Differences

This shows you the differences between two versions of the page.

--- pages:howtos:mailserver:dmarc [2023/10/22 13:31] – [DMARC] mischerh
+++ pages:howtos:mailserver:dmarc [2023/10/22 14:22] (current) – mischerh
@@ Line 1: / Line 1: @@
 {{tag>howto dmarc dkim spf mailserver email dig dns}}
 ====== DMARC ======
+  * https://support.google.com/a/answer/2466580
   * https://dmarc.org/2015/08/receiving-dmarc-reports-outside-your-domain/
+  * https://powerdmarc.com/de/how-to-find-dkim-selector/
   * https://mxtoolbox.com/DMARCRecordGenerator.aspx?
+  * https://easydmarc.com/tools/dkim-record-generator
+  * https://www.agari.com/blog/dkim-setup
   * https://mxtoolbox.com/problem/dmarc/dmarc-external-validation?page=prob_dmarc
   * https://dmarcadvisor.com/de/was-ist-external-destination-verification/
+  * https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-spf-dkim-and-dmarc-in-postfix <- THIS IS GOLD!
+  * https://www.synology-forum.de/threads/strato-und-mail-server-einrichtung-dkim-spf-dmarc-workaround.92191/
+  * https://powerdmarc.com/how-to-read-dmarc-reports/
+  * https://www.mailercheck.com/articles/how-to-read-a-dmarc-report-and-actually-understand-it
+Open Source DMARC-Report Analyzers/Visualizer:
+  * https://domainaware.github.io/parsedmarc/
 <sxh bash; gutter: false>
 #MX
 dig -t MX +noall +answer netzwerkforensik.com
+dig +noall +answer netzwerkforensik.com
+</sxh>
+<code>
+netzwerkforensik.com.   150     IN      MX      5 smtpin.rzone.de.
+</code>
+<code>
+smtpin.rzone.de.        1800    IN      A       81.169.145.97
+</code>
+<sxh bash; gutter: false>
 # SPF
 dig -t txt +noall +answer _spf.strato.com
 dig -t txt +noall +answer netzwerkforensik.com
+</sxh>
+<code>
+_spf.strato.com.        3600    IN      TXT     "v=spf1 ip4:81.169.146.128/25 ip4:85.215.255.0/24 ip6:2a01:238:20a:202::0/64 ip6:2a01:238:400::0/48 ip4:81.169.144.153 ip6:2a01:238:20a:202:50ff::153 -all"
+</code>
+<code>
+netzwerkforensik.com.   150     IN      TXT     "v=spf1 include:_spf.strato.com mx -all"
+</code>
+<sxh bash; gutter: false>
 #DKIM Selector 1
 dig -t txt +noall +answer strato-dkim-0002._domainkey.netzwerkforensik.com
+</sxh>
+<code>
+strato-dkim-0002._domainkey.netzwerkforensik.com. 150 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3a1nbhQdD0MtbPT1r8DGZefoQlj3fSgtWdINsXsRl55OmOAf2QNR8B0SwC59dWqA+isuH/bQnU0f0OmO5A7p+cyfT9EekbWslP575NAnAYpsUJlBv/0O8qA6T/cLoDz6LsUYv000gFRqSSUe1BZnJ/sjg0f96UCkomT1aQRpSUSDwNYCqpQKQ/fWg9IS2fL+" "d2kR1rckqwoKdgbEtjr4i+ICn2SUodI1KkGusIivuBueMYfDh8RGYKvFv40UZlBSfuX71GkzEPvQPnQTfXLqM9F8q1kWq/mdWYy5R0KrWptAnuAmCZqujkgWmcqzLoTMln04oOxGFp/zkf8iA75lwIDAQAB"
+</code>
+<sxh bash; gutter: false>
 #DKIM Selector 2
 dig -t txt +noall +answer strato-dkim-0003._domainkey.netzwerkforensik.com
+</sxh>
+<code>
+strato-dkim-0003._domainkey.netzwerkforensik.com. 150 IN TXT "v=DKIM1; k=ed25519; p=hB4fidO1tsRNeRkj6ySb9N2xwfNzERRFYLQhGQyQ9dE="
+</code>
+<sxh bash; gutter: false>
 #DMARC
 dig -t txt +noall +answer _dmarc.netzwerkforensik.com
 dig -t txt +noall +answer netzwerkforensik.com._report._dmarc.wiretrip.de
 </sxh>
+<code>
+_dmarc.netzwerkforensik.com. 150 IN     TXT     "v=DMARC1; p=quarantine; rua=mailto:dmarc-report@wiretrip.de; ruf=mailto:postmaster@wiretrip.de; sp=reject; fo=0:1:d:s; pct=100; aspf=s"
+</code>
+<code>
+netzwerkforensik.com._report._dmarc.wiretrip.de. 43200 IN TXT "v=DMARC1;"
+</code>
 <sxh xml; highlight: []; title: dmarc report>
@@ Line 81: / Line 125: @@
 Der Fail in Zeile 43 kommt vermutlich vom zweiten Selector 0003 weil das kein RSA sondern ED25519 Zertifikat ist und google das noch nicht unterstützt. Sollte aber neutral bewertet werden - also Selector 1: pass und Selector 2: neutral.
+===== Mail-tester-Ergebnis =====
+  * https://www.mail-tester.com/test-trw64bcwh
+{{:pages:howtos:mailserver:screenshot-2023-10-22-at-16-20-58-spam-test-result.png?direct&600|}}
 ----
 ~~DISCUSSION~~