[opendmarc-users] debugging dmarc=fail

Murray S. Kucherawy msk at blackops.org
Fri Mar 22 15:16:27 PDT 2013 

On Fri, 22 Mar 2013, Chris Meidinger wrote:
>> What is the order of filters you've specified in your sendmail 
>> configuration?  opendmarc has to come after opendkim and your SPF 
>> filter in order for it to see their results.
>
> O InputMailFilters=rate-control, dkims-filter, dkimv-filter, 
> mailstream-manager, opendmarc
>
> mailstream manager is checking SPF and synthesizing the header, which 
> looks OK in testing.
>
> Even if I had the order wrong, it seems to me that the following message 
> should pass. Perhaps I'm not understanding what is required?
>
> [root at dmz205 ~]# grep Auth source.mime
> Authentication-results: dmz205.smi-training.net/r2LLHm1Y003650; spf=pass
> Authentication-results: dmz205.smi-training.net; dkim=pass (1024-bit key)

Is AuthservIDWithJobID enabled?  What's the "header.d" value associated 
with the second line?

> [root at dmz205 ~]# opendmarc -c /etc/mail/opendmarc.conf -t source.mime -vv
> opendmarc: mlfi_connect() returned SMFIS_CONTINUE
> opendmarc: source.mime: mlfi_envfrom() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 1: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 2: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 6: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 7: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 8: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 10: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 11: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 18: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 19: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 20: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 21: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 22: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 23: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 24: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 25: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: source.mime: line 26: mlfi_header() returned SMFIS_CONTINUE
> ### INSHEADER: idx=1 hname='Authentication-Results' hvalue='dmz205.smi-training.net/DEBUG-i; dmarc=fail header.from=dmz205.smi-training.net'
> opendmarc: source.mime: mlfi_eom() returned SMFIS_CONTINUE
> opendmarc: mlfi_close() returned SMFIS_CONTINUE
>
> Is there any type of debug where I can see exactly what opendmarc didn't 
> like?

No, but it looks like we need to add some.

Can you send me (offlist if you like) your sample message and 
configuration?

-MSK

More information about the opendmarc-users mailing list