[opendmarc-users] pypolicyd-spf integration

Cristian Mammoli c.mammoli at apra.it
Tue Mar 25 07:09:05 PDT 2014 

Sorry for the noise, but I can't really find a way to make opendmarc 
work with pypolicyd-spf...
Before updating to 1.2.0 opendmarc reported fail even if running from 
command line with -t parameters.

Tha was caused by bug #58 ("smtp.mailfrom" part of an 
Authentication-Results field might contain only a domain name. Problem 
noted by Scott Kitterman.)


sample test message:

Return-Path: <c.mammoli at apra.it>
Delivered-To: admin at bzone.it
Authentication-Results: mail.bzone.it; spf=pass (sender SPF authorized) 
smtp.mailfrom=apra.it (client-ip=89.97.236.28; helo=mail.apra.it; 
envelope-from=c.mammoli at apra.it; receiver=admin at bzone.it)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.1 at mail.bzone.it
Authentication-Results: mail.bzone.it; dkim=pass
         reason="1024-bit key; unprotected key"
         header.d=apra.it header.i=@apra.it header.b=N6T0R0ue; 
dkim-adsp=pass
Received: from mail.apra.it (mail.apra.it [89.97.236.28])
         by mail.bzone.it (Postfix) with SMTP id 827F714C0213
         for <admin at bzone.it>; Tue, 25 Mar 2014 12:28:25 +0100 (CET)
Received: (qmail 8961 invoked by uid 453); 25 Mar 2014 11:28:25 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=apra.it; 
h=received:from:subject:date:message-id; s=default; 
bh=7uqDQo3EVTnDX6HK/OlpR/tasWM=; 
b=N6T0R0ueVD3hbFreZMf/JAclQpTH9e4LkxuzqDsqb02FBxk9Py2a9qj50tmhEwaMsPjAFuPkEbh3NZf7QjFwDfEl6jjnN6lf1xPWce0548wZJrhEE2GKWxvz++VGZTqVaXk+8TBUMyDOFnqcRIItYzJZ6vGL3kqMz43h2/y/Ihw=
Received: from Unknown (HELO nb-mammoli.apra.it) (192.168.3.9)
     by apra.it (qpsmtpd/0.84) with ESMTP; Tue, 25 Mar 2014 12:28:25 +0100
Date: Tue, 25 Mar 2014 12:28:25 +0100
To: admin at bzone.it
From: c.mammoli at apra.it
Subject: test Tue, 25 Mar 2014 12:28:25 +0100
X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
X-Virus-Checked: Checked by ClamAV on apra.it
X-Spam-Status: No, score=-0.1 required=8.0 tests=AWL,DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,MISSING_MID,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,UNPARSEABLE_RELAY
         shortcircuit=no autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.bzone.it


[root at mail ~]# opendmarc -t test4 -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: test4: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: test4: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 3: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 5: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 6: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 9: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 12: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 13: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 14: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 16: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 17: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 18: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 19: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 20: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 21: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 22: mlfi_header() returned SMFIS_CONTINUE
opendmarc: test4: line 25: mlfi_header() returned SMFIS_CONTINUE
### INSHEADER: idx=1 hname='Authentication-Results' 
hvalue='mail.bzone.it; dmarc=pass header.from=apra.it'
opendmarc: test4: mlfi_eom() returned SMFIS_ACCEPT
opendmarc: mlfi_close() returned SMFIS_CONTINUE

Relevant line in opendmarc.dat:

job DEBUG-i
reporter DEBUG-j
received 1395756212
ipaddr 127.0.0.1
from apra.it
mfrom example.org
spf 0
dkim apra.it 0
pdomain apra.it
policy 15
rua -
pct 100
adkim 115
aspf 115
p 114
sp 114
align_dkim 4
align_spf 4
action 2

But all the mail that pass through postfix result in "spf -1"...

smtpd_recipient_restrictions =
         ...
  check_policy_service unix:private/policyd-spf,
         ...

smtpd_milters = inet:localhost:8891,
   inet:localhost:8893,
   unix:/var/run/clamav/clamav-milter.sock,
   unix:/var/run/spamass-milter/postfix/sock

Where 8891 is opendkim milter and 8893 os opendmarc milter

I even opened a bug report on the pypolicyd-spf project page, I really 
can't understand where is the problem

Thanks

More information about the opendmarc-users mailing list