[opendmarc-users] opendmarc not detecting SMTP auth

Dan Mahoney, System Admin danm at prime.gushi.org
Tue Sep 2 14:57:15 PDT 2014 

Hey all,

Opendmarc 1.3.0 from ports with builtin libspf.  Sendmail 8.14.5.

What I believe I have happening is a user talking directly to port 25 on 
my system.  They're doing SMTP auth, so this is valid, per the spec (i.e. 
they should not have to be forced to switch to port 587).  Because it's 
the MTA, I can't take opendmarc out of the path like I'd be able to do 
with the MSA.

Their mail gets detected and signed by domainkeys/opendkim.  Other milters 
(like milter-greylist) seem to have been able to detect that this user did 
SMTP auth.

Naturally, I have set:

##  IgnoreAuthenticatedClients { true | false }
##      default "false"
##
##  If set, causes mail from authenticated clients (i.e., those that used
##  SMTP AUTH) to be ignored by the filter.
#
IgnoreAuthenticatedClients true

But OpenDMARC seems to not be ignoring.  (I don't know the semantics of 
how this works -- if the mta passes the authenticated bit along as part of 
the milter interface, or if opendmarc just scans the header).

I'll note as well that it would be nice if the milter could include the 
"Received" headers, if it has access to them.

%grep 96339 /var/log/maillog
Sep  2 12:25:56 <mail.info> prime sm-mta[96339]: AUTH=server, 
relay=cpe-70-117-105-120.austin.res.rr.com [70.117.105.120], 
authid=arania, mech=PLAIN, bits=0
Sep  2 12:25:59 <mail.info> prime sm-mta[96339]: s82JPtsR096339: 
from=<arania at kamiki.net>, size=2352500, class=0, nrcpts=1, 
msgid=<540619B4.4080307 at kamiki.net>, proto=ESMTP, daemon=MTA, 
relay=cpe-70-117-105-120.austin.res.rr.com [70.117.105.120]
Sep  2 12:25:59 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: DomainKey-Signature:  a=rsa-sha1; s=primegushiorg; 
d=kamiki.net; c=nofws; 
q=dns;\n\th=message-id:date:from:user-agent:mime-version:to:subject:\n\treferences:in-reply-to:content-type;\n\tb=DCJtBQGxyp4yCMC52BeK5Q+cFELeQIgLJaq/VjqTK2pb/nwo4wmX1941fMKjKdzUN\n\tQ9bz8A5sSH8hBil2ex64g==
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: X-DomainKeys:  Sendmail DomainKeys Filter v1.0.2 
prime.gushi.org s82JPtsR096339
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=kamiki.net;\n\ts=prime2014; 
t=1409685838;\n\tbh=pmw/OSTQ1NrqXrE44BZGduuztBu5xegscmRz7lqgFko=;\n\th=Date:From:To:Subject:References:In-Reply-To;\n\tz=Date:=20Tue,=2002=20Sep=202014=2014:25:40=20-0500|From:=20Art=20b\n\t 
y=20Arania=20<arania at kamiki.net>|To:=20thomas.l.jennings at gmail.com\n\t 
|Subject:=20Arania=20July=202012=20Donation=20Art|References:=20<1\n\t 
409685493.31173 at paypal.com>|In-Reply-To:=20<1409685493.31173 at paypa\n\t 
l.com>;\n\tb=scH2v2XWI/0TbzFwNCLOUYmhIIUkf/c+LiHUlBtqbIltCq272Yxg84rG3D+OZ20Dg\n\t 
eEMk6S5VKXBKC4FIAW2XLtEdJfzImhO/DJi1wvgRT6xv8zKjtqVkWagKLrTJaQf4WN\n\t 
FZqrkH94zXnZwKGRyBCowhTu6+yrkiLrkhvID0QCiApc1WceDuSKUp/jS4tDu2Ib1b\n\t 
0oLFBOTbFrW7j4TwG0ahvMOMV+7zFLVtKiJdYO/Abuwc2umIg+nPqT0jUuREdvZFW1\n\t 
4mSqgTOupFrnbGC8qgulBMSAMdN6Zjp4BmBoYomsX1j0D9kB1qOgGmw9MO77utpCkc\n\t 
AuIPPupyHBrCQ==
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: DKIM-Filter:  OpenDKIM Filter v2.9.2 prime.gushi.org 
s82JPtsR096339
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: Authentication-Results: prime.gushi.org; spf=pass 
smtp.mailfrom=arania at kamiki.net
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: Authentication-Results: prime.gushi.org; dmarc=fail 
header.from=kamiki.net
Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
insert (1): header: DMARC-Filter: OpenDMARC Filter v1.3.0 prime.gushi.org 
s82JPtsR096339
Sep  2 12:26:01 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
add: header: X-Greylist: Sender succeeded SMTP AUTH, not delayed by 
milter-greylist-4.4.3 (prime.gushi.org [149.20.61.42]); Tue, 02 Sep 2014 
19:23:59 +0000 (UTC)
Sep  2 12:26:08 <mail.info> prime sm-mta[96342]: s82JPtsR096339: 
to=<thomas.l.jennings at gmail.com>, ctladdr=<arania at kamiki.net> (6912/6914), 
delay=00:00:11, xdelay=00:00:07, mailer=esmtp, pri=2382500, 
relay=gmail-smtp-in.l.google.com. [IPv6:2a00:1450:400c:c00::1b], 
dsn=2.0.0, stat=Sent (OK 1409685968 k19si2464007wic.39 - gsmtp)

And then, one report, generated by my own opendmarc (for the same message)

Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.3.0
Auth-Failure: dmarc
Authentication-Results: prime.gushi.org; dmarc=fail header.from=kamiki.net
Original-Envelope-Id: s82JPtsR096339
Original-Mail-From: arania at kamiki.net
Source-IP: 70.117.105.120
Reported-Domain: kamiki.net

DKIM-Filter: OpenDKIM Filter v2.9.2 prime.gushi.org s82JPtsR096339
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kamiki.net;
 	s=prime2014; t=1409685838;
 	bh=pmw/OSTQ1NrqXrE44BZGduuztBu5xegscmRz7lqgFko=;
 	h=Date:From:To:Subject:References:In-Reply-To;
 	z=Date:=20Tue,=2002=20Sep=202014=2014:25:40=20-0500|From:=20Art=20b
 	 y=20Arania=20<arania at kamiki.net>|To:=20thomas.l.jennings at gmail.com
 	 |Subject:=20Arania=20July=202012=20Donation=20Art|References:=20<1
 	 409685493.31173 at paypal.com>|In-Reply-To:=20<1409685493.31173 at paypa
 	 l.com>;
 	b=scH2v2XWI/0TbzFwNCLOUYmhIIUkf/c+LiHUlBtqbIltCq272Yxg84rG3D+OZ20Dg
 	 eEMk6S5VKXBKC4FIAW2XLtEdJfzImhO/DJi1wvgRT6xv8zKjtqVkWagKLrTJaQf4WN
 	 FZqrkH94zXnZwKGRyBCowhTu6+yrkiLrkhvID0QCiApc1WceDuSKUp/jS4tDu2Ib1b
 	 0oLFBOTbFrW7j4TwG0ahvMOMV+7zFLVtKiJdYO/Abuwc2umIg+nPqT0jUuREdvZFW1
 	 4mSqgTOupFrnbGC8qgulBMSAMdN6Zjp4BmBoYomsX1j0D9kB1qOgGmw9MO77utpCkc
 	 AuIPPupyHBrCQ==
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 prime.gushi.org s82JPtsR096339
DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=kamiki.net; c=nofws; q=dns;
 	h=message-id:date:from:user-agent:mime-version:to:subject:
 	references:in-reply-to:content-type;
 	b=DCJtBQGxyp4yCMC52BeK5Q+cFELeQIgLJaq/VjqTK2pb/nwo4wmX1941fMKjKdzUN
 	Q9bz8A5sSH8hBil2ex64g==
Message-ID: <540619B4.4080307 at kamiki.net>
Date: Tue, 02 Sep 2014 14:25:40 -0500
From: Art by Arania <arania at kamiki.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: thomas.l.jennings at gmail.com
Subject: Arania July 2012 Donation Art
References: <1409685493.31173 at paypal.com>
In-Reply-To: <1409685493.31173 at paypal.com>
Content-Type: multipart/mixed;
  boundary="------------040002030005000206050509"

-- 


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

More information about the opendmarc-users mailing list