[opendmarc-users] Implementation and Testing - Domains are Failing that shouldn't
Scott Kitterman
sklist at kitterman.com
Fri Aug 30 13:14:40 PDT 2013
On Friday, August 30, 2013 16:06:09 Mark D. Montgomery II wrote:
> Not enough information to check signature validity. Show Details
> Here we go again. :P
> I removed the duplicate lines and the configurations pointing to
> policyd_spf (from main.conf and master.conf) since smf-spf should be
> handling all that for incoming mail.
> I removed piping outgoing mail through smf-spf.
> I downloaded the raw public suffix list and added the PublicSuffixList
> option to opendmarc pointing at the file.
>
> http://paste.techiem2.net/aAlqxWQS
>
> Line 83 concerns me.
Authentication-Results: techiem2.net; spf=pass smtp.mailfrom=<>
smtp.helo=signing-milter.org
Aug 30 15:43:35 li235-115 opendmarc[32195]: 15CBD748DF: can't parse validated
SPF address <<>>
I think opendmarc is right to not accept <>. The SPF pass is based on the
HELO identity. I think it would be more correct to report this as:
Authentication-Results: techiem2.net; spf=pass
smtp.mailfrom=<postmaster at signing-milter.org>
That aside, I do believe there's an issue with opendmarc consuming SPF A-R
(and Received-SPF) header fields that I'm waiting to hear back from Murray on,
so fixing that may not be enough.
Scott K
More information about the opendmarc-users
mailing list