1

I have a Docker-based mail server (Mailu) setup. It's working great except for delivery reports which are sent automatically (one of the user mailboxes is full and a "Quota exceeded" notification is sent to the sender).

The reports are rejected by the recipient due to DMARC failure:

This is an email abuse report for an email message received from IP xxx.xxx.xxx.xxx on Tue, 28 Sep 2021 05:16:31 +0000. The message below did not meet the sending domain's dmarc policy.

The header of the rejected message:

Feedback-Type: auth-failure
User-Agent: Lua/1.0
Version: 1.0
Original-Mail-From: 
Original-Rcpt-To: xxx@bounce.linkedin.com
Arrival-Date: Tue, 28 Sep 2021 05:16:31 +0000
Message-ID: <xxx@mail.domainB.com>
Authentication-Results: dmarc=fail (p=reject; dis=reject) header.from=domainB.com
Source-IP: xxx.xxx.xxx.xxx
Delivery-Result: reject
Auth-Failure: dmarc
Reported-Domain: domainB.com

The mailserver runs on mail.domainB.com, has domainA.com configured, and the email is sent to user@domainA.com.

SPF is configured for both domains:

  • Domain A: v=spf1 a mx include:domainB.com -all
  • Domain B: v=spf1 a mx include:_spf.google.com include:servers.mcsv.net include:relay.mailchannels.net -all

DMARC for both: v=DMARC1;p=reject;rua=mailto:dmarc@domainB.com;ruf=mailto:postmaster@domainB.com;adkim=s;aspf=s;fo=1;

MX for both domains is mail.domainB.com and the PTR record for the IP "xxx.xxx.xxx.xxx" points to srv.domainB.com. All domains run on and point to the same server.

I suspect a DNS/DMARC configuration error but I can't point it out. Do I need to include the domain domainB.com in the SPF as well (see header.form).

Edit: Some messages contain a message body (in addition to the header above):

Received-SPF: None (no SPF record) identity=no SPF record; client-ip=xxx.xxx.xxx.xxx; helo=mail.domainB.com; envelope-from=<>; receiver=<UNKNOWN> 
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.hostpark.net F224D16527
Received: by mail.domainB.com (Postfix)
    id 61B3BDFF1; Wed, 29 Sep 2021 06:16:50 +0000 (UTC)
Date: Wed, 29 Sep 2021 06:16:50 +0000 (UTC)
From: MAILER-DAEMON@domainB.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: xxx@srs.hostpark.net
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="25F89DFEB.1632896210/mail.domainB.com"
Message-Id: <xxx@mail.domainB.com>

Could anyone point me in the right direction? Much appreciated, thanks!

andi
  • 121
  • 6
  • `the email is sent to user@domainA.com` I assume the mail is sent *from* user@domaina.com *to* xxx@bounce.linkedin.com? – sebix Sep 28 '21 at 17:52
  • @sebix The original email was some email from Linkedin. As the user mailbox is full, the mailserver (Mailu) sends a bounce back to `xxx@bounce.linkedin.com`. Per definition the FROM of the bounce is empty I assume or `domainA.com` as `header.form` let's suspect. As it fails DMARC that bounce get's rejected. – andi Sep 29 '21 at 05:57

1 Answers1

1

The fix appeared to be quite easy. The SPF record had more than 10 lookups and therefore it was synthetically correct but was interpreted as invalid. The solution was to remove one of the include:.

andi
  • 121
  • 6