[opendmarc-users] OpenDMARC 1.3 and self SPF Check

[Scott Kitterman]

On August 12, 2014 11:57:25 AM EDT, Urban Loesch <bind at enas.net> wrote:
>
>
>Am 12.08.2014 15:07, schrieb Urban Loesch:
>> 
>> Hi
>> 
>> Am 12.08.2014 14:19, schrieb A. Schulze:
>>>
>>> Urban Loesch:
>>>
>>>> But this doesn't seem to work. If I set both options to "true"
>there will no DNS query be made for checking the SPF TXT records.
>>>>
>>>> Could this be a bug or do I miss something?
>>> it's possible that the implementation isn't perfect for now.
>>>
>>> I run opendmarc in the same configuration and get mostly good
>results.
>>> OK, I did not check which DNS queries opendmarc trigger when
>checking SPF
>>> but for me it work. There are some issues on IPv6 (
>http://sf.net/p/opendmarc/tickets/95/ )
>>>
>>> Andreas
>> 
>> I disabled ipv6. But no solution. Always the same problem.
>> I did more debugging and activated my querylog on my resolver and I
>made a tcpdump.
>> 
>> I see only the queries for the "_dmarc.domain.com" records.
>> Not for the spf records...
>> 
>> If you say it works for you, may be it's a problem with libspf2 in
>Debian.
>> 
>
>> The two of you have different configurations.  He's using the
>internal SPF code, not libspf2.
>>
>> Libspf2 itself works, so it's either a configuration issue or
>something in the integration code.
>>
>> Scott K
>
>But, how can I check which code is used? libspf2 or the internal one?
>Are the some debugging option in opendmarc not documented? I can't find
>something
>and the verbos output is not very informational.
>
>My config doesn't look very complicated:
>
>-- Begin --
>HistoryFile /var/tmp/dmarc.dat
>RejectFailures true
>SoftwareHeader true
>Syslog true
>UMask 0111
>Socket inet:8892
>SPFSelfValidate true
>SPFIgnoreResults true
>-- End --
>
>As I just said. With this options opemdmarc does not made any spf
>related dns query to my resolver.

If you're using my Debian package, you're using libspf2. 

Scott K