[opendmarc-users] Implementation and Testing - Domains are Failing that shouldn't
Mark D. Montgomery II
techiem2 at techiem2.net
Tue Aug 27 02:26:16 PDT 2013
Quoting Andreas Schulze <sca at andreasschulze.de>:
> Zitat von "Mark D. Montgomery II" <techiem2 at techiem2.net>:
>
>> 1. OpenDKIM was only set to s and not sv (oops).
>> 2. I didn't have an actual SPF Milter in place to test and add
>> headers etc. (oops again).
> that are two major steps to let opendmarc work as expected :-)
>
>> Now I'm just waiting for an email to come in with DMARC
> I have an autoresponder at <echo at signing-milter.org>
> It's responses are signed using s/mime and dkim as well,
> pass spf and therefore pass dmarc too.
>
Ok. I've tried your echo and looked at the headers from an amazon
mail that came in and from another list person that sent to me
directly and here's what I'm getting (using the echo):
Received-SPF: Pass (sender SPF authorized) identity=helo;
client-ip=84.200.211.109; helo=signing-milter.org; envelope-from=<>;
receiver=techiem2 at techiem2.net
Authentication-Results: li235-115; dmarc=none header.from=signing-milter.org
X-DKIM: OpenDKIM Filter v2.5.2 techiem2.net 6DB6D74828
Authentication-Results: techiem2.net; x-dkim-rep=neutral (0)
header.d=signing-milter.org
Authentication-Results: techiem2.net; dkim=pass (4096-bit key)
header.i=@signing-milter.org header.b=mL0oYkRg; dkim-adsp=pass
Authentication-Results: techiem2.net; spf=pass smtp.mailfrom=<>
smtp.helo=signing-m
So it is passing SPF and DKIM but I don't see any specific headers
about it passing DMARC (the first Auth header says dmarc=none, which
confuses me a bit).
> OT:
> I currently set spf -all for my domain.
> As the Listmanager break dkim to this mail is supposed to be placed
> in spamfolders :-(
Related to this, how do you guys generally configure your
SPF/DKIM/ADSP/DMARC fields?
I'm currently using
v=spf1 a mx ~all
_adsp._domainkey dkim=discardable;
_dmarc p=reject, sp=none (etc...)
As mentioned, this seems to cause odd things with lists since they
bounce things around.
Also, what do you set your incoming processing policies to?
I have policyd-spf set to:
Helo_reject = SPF_Not_Pass
Mail_From_reject = Fail
PermError_reject = False
TempError_defer = False
(so it should only reject on actual SPF failures)
OpenDMARC and smf-spf are currently not configured to do any rejecting.
(So I'm actually not sure at this point if I'm actually rejecting
anything or not..hah).
>
> Andreas
>
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
--
Mark D. Montgomery II
http://www.techiem2.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20130827/fb97c34a/attachment.pgp>
More information about the opendmarc-users
mailing list