[opendmarc-users] OpenDMARC useless with Postfix

Murray S. Kucherawy msk at blackops.org
Thu Sep 18 19:57:55 PDT 2014


On Thu, 18 Sep 2014, Urban Loesch wrote:
> Postfix does not pass the first header line to the milter, but it passes
> all other header lines inserted by milters to the milters they came after.
>
> This seems a normal behaviour according to sendmail milter specification. I 
> read about it some weeks ago as I had the same problem. But can't find the 
> link anymore.

If you're talking about the Received field that's added by the receiving 
MTA, it's not passed to filters because it's added to the message after 
all the filters have seen the message.  This is because, when milter was 
added to sendmail, milter processing came before the place in the code 
where that field was added.  Postfix is simply doing what sendmail does so 
that filters get the same behaviour in either environment.

OpenDMARC was built at first to consume Authentication-Results fields 
rather than do its own verifications because there are already such 
feature-rich DKIM and SPF implementations that repeating all that work 
inside OpenDMARC seemed (and, to me, still seems) rather silly.  At this 
point would actually be easier code-wise to add DMARC to OpenDKIM than add 
DKIM to OpenDMARC, unless the DKIM support is extremely rudimentary (as is 
the new SPF support).

At any rate, after all this time, this is the first report that OpenDMARC 
is "useless".  Several sites (including at least one very big one) have 
been running it paired with separate SPF and DKIM filters for some time 
and it appears to be working fine.  I'm happy to hear about how your setup 
is different and figure out how to get it working for you, but calling it 
useless isn't really very believable to me.

-MSK


More information about the opendmarc-users mailing list