DKIM (Thank u to the team !) but DMARC ?

atec666

Member
Mar 8, 2019
136
4
18
Issoire
hello,

How to implement DMARC with PMG ?
I put a DMARC record in my DNS TXT record , is it enought ?
or must i change something on pmg ?

Thank you,

Note : always Gmail and Outlook blocking my mail, what the hell !
 
Last edited:
DKIM is signing messages, SPF is providing a list of "allowed" mail servers to send mails on your domains behalf. DMARC helps you to enforce your settings by getting informed on any misuse and providing guidance on how to handle mails with invalid/missing DKIM signature and violating your SPF policy.

If your messages get blocked by Google and Microsoft, you may check, if your SPF policy is correct (may be the primary problem) or if you have issues with your DKIM signing. There are tools to check SPF, DKIM and DMARC as well. There are also recipient boxes to validate, if your settings look valid. Final checkpoint is using this: https://www.sparkpost.com/email-tools/authentication-checker/
 
DKIM is signing messages, SPF is providing a list of "allowed" mail servers to send mails on your domains behalf. DMARC helps you to enforce your settings by getting informed on any misuse and providing guidance on how to handle mails with invalid/missing DKIM signature and violating your SPF policy.

If your messages get blocked by Google and Microsoft, you may check, if your SPF policy is correct (may be the primary problem) or if you have issues with your DKIM signing. There are tools to check SPF, DKIM and DMARC as well. There are also recipient boxes to validate, if your settings look valid. Final checkpoint is using this: https://www.sparkpost.com/email-tools/authentication-checker/
ehlo,

Everything seems to working fine with spf, dkim (now in PMG : GOOd !) ... but no DMARC in PMG WebGui ... i put it on my DNS record : and it seems to be ok.
The question is : must i do something in PMG for DMARC (apt install opendmarc etc) ? (i think no because when testing with this tool : everything seem toi be fine)

Is it for beoing sure. ;-)
 
  • Like
Reactions: peterson.io
ehlo,

Everything seems to working fine with spf, dkim (now in PMG : GOOd !) ... but no DMARC in PMG WebGui ... i put it on my DNS record : and it seems to be ok.
The question is : must i do something in PMG for DMARC (apt install opendmarc etc) ? (i think no because when testing with this tool : everything seem toi be fine)

Is it for beoing sure. ;-)

For outgoing mails you don’t need to do anything extra, DMARC is a DNS thing, so Proxmox can’t add to the GUI (beside maybe an explanation what to do, but that’s somehow overkill). For inside checking DMARC is somehow implemented in SpamAsssassin by checking for SPF and DKIM. If you also want your postfix to check and directly react on DMARC you may install and configure (manually, your way) opendmarc or you may open a feature request for Proxmox to add to PMG. Somehow same as SPF, I myself won’t use that module because of too much possible false positives because of worse administered SPF records and many issues with DKIM (nice but useless).
 
  • Like
Reactions: peterson.io
For outgoing mails you don’t need to do anything extra, DMARC is a DNS thing, so Proxmox can’t add to the GUI (beside maybe an explanation what to do, but that’s somehow overkill). For inside checking DMARC is somehow implemented in SpamAsssassin by checking for SPF and DKIM. If you also want your postfix to check and directly react on DMARC you may install and configure (manually, your way) opendmarc or you may open a feature request for Proxmox to add to PMG. Somehow same as SPF, I myself won’t use that module because of too much possible false positives because of worse administered SPF records and many issues with DKIM (nice but useless).
lol.
Somehow same as SPF, I myself won’t use that module because of too much possible false positives because of worse administered SPF records and many issues with DKIM (nice but useless).

Without SPF & DKIM , you can't speak with google mailer etc ...
 
lol.


Without SPF & DKIM , you can't speak with google mailer etc ...

DKIM is broken by design, SPF as well. SRS is not always implemented, ARC (to fix problems with DMARC) is much less implemented.

I can send mails to Google Mail Abuse address about all the well SPF approved and DKIM signed DMARC valid spam I get from them without using SPF and DKIM or DMARC on my corporate accounts (it's just enabled as well as DANE on my private playground). ^^
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!