[opendmarc-users] opendmarc not detecting SMTP auth

Dan Mahoney, System Admin danm at prime.gushi.org
Tue Sep 2 16:57:44 PDT 2014 

On Tue, 2 Sep 2014, Dan Mahoney, System Admin wrote:

Also, meta: Are question like this better asked on -DEV?

-Dan

> Hey all,
>
> Opendmarc 1.3.0 from ports with builtin libspf.  Sendmail 8.14.5.
>
> What I believe I have happening is a user talking directly to port 25 on my 
> system.  They're doing SMTP auth, so this is valid, per the spec (i.e. they 
> should not have to be forced to switch to port 587).  Because it's the MTA, I 
> can't take opendmarc out of the path like I'd be able to do with the MSA.
>
> Their mail gets detected and signed by domainkeys/opendkim.  Other milters 
> (like milter-greylist) seem to have been able to detect that this user did 
> SMTP auth.
>
> Naturally, I have set:
>
> ##  IgnoreAuthenticatedClients { true | false }
> ##      default "false"
> ##
> ##  If set, causes mail from authenticated clients (i.e., those that used
> ##  SMTP AUTH) to be ignored by the filter.
> #
> IgnoreAuthenticatedClients true
>
> But OpenDMARC seems to not be ignoring.  (I don't know the semantics of how 
> this works -- if the mta passes the authenticated bit along as part of the 
> milter interface, or if opendmarc just scans the header).
>
> I'll note as well that it would be nice if the milter could include the 
> "Received" headers, if it has access to them.
>
> %grep 96339 /var/log/maillog
> Sep  2 12:25:56 <mail.info> prime sm-mta[96339]: AUTH=server, 
> relay=cpe-70-117-105-120.austin.res.rr.com [70.117.105.120], authid=arania, 
> mech=PLAIN, bits=0
> Sep  2 12:25:59 <mail.info> prime sm-mta[96339]: s82JPtsR096339: 
> from=<arania at kamiki.net>, size=2352500, class=0, nrcpts=1, 
> msgid=<540619B4.4080307 at kamiki.net>, proto=ESMTP, daemon=MTA, 
> relay=cpe-70-117-105-120.austin.res.rr.com [70.117.105.120]
> Sep  2 12:25:59 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: DomainKey-Signature:  a=rsa-sha1; s=primegushiorg; 
> d=kamiki.net; c=nofws; 
> q=dns;\n\th=message-id:date:from:user-agent:mime-version:to:subject:\n\treferences:in-reply-to:content-type;\n\tb=DCJtBQGxyp4yCMC52BeK5Q+cFELeQIgLJaq/VjqTK2pb/nwo4wmX1941fMKjKdzUN\n\tQ9bz8A5sSH8hBil2ex64g==
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: X-DomainKeys:  Sendmail DomainKeys Filter v1.0.2 
> prime.gushi.org s82JPtsR096339
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/relaxed; 
> d=kamiki.net;\n\ts=prime2014; 
> t=1409685838;\n\tbh=pmw/OSTQ1NrqXrE44BZGduuztBu5xegscmRz7lqgFko=;\n\th=Date:From:To:Subject:References:In-Reply-To;\n\tz=Date:=20Tue,=2002=20Sep=202014=2014:25:40=20-0500|From:=20Art=20b\n\t 
> y=20Arania=20<arania at kamiki.net>|To:=20thomas.l.jennings at gmail.com\n\t 
> |Subject:=20Arania=20July=202012=20Donation=20Art|References:=20<1\n\t 
> 409685493.31173 at paypal.com>|In-Reply-To:=20<1409685493.31173 at paypa\n\t 
> l.com>;\n\tb=scH2v2XWI/0TbzFwNCLOUYmhIIUkf/c+LiHUlBtqbIltCq272Yxg84rG3D+OZ20Dg\n\t 
> eEMk6S5VKXBKC4FIAW2XLtEdJfzImhO/DJi1wvgRT6xv8zKjtqVkWagKLrTJaQf4WN\n\t 
> FZqrkH94zXnZwKGRyBCowhTu6+yrkiLrkhvID0QCiApc1WceDuSKUp/jS4tDu2Ib1b\n\t 
> 0oLFBOTbFrW7j4TwG0ahvMOMV+7zFLVtKiJdYO/Abuwc2umIg+nPqT0jUuREdvZFW1\n\t 
> 4mSqgTOupFrnbGC8qgulBMSAMdN6Zjp4BmBoYomsX1j0D9kB1qOgGmw9MO77utpCkc\n\t 
> AuIPPupyHBrCQ==
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: DKIM-Filter:  OpenDKIM Filter v2.9.2 prime.gushi.org 
> s82JPtsR096339
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: Authentication-Results: prime.gushi.org; spf=pass 
> smtp.mailfrom=arania at kamiki.net
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: Authentication-Results: prime.gushi.org; dmarc=fail 
> header.from=kamiki.net
> Sep  2 12:26:00 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter 
> insert (1): header: DMARC-Filter: OpenDMARC Filter v1.3.0 prime.gushi.org 
> s82JPtsR096339
> Sep  2 12:26:01 <mail.info> prime sm-mta[96339]: s82JPtsR096339: Milter add: 
> header: X-Greylist: Sender succeeded SMTP AUTH, not delayed by 
> milter-greylist-4.4.3 (prime.gushi.org [149.20.61.42]); Tue, 02 Sep 2014 
> 19:23:59 +0000 (UTC)
> Sep  2 12:26:08 <mail.info> prime sm-mta[96342]: s82JPtsR096339: 
> to=<thomas.l.jennings at gmail.com>, ctladdr=<arania at kamiki.net> (6912/6914), 
> delay=00:00:11, xdelay=00:00:07, mailer=esmtp, pri=2382500, 
> relay=gmail-smtp-in.l.google.com. [IPv6:2a00:1450:400c:c00::1b], dsn=2.0.0, 
> stat=Sent (OK 1409685968 k19si2464007wic.39 - gsmtp)
>
> And then, one report, generated by my own opendmarc (for the same message)
>
> Feedback-Type: auth-failure
> Version: 1
> User-Agent: OpenDMARC-Filter/1.3.0
> Auth-Failure: dmarc
> Authentication-Results: prime.gushi.org; dmarc=fail header.from=kamiki.net
> Original-Envelope-Id: s82JPtsR096339
> Original-Mail-From: arania at kamiki.net
> Source-IP: 70.117.105.120
> Reported-Domain: kamiki.net
>
> DKIM-Filter: OpenDKIM Filter v2.9.2 prime.gushi.org s82JPtsR096339
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kamiki.net;
> 	s=prime2014; t=1409685838;
> 	bh=pmw/OSTQ1NrqXrE44BZGduuztBu5xegscmRz7lqgFko=;
> 	h=Date:From:To:Subject:References:In-Reply-To;
> 	z=Date:=20Tue,=2002=20Sep=202014=2014:25:40=20-0500|From:=20Art=20b
> 	 y=20Arania=20<arania at kamiki.net>|To:=20thomas.l.jennings at gmail.com
> 	 |Subject:=20Arania=20July=202012=20Donation=20Art|References:=20<1
> 	 409685493.31173 at paypal.com>|In-Reply-To:=20<1409685493.31173 at paypa
> 	 l.com>;
> 	b=scH2v2XWI/0TbzFwNCLOUYmhIIUkf/c+LiHUlBtqbIltCq272Yxg84rG3D+OZ20Dg
> 	 eEMk6S5VKXBKC4FIAW2XLtEdJfzImhO/DJi1wvgRT6xv8zKjtqVkWagKLrTJaQf4WN
> 	 FZqrkH94zXnZwKGRyBCowhTu6+yrkiLrkhvID0QCiApc1WceDuSKUp/jS4tDu2Ib1b
> 	 0oLFBOTbFrW7j4TwG0ahvMOMV+7zFLVtKiJdYO/Abuwc2umIg+nPqT0jUuREdvZFW1
> 	 4mSqgTOupFrnbGC8qgulBMSAMdN6Zjp4BmBoYomsX1j0D9kB1qOgGmw9MO77utpCkc
> 	 AuIPPupyHBrCQ==
> X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 prime.gushi.org 
> s82JPtsR096339
> DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=kamiki.net; c=nofws; 
> q=dns;
> 	h=message-id:date:from:user-agent:mime-version:to:subject:
> 	references:in-reply-to:content-type;
> 	b=DCJtBQGxyp4yCMC52BeK5Q+cFELeQIgLJaq/VjqTK2pb/nwo4wmX1941fMKjKdzUN
> 	Q9bz8A5sSH8hBil2ex64g==
> Message-ID: <540619B4.4080307 at kamiki.net>
> Date: Tue, 02 Sep 2014 14:25:40 -0500
> From: Art by Arania <arania at kamiki.net>
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 
> Thunderbird/24.6.0
> MIME-Version: 1.0
> To: thomas.l.jennings at gmail.com
> Subject: Arania July 2012 Donation Art
> References: <1409685493.31173 at paypal.com>
> In-Reply-To: <1409685493.31173 at paypal.com>
> Content-Type: multipart/mixed;
> boundary="------------040002030005000206050509"
>
>

-- 

"If you need web space, give him a hard drive.  If you need to do something really heavy, build him a computer."

-Ilzarion, late friday night

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

More information about the opendmarc-users mailing list