[opendmarc-users] Problem parsing headers added by enma

Cristian Mammoli c.mammoli at apra.it
Fri Nov 8 05:48:18 PST 2013


Hi, I'm using enma (http://enma.sourceforge.net/) to add authentication
  headers and after that opendmarc to check dmarc compliance.

Here are the headers added by enma and opendmarc:

Authentication-Results: mail.bzone.it; spf=pass smtp.mailfrom=c.mammoli at apra.it; sender-id=pass
          header.From=c.mammoli at apra.it; dkim=pass header.i=@apra.it; dkim-adsp=pass
          header.From=c.mammoli at apra.it
Authentication-Results: mail.bzone.it; dmarc=fail header.from=apra.it


And the relevant maillog lines:

Nov  8 14:32:37 mail enma[17807]: DKIM-Signature[1]: domain=apra.it, selector=default, pubkeyalg=rsa, digestalg=sha1, hdrcanon=relaxed, bodycanon=simple
Nov  8 14:32:37 mail enma[17807]: [EB19A14C017E] [SPF-auth] ipaddr=89.97.236.28, eval=smtp.mailfrom, helo=mail.apra.it, envfrom=<c.mammoli at apra.it>, score=pass
Nov  8 14:32:37 mail enma[17807]: [EB19A14C017E] [SIDF-auth] ipaddr=89.97.236.28, header.From=c.mammoli at apra.it, score=pass
Nov  8 14:32:37 mail enma[17807]: [EB19A14C017E] [DKIM-auth] header.i=@apra.it, score=pass
Nov  8 14:32:37 mail enma[17807]: [EB19A14C017E] [DKIM-ADSP-auth] header.From=c.mammoli at apra.it, score=pass
Nov  8 14:32:37 mail postfix/pickup[17622]: 2A60A14C0200: uid=489 from=<opendmarc>
Nov  8 14:32:37 mail opendmarc[11598]: EB19A14C017E: apra.it fail
On 08/11/2013 13:39, opendmarc-users-request at trusteddomain.org wrote:

As you can see opendmarc returns fail, even if all the checks in the Authentication-Results header are "pass".

If I use enma only for spf and opendkim to check dkim signatures
the dmarc check passes:

Headers added by opedkim+enma:
Authentication-Results: mail.bzone.it; spf=pass smtp.mailfrom=c.mammoli at apra.it; sender-id=pass
          header.From=c.mammoli at apra.it
Authentication-Results: mail.bzone.it; dmarc=pass header.from=apra.it
Authentication-Results: mail.bzone.it; dkim=pass
         reason="1024-bit key; unprotected key"
         header.d=apra.it header.i=@apra.it header.b=NCQz5XFI; dkim-adsp=pass


But with this configuration it seems that headers added from enma are ignored:
if I send an email from an host not listed in the spf records this is what happens:

Authentication-Results: mail.bzone.it; spf=hardfail smtp.mailfrom=c.mammoli at apra.it;
          sender-id=hardfail header.From=c.mammoli at apra.it
Authentication-Results: mail.bzone.it; dmarc=pass header.from=apra.it
Authentication-Results: mail.bzone.it; dkim=pass
         reason="1024-bit key; unprotected key"


Of course the milters are in the correct order (opendmarc last) and the
domain policy is reject:

[root at mail cur]# opendmarc-check apra.it
DMARC record for apra.it:
	Sample percentage: 100
	DKIM alignment: strict
	SPF alignment: strict
	Domain policy: reject
	Subdomain policy: reject
	Aggregate report URIs:
		mailto:527b6e6f6f at rep.dmarcanalyzer.com
	Forensic report URIs:
		mailto:527b6e6f6f at for.dmarcanalyzer.com





-- 
Cristian Mammoli
APRA SISTEMI srl
Via Brodolini,6 Jesi (AN)
tel dir. +390731719822

Web www.apra.it
e-mail c.mammoli at apra.it

###################################################
Potete aprire una richiesta tecnica anche dal sito

http://supporto.apra.it

oppure inviando una mail

supportotecnico at apra.it
####################################################


More information about the opendmarc-users mailing list