9xKcK1FpP5R/
         6eX5vnBhk8K7r2fuIGySqcRAgQ/1KBIaPei98oBbiIUa6RlO9PgbFFyzinFZAEWvvLST
         051g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:precedence:auto-submitted
         :references:in-reply-to:subject:to:from:date:message-id
         :arc-authentication-results;
        bh=nBg3B5C2LEIkK2+RQ/jAcYHWh9tYuET9iKKW1MaNBxo=;
        b=ku3CwmHakWpSMZ+eoZgDp1TWh8Jj5La9k0Lah69z4z/d1Jx9NFvgqAWGWMaiVBmgum
         lDVJy7b51SzXqdKzYMBLwvEmTZByfJO9Tlt7MIjUZ0jrtkhX/C962VaeFfsc/x9V4iHX
         YhHyutUZ65wxfQLO76Y7UkBzwpbstMQ0MuucyxRV3ca4GUkcGRLQLqO6iVEhzJOSIC2o
         k1tF6WSbhK7cKsc1aG/xKCiBuWUf1DnwQGNIiSHFHb9g96N24SJ1h1LiKE5C1jOYq2XJ
         DwIz76nCdhM/PkyXlUnawevZNlbBF9xO4acOfR4W3swo4Bir1IfYlSd8dwSEG3CKxLCg
         h1KQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) smtp.helo=s2.kenemedia.nl;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chargenepal.com
Return-Path: <>
Received: from s2.kenemedia.nl (s2.kenemedia.nl. [2a01:7c8:fffb:403:5054:ff:fe4a:5aa8])
        by mx.google.com with ESMTPS id f13si2437500edl.320.2017.06.15.06.32.08
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 15 Jun 2017 06:32:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) client-ip=2a01:7c8:fffb:403:5054:ff:fe4a:5aa8;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:7c8:fffb:403:5054:ff:fe4a:5aa8 as permitted sender) smtp.helo=s2.kenemedia.nl;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chargenepal.com
Received: from root by s2.kenemedia.nl with local (Exim 4.89) id 1dLUsZ-0005i0-TG for [email protected]; Thu, 15 Jun 2017 15:32:07 +0200
X-Sieve: Pigeonhole Sieve 0.4.16 (fed8554)
Message-ID: <[email protected]>
Date: Thu, 15 Jun 2017 15:32:07 +0200
From: [email protected]
To: <[email protected]>
Subject: Vakantie!
In-Reply-To: <CACkbL4-ThbBuS8kvnM-Pxzjb6uWT24G4Tb7xBRDqRSGP_+Uk4A@mail.gmail.com>
References: <CACkbL4-ThbBuS8kvnM-Pxzjb6uWT24G4Tb7xBRDqRSGP_+Uk4A@mail.gmail.com>
Auto-Submitted: auto-replied (vacation)
Precedence: bulk
X-Auto-Response-Suppress: All
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

Sorry,

Ik ben op vakantie.
 
Last edited:
You must log in or register to reply here.
Back
Top