[Rspamd-Users] Problems with dmarc reports

Albrecht Backhaus albrecht.backhaus at gmail.com
Sun Mar 3 16:07:52 UTC 2024 

*Von:/From:* G.W. Haywood <rspamd at jubileegroup.co.uk>
*Gesendet:/Sent:* Sonntag, 03.03.2024 - 12:32
*An:/To:* User questions <users at lists.rspamd.com>
*Kopie:/CC:* Albrecht Backhaus <albrecht.backhaus at gmail.com>
*Betreff:/Subject:* Re: [Rspamd-Users] Problems with dmarc reports
> Hi there,
>
> On Sat, 2 Mar 2024, Albrecht Backhaus wrote:
>
>> I try to setup dmarc reporting properly. I followed the description 
>> on https://rspamd.com/doc/modules/dmarc.html
>
> In that document it says
>
> " A working MTA running on a specific host is required to send the
> reports. Ideally, the local MTA should allow email to be sent without
> authentication or SSL."
>
I have seen this already as well. The wording "Ideally... " is not very 
helpful - it would be desirable to find a clear statement of what works 
and what does not.
But anyway - there is no entry in the mail logs of my mta - so no 
rejected attempt to send an email.

>> ...
>> Couldn't send mail for github.com: error on stage connect: IO read 
>> error while trying to read data: Connection refused
>> ...
>
> It looks like you don't have a working MTA listening for the connections
> which will send the DMARC reports.  If you think that my suggestion isn't
> correct, please supply more detailed information.

See my statement above. If that would be the case there would be log 
entries documenting rejected attempts to access the mta.

>
> You could try to send a DMARC report to me.
>
> If you'll let me know from where I can expect the connection (the IP
> address and the MTA HELO name), and very roughly when I can expect it,
> then I can look in the mail logs for any attempt to send the report.
>
I don't think this is a good idea. It is also a mystery to me how this 
should work at all. The sending of dmarc reports (valid recipients for 
specific domains etc.) is regulated via corresponding DNS entries for 
the domains concerned. I don't know how I could "manipulate" your 
recipient data into these DNS entries for emails already received from 
different domains on my mail server - especially as I have no access to 
DNS entries for other domains ....

> My guess is that the 'connection refused' is from your own MTA (or you
> don't have an MTA listening for the reports) and that I'll see nothing.
>
"Guessing" is exactly what I wanted to avoid, hence my question if 
anyone can tell me exactly what the messages of the "rspamadm 
dmarc_report" command mean and where this is documented. If it is 
unclear or nobody knows, it might be a good idea to supplement the 
documentation accordingly.

More information about the Users mailing list