[opendmarc-users] OpenDMARC useless with Postfix
Murray S. Kucherawy
msk at blackops.org
Thu Sep 18 19:57:55 PDT 2014
On Thu, 18 Sep 2014, Urban Loesch wrote:
> Postfix does not pass the first header line to the milter, but it passes
> all other header lines inserted by milters to the milters they came after.
>
> This seems a normal behaviour according to sendmail milter specification. I
> read about it some weeks ago as I had the same problem. But can't find the
> link anymore.
If you're talking about the Received field that's added by the receiving
MTA, it's not passed to filters because it's added to the message after
all the filters have seen the message. This is because, when milter was
added to sendmail, milter processing came before the place in the code
where that field was added. Postfix is simply doing what sendmail does so
that filters get the same behaviour in either environment.
OpenDMARC was built at first to consume Authentication-Results fields
rather than do its own verifications because there are already such
feature-rich DKIM and SPF implementations that repeating all that work
inside OpenDMARC seemed (and, to me, still seems) rather silly. At this
point would actually be easier code-wise to add DMARC to OpenDKIM than add
DKIM to OpenDMARC, unless the DKIM support is extremely rudimentary (as is
the new SPF support).
At any rate, after all this time, this is the first report that OpenDMARC
is "useless". Several sites (including at least one very big one) have
been running it paired with separate SPF and DKIM filters for some time
and it appears to be working fine. I'm happy to hear about how your setup
is different and figure out how to get it working for you, but calling it
useless isn't really very believable to me.
-MSK
More information about the opendmarc-users
mailing list