DMARC setup under Virtualmin

contabo basic VPS 6Gb memory
OS type and version AlmaLinux 9.3
Webmin version 2.111
Virtualmin version 7.10.0

Hi Everyone.

I’m trying to work out if I need to do this… I don’t see a setting in Virtualmin UI for doing this automatically (for either existing or new virtual servers), but I’ve seen instructions for putting the entry in the DNS Zone manually. I know that my domains have working SPF/DKIM, and when I ran a test from this site,

It concludes saying DMARC isn’t setup, but as I have valid SPF/DKIM DMARC gets a pass. If this is a generally accepted standard, then I guess I don’t need to setup anything manually, or is it still better practice to do so?

This is the entry I’ve seen recommended,

_dmarc.mydomain.com. IN TXT "V=DMARC1; p=none; fo:1; "

But I also came across this article,

It seems to suggest there is a place I can set DMARC settings, but I haven’t been able to find it. I’m also a little confused about the quarantine references… isn’t DMARC about getting a better sending rep, so I don’t know what could/should be quarantined… I don’t want to make things different/difficult for email users.

Thanks for any pointers.

1 Like

p=none means your letting all emails through using your domain including spammers, its usually done for testing and to make sure SPF and DKIM are setup correctly.
My default setting is v=DMARC1;p=quarantine;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;ruf=mailto:myuser@domain.com
You should be getting a report sent to your email when setting up to see if everything is correct so a simple
v=DMARC1;p=quarantine;rua=mailto:you@domain.com
might be better if you think spf and dkim are correct, rau you should get a daily email from the likes of gmail and yahoo if emails are sent to them using your domain.

Are you using virtuamin for dns? Or is it external

virtualmin will set the dmarc for you in the dns settings, email go to the postmaster of your domain.

Take the quizz on learndmarc plus spoof my email, you will see p=none is not good.

This article might be useful, lots of information including history and background to explain everything.

Thank you for the quick replies Stefan & Shoulders - I’ll look into them now.

This is excellent! Exactly what I needed to get a better (and correct!) idea of what these systems offered/required.

A quick question you may know the answer to - when I am specifying the rua/ruf addresses for DMARC, do these have to be on the same domain, or can I use any email address? If any, then I’ll create a central account I can have all domains send to so I can monitor everything together. Thankfully, none of the domains are heavy mail users!

you can use any email address

1 Like

Hi Stefan,

Yes, I am using Virtualmin for DNS for these domains.

I found the dmarc settings as you described in your image. They were set the same as your example. Is this a server wide default, or specific to each virtual server?

image

I removed the the example DMARC entry I had manually created, but I don’t see any entry in the zone file generated from the settings under DNS settings… Do I need to do something so it creates the entry?

When I now do the learndmarc test, it doesn’t detect a _dmarc policy (which I guess is correct, as there isn’t an entry in the Zone file).

So before I create an entry manually based of your example above, I thought I would check in case I just need to do something to activate the current settings.

It may be that when I next create a virtual server it is done automatically for me now.

Thanks

if you are using webmin/virtualmin to manage your dns you can use this page to edit it
webmin->servers->bind dns server


and ignore the warning
if not just copy the suggested DNS records to your dns provider

Hi Jim,

It looks like I need to do additional stuff to use an external email address…

Just reading up on what exactly I need to do here…

Adding the following at the receiving domains zone removes that issue,

You need to set it to

p=quarantine;

Another website to check many e-mail related settings:

Newsletters spam test by mail-tester.com

@LuniTV

Can you give me the link for this test?

Tar

I did not know about that verification, maybe that’s why I’m not getting reports :slight_smile:

I’ve never seen that error before at mxtools, what web site did you use to get that error?

P.S. found it Easily Find Errors In Your SPF, DMARC, DKIM, and MTA-STS records | URIports

3 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.