Problem with system messages on 1 server to Google (quarantaine)

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
14,904
Location
Maastricht
Oke I'm fed up now. System messages from 1 server do not give any issues on the google reports. Disposition "none" and the rest passes.

On the other server, they go into quarantaine every time, which is odd because I setup the servers the same way, but I can't find the issue or I'm looking passed it.

Result from server 1, which is working as desired:
Code: 
 <policy_published>
    <domain>mydomain.nl</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>reject</sp>
    <pct>100</pct>
    <np>reject</np>
  </policy_published>
  <record>
   <row>
      <source_ip>2a01:xxx:xxx:xxx::2</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>mycompany.nl</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>mycompany.nl</domain>
        <result>pass</result>
        <selector>x</selector>
      </dkim>
      <spf>
        <domain>mycompany.nl</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>2a01:xxx:xxx:xxx::2</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>mycompany.nl</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>server1.firstserver.nl</domain>
        <result>pass</result>
        <selector>x</selector>
      </dkim>
      <spf>
        <domain>server1.firstserver.nl</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

So a disposition of "none" and mails gets through.

However, on server 2 this is not happening and I can't figure out why, even changed the creator of my domain from other admin to admin, no change.

So this is happening on server 2 and it's also a lot shorter than on server 1:
Code: 
 <policy_published>
    <domain>my-company.nl</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>reject</sp>
    <pct>100</pct>
    <np>reject</np>
  </policy_published>
  <record>
    <row>
      <source_ip>2a01:xxxx:xxx:xxx:xxx:2</source_ip>
      <count>3</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>my-company.nl</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>server2.seconddomain.nl</domain>
        <result>pass</result>
        <selector>x</selector>
      </dkim>
      <spf>
        <domain>server2.seconddomain.nl</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

As you can see disposition is quarantaine.

The difference which I can see is the "domain". On server 1 correctly mydomain.nl is used. On server 2 on domain the hostname is used.
I don't remember if I made an adjustment somewhere to make this happen. Or otherwise I don't know to look anymore.

NB: This is a reseller domain on both servers. I do have admin access so I can change whatever I want and where I want. But as far as I know I have setup things the same way. The names mycompany.nl and my-company.nl are masked but correct, there is a dash in between the name on the second server.

Both hostnames and domains from hostnames do not have any DMARC records. Tried removing those which were present, but did not make a difference.

Anybody a clue on why on server 2 the hostname is used on domain instead of my company domain? I did not make any custom exim changes for this as far as I remember.
 
The report says that the mail states it's from [email protected] and its send from server2.seconddomain.nl. This proves actually only that:

- server2.seconddomain.nl is authorized to send mail due to spf.
- server2.seconddomain.nl has signed the message.

Both are true and pass.

But server2.seconddomain.nl is not my-company.nl so dmarcs alignment fails and it gets quarantained p=quar....

Preventing quarantaine in a shitty, temp. solution is to set the p=none in the dmarc record.

But you have literally two domains and iirc you can't have dmarc get that to pass.

mailheader from: my-company.nl
dkim: server2.seconddomain.nl
spf: server2.seconddomain.nl

Just rename server2.seconddomain.nl to server2.my-company.nl.
and use a dmarc like: _dmarc.my-company.nl. ... p=quarantine; adkim=s; aspf=s
If you just want to get the mail out of quarantaine, set p=none.

No real happy joy joy solution, I guess :/
 
sysdev said:
But server2.seconddomain.nl is not my-company.nl so dmarcs alignment fails and it gets quarantained p=quar....
Click to expand...
Yes, so why does that not happen on server 1 then? Because there it's exactly the same.

I'm wondering about these lines because these are causing the issue:
Server 1:
<dkim>
<domain>mycompany.nl</domain>

Server 2:
<dkim>
<domain>server2.seconddomain.nl</domain>

So why is server 2 using the hostname here and not my-company.nl domain name?

sysdev said:
Just rename server2.seconddomain.nl to server2.my-company.nl.
Click to expand...
Not an option as my accounts are reseller accounts and seconddomain.nl and primarydomain.nl are both admin domains and hostnames are seperate DNS entries for the hostname.

I have it the same on both servers but do not understand why on server 2 my domain (or probably any customers domain) is not used, while this does work correctly on server 1.
 
You must log in or register to reply here.
Back
Top