Error in DMRC made by the server

DonPeek · August 7, 2024, 5:46pm

SYSTEM INFORMATION
OS type and version	Centos 8 stream
Virtualmin version	7.10. 0 Pro

When I use the server to make a DMARC record, it works but It puts a email address in it.
And my customer has shared an email showing it has an error.

After I turn on the DMARC I can see the emails in the record.
What should I do?
Thanks
Don

This is a DMARC aggregate report from Microsoft Corporation. For Emails received between 2024-08-05 00:00:00 UTC to 2024-08-06 00:00:00 UTC.

You’re receiving this email because you have included your email address in the ‘rua’ tag of your DMARC record in DNS for lizardranch.net. Please remove your email address from the ‘rua’ tag if you don’t want to receive this email.

Please do not respond to this e-mail. This mailbox is not monitored and you will not receive a response. For any feedback/suggestions, kindly mail to dmarcreportfeedback@microsoft.com.

stefan1959 · August 7, 2024, 10:13pm

You can edit manually. What do you want to happen?

You need to get reports to make sure its working correctly.
What I do is to send postmaster to my address and I administer the mail server.
Once I see everything is working ok remove the rua and leave the ruf

It work be handy if this option was in the GUI.

DonPeek · August 7, 2024, 11:45pm

I did that and I used mxtoolbox to check and now said the DMARC Policy Not Enabled

I don’t know what they want, I really don’t know that much about email and its requirements.

I also tried putting my email address… postmaster@coastlandtech.com but it still failed.

Help…Please…

Don
PS. I never found out why my Centos didn’t update to 7.20 pro and stuck at 7.1
Jamie knows about that…

toreskev · August 8, 2024, 3:52am

My guess would be this is since you’re running on an unsupported OS.
After the split to Stream, the Virtualmin devs said they would never try to support it (not that they’d actively kill it either) but it’s a fast moving target that would require too much work.
Secondly it’s EOL by now so you REALLY should get off it.

Back to the topic; according to https://dmarcian.com/dmarc-inspector/ you seem to have a valid DMARC record, so what really seems to be the problem? The report received from MS is correct and identical to those we receive, and an email address is required in DMARC records.
Which error is your customer seeing?

shoulders · August 8, 2024, 7:32am

I noticed you could not configure all of the DMARC options in the DNS Options page so I made a quick github issue:

github.com/virtualmin/virtualmin-gpl

DMARC - Missing options

opened 07:31AM - 08 Aug 24 UTC

shoulders

| SYSTEM INFORMATION|| |----------------------|---------------------------| |… OS type and version | Ubuntu Linux 22.04.4 | | Webmin version | 2.111 | | Usermin version | 2.010 | | Virtualmin version | 7.20.2 | | Theme version | 21.10 | | Package updates | 58 package updates are available | ### The background There are 3 places to set DMARC settings - `Virtualmin --> DNS Settings --> DNS Options` ![image](https://github.com/user-attachments/assets/5f184984-91d3-4081-bf52-1577d25e3ff7) - `Virtualmin -->System Settings --> Server Templates` ![image](https://github.com/user-attachments/assets/83522b0c-e4a2-4896-970d-af2ab261f290) - ` Virtualmin --> DNS Settings --> DNS Records` ![image](https://github.com/user-attachments/assets/ffac7561-cac8-4f9f-a268-e759beba21cb) ### The issue There are options in `Virtualmin -->System Settings --> Server Templates` that cannot be configured in `Virtualmin --> DNS Settings --> DNS Records` But you can manually edit the DNS records manually however in this contect it is more of a workaround ### Additional - If DMARC is not enabled during the virtual server creation and the account owner later on decides to enable DMARC - then the options from the server template are used such as `Reporting URI for forensic reports` and `Reporting URI for aggregate reports` - but I assume that `DMARC policy for emails that fail SPF or DKIM` and `Percentage of messages to apply policy` are not as they are defined on the `DNS Options` page. ### Proposed solution - Add the missing options in to the `DNS Options` page so they can be configured through the GUI. - After the Virtual server is created then perhaps the DMARC settings should not be pulled from the server template as the option control should now be passed to the local account just like SPF.

stefan1959 · August 8, 2024, 8:34am

Dmarc is fine
you can shorten to v=DMARC1; p=reject; pct=100; ruf=mailto:postmaster@coastlandtech.com
So your not getting daily reports

DonPeek · August 8, 2024, 10:04pm

He sent me a copy of this today again.
I did try postmaster@coastlandtech.com and got and out of zone error.

Begin forwarded message:

From: DMARC Aggregate Report <dmarcreport@microsoft.com>
Date: August 8, 2024 at 5:37:18 AM MST
To: postmaster@lizardranch.net
Subject: [Preview] Report Domain: lizardranch.net Submitter: enterprise.protection.outlook.com Report-ID: 939e71162e9d4d2980d9926333928602

This is a DMARC aggregate report from Microsoft Corporation. For Emails received between 2024-08-06 00:00:00 UTC to 2024-08-07 00:00:00 UTC.

You’re receiving this email because you have included your email address in the ‘rua’ tag of your DMARC record in DNS for lizardranch.net. Please remove your email address from the ‘rua’ tag if you don’t want to receive this email.

Please do not respond to this e-mail. This mailbox is not monitored and you will not receive a response. For any feedback/suggestions, kindly mail to dmarcreportfeedback@microsoft.com.

Microsoft respects your privacy. Review our Online Services Privacy Statement.
One Microsoft Way, Redmond, WA, USA 98052.

stefan1959 · August 9, 2024, 12:21am

So the error for this domain?
you need to send to a address in that domain else you need extra dns settings in coastlandtech.com to except dmarc report for lizardranch.net
found the docs

https://dmarc.org/wiki/FAQ#I_published_a_DMARC_record_with_reports_going_to_another_domain.2C_but_none_seem_to_be_received

so in the dns record for coastlandtech add this

lizardranch.net._report._dmarc.coastlandtect.com. TXT “v=DMARC1”

btw a great site for learning dmarc is https://www.learndmarc.com/

and this one a another good testing site.

You could just edit the alias for postmaster@lizardranch.net and send to postmaster@coastlandtech.com

DonPeek · August 9, 2024, 2:43am

I have not tried that yet…
But I have hundreds of sites. Are they all going to need this?

toreskev · August 9, 2024, 4:02am

This is not an error…

stefan1959 · August 9, 2024, 10:00am

You can set the alias in the template

DonPeek · August 9, 2024, 9:09pm

now they are all set to ${EMAILTO}

stefan1959 · August 9, 2024, 10:14pm

Yeah that correct so it goes to the admin user I think, I set my own email as most of my websites I administer. But this is a template for newly created virtual servers, not already created servers.
You need to edit the mail aliases of each server under the mail section.

DonPeek · August 12, 2024, 10:00pm

Okay… Each one as they fuss for now.
I have it showing good at learndmarc, had to reset the domainkeys.
So we see if the customer keep getting that message.
Thanks
Don

stefan1959 · August 12, 2024, 10:10pm

You need to either remove the rua entry, I presume the postmaster address is forwarded to the customer?
rua is a dayly report whether the emails are are passing or failing. I use rua only on new domain to check legit emails are not failing and bad emails are failing. Once that working you should remove the rua as stated in the email.

you still have the rua tag by mxlookup. after removing the tag it can take a day or 2 before the emails stop (due to the dns cache system).

Ok, I see a different domain for rua, it maybe the cached dns.
Unless he is getting the ruf emails, have you checked the report for failures?

system · October 11, 2024, 10:10pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.