[opendmarc-users] OpenDMARC 1.3.0 Beta0 available

Tue Jun 17 17:30:38 PDT 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jose (& list),

First, just to be clear, I'm now running v1.3.0 beta 2. Thanks Todd
for the packages.

I had enabled SPFIgnoreResults first, but then opendmarc-importstats
cron job sent me this warning email after its first attempted db
importation from the history file:

opendmarc-import: failed to insert message: Column 'spf' cannot be null

I disabled the SPF feature(s) and then it continued on importing fine
with no errors. I then realized that when I updated to the 1.3.0 beta
2 version, I never re-ran the mysql schema file (my original db setup
was done using the v1.2.0 db schema file), in case there were any db
changes. so I did that but have yet to re-enable any of the spf
features. Is there an issue with the import script or was it my lack
of db schema upgrade that could have caused that?

Another issue I noticed with v1.3.0 beta 2; last night i had scheduled
via cron the opendmarc-reports script. It ran and seems to have sent
out aggregate reports but I noticed some oddities:

1.> i received an email from cron stating:
Use of uninitialized value $now in concatenation (.) or string at
/usr/sbin/opendmarc-reports line 846.

This message was repeated numerous times (I assume once for every
message sent out). I do believe the messages were sent because I can
see them in my maillog going out and in my opendmarc db, the "last
sent" time stamps were updated in the requests table. But why the errors?

2.> i did say that the aggregate report msgs appeared to have been
sent but my logs stated something peculiar; the 'from=' email address
was stated as "dmarc-reports at linode.com". My email server is a Linode
VPS and my from email account name is supposed to be 'dmarc-reports@'
BUT my server's FQDN is mail.garden-lan.com, and I had intended for my
aggregate email reports to come from 'dmarc-reports at garden-lan.com'.
Where the heck did the opendmarc-reports script get '@linode.com'
from? The script user settings contain:

my $repdom       = hostdomain();
my $repemail     = "dmarc-reports@" . $repdom;

So I guess an extension of my question is how exactly does it
determine the domain?

Or did I make a mistake and not fill that in correctly and was
actually supposed to specify my domain in there somewhere? And as a
result of that omission, it pulled my VPS host provider's domain out
of the ether somehow.....? All of my DNS / reverse DNS records are
good so I'm not sure where the script got it from as of yet. One
possibility is my resolv.conf file:

options rotate
; generated by /sbin/dhclient-script
search members.linode.com garden-lan.com
nameserver...
nameserver...
nameserver....

Could that have been it or have something to do with it?

Thanks everyone for your help.

- - Fabian S.

On 6/17/2014 4:05 AM, José Ferreira wrote:
> I think you are lookink for this
> 
> ##  SPFSelfValidate { true | false } ##      default false ## ##
> Causes the filter to perform a fallback SPF check itself when ##
> it can find no SPF results in the message header.  If
> SPFIgnoreResults ##  is also set, it never looks for SPF results in
> headers and ##  always performs the SPF check itself when this is
> set. # # SPFSelfValidate false
> 
> 
> 
> José Borges Ferreira Solutions Architect |  AnubisNetworks
> 
> Mobile : +351 91 950 2037 Email  : jose.ferreira at anubisnetworks.com
> 
> 
> ----- Original Message -----
>> From: "Fabian Santiago" <fsantiago at garden-life.org> To: "Todd
>> Lyons" <tlyons at ivenue.com> Cc: "opendmarc-users"
>> <opendmarc-users at trusteddomain.org> Sent: Monday, June 16, 2014
>> 10:15:03 PM Subject: Re: [opendmarc-users] OpenDMARC 1.3.0 Beta0
>> available
>> 
>> Thank you Todd. Deployed.
>> 
>> Question; is there any + or - to allowing opendmarc to perform
>> its own SPF verification?
>> 
>> - Fabian
>> 
>> 
>> ---
>> 
>> Sincerely,
>> 
>> - Fabian S.
>> 
>> On 2014-06-16 15:25, Todd Lyons wrote:
>>> On Sun, Jun 15, 2014 at 5:44 PM, Fabian Santiago 
>>> <fsantiago at garden-life.org> wrote:
>>>> 
>>>> Do your opendmarc 1.3.0 beta rpm packages include the
>>>> opendmarc-tools stuff? Thanks. I want to try out the latest
>>>> opendmarc beta version but was looking for it in RPM form for
>>>> centos 6.x x86_64.
>>> 
>>> If his don't, my packaging does split them out into seperate
>>> packages:
>>> 
>>> http://downloads.mrball.net/Linux/CentOS/6/
>>> 
>>> I don't make yum repo files, but it's trivial for you to
>>> download the packages and install them yourself.
>>> 
>>> ...Todd
>> _______________________________________________ opendmarc-users
>> mailing list opendmarc-users at trusteddomain.org 
>> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
>> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJToN2uAAoJEGM8afP5SipJZKsH/3zScfDaYRZHc7f/hgb0Ojon
ghkwn1LCblDy9G4J26mJYYiDALgDZmULLWQTx2Zrg/6HcvmX21494ZByZcsgT4Kt
GcmSHic0QajeT6pWWCETySxVKNnnMd9hgupah3+/QYyOsFOiJ5gCcE2CYfnjjEeG
sfTjcQAnf7wcm9mMq3xz+ltdmhf+U0xZyj/Jy00btxiT1eePaqTIpx8zYCKZ6QQn
Gj14upDIuOfG5gsvLVzwsld4/Vguj9Vf3OvyAU7BLvDliB+K+w8e08h3pc9tUqir
Cy4lOv9PnFa08t2wG3nsPr1KcM8XmYUcdn5FTXbKQW6WUbECd29HufyqFLXpI/I=
=XXZA
-----END PGP SIGNATURE-----