[opendmarc-users] Implementation and Testing - Domains are Failing that shouldn't

Birta Levente blevi.linux at gmail.com
Sun Aug 25 23:17:21 PDT 2013 

On 24/08/2013 18:51, Mark D. Montgomery II wrote:
> I'm trying to start my implementation of DMARC checking for incoming
> mail and am not sure everything is quite right.
>
> When mail comes in it seems to pass through SPF and DKIM properly.
> It appears to be passing through opendmarc properly as well, but I'm
> having a couple issues.
>
> 1.  The SoftwareHeader is missing (I noticed this seems to be a known
> issue from looking at the last couple months of list archives).
> 2.  Domains that it seems SHOULD be actually passing DMARC are failing -
> amazon, twitter, etc., so I'm not sure if something is wrong with my
> implementation or what.
>
> Any help is appreciated.
>
> Thanks.
>
> Mark II
>
>
>
> Postfix Configuration:
>
> main.cf
> #8891 = OpenDKIM
> #8893 = OpenDMARC
> smtpd_milters     = inet:localhost:8891
>                      inet:localhost:8893
> non_smtpd_milters = inet:localhost:8891
>                      inet:localhost:8893
> master.cf
> policyd-spf  unix  -       n       n       -       0       spawn
>                     user=nobody argv=/usr/bin/policyd-spf
>
>
> Amazon Email Headers:
>
> Return-Path:
> <20130823170937173cfcb1ddc9407fbe60a5a241c24219-C2A29PYAN0232S at bounces.amazon.com>
>
> X-Original-To: techiem2 at techiem2.net
> Delivered-To: techiem2 at techiem2.net
> Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
> client-ip=54.240.15.191; helo=a15-191.smtp-out.amazonses.com;
> envelope-from=20130823170937173cfcb1ddc9407fbe60a5a241c24219-c2a29pyan0232s at bounces.amazon.com;
> receiver=techiem2 at techiem2.net
> Authentication-Results: li235-115; dmarc=fail header.from=amazon.com
> Received: from a15-191.smtp-out.amazonses.com
> (a15-191.smtp-out.amazonses.com [54.240.15.191])
>      by techiem2.net (Postfix) with ESMTP id 70C1374CD5
>      for <techiem2 at techiem2.net>; Fri, 23 Aug 2013 13:09:38 -0400 (EDT)
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
>      s=taugkdi5ljtmsua4uibbmo5mda3r2q3v; d=amazon.com; t=1377277777;
>      h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
>      bh=Z+5fRLeDIYUS7TpEC8TNHt6Qriv3tFzQ45ltZgp6zNM=;
>      b=JftSasOAwESBqlPYCpinkqh6sKgGEFu+CljDdWgrJhUBGThRaF5Q2sF4Oi3Tm7lH
>      pMfLrNEJuivTYAiU7Rg92vnvpXJRkLi69nIR/pxHU8/nQcUhKpsrByT9ybbTqZPWY0T
>      PLYqWr5CG/z34MHKNucHXbiGUnqYZYr+ZS59wodg=
> Date: Fri, 23 Aug 2013 17:09:37 +0000
> From: "Amazon.com" <store-news at amazon.com>
> To: "techiem2 at techiem2.net" <techiem2 at techiem2.net>
> Message-ID:
> <00000140ac27163f-ecf29020-5b53-4be1-8264-82adbe79e45e-000000 at email.amazonses.com>
>

Authentication-Results header from SPF and DKIM checking is missing. So 
I guess thats why dmarc fail.
DMARC is decided based on SPF and DKIM Authentication-Results header.


Levi



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3889 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20130826/6a91656b/attachment.bin>

More information about the opendmarc-users mailing list