[opendmarc-users] spf pass which I can't understand
Sistemisti Posta
sistemisti-posta at csi.it
Thu Dec 31 00:18:41 PST 2015
Hello opendmarc user,
I have a question about an spf pass that it shouldn't pass.
I sent a mail not DKIM signed with a server not allowed by SPF policy.
In particular I sent a mail with the envelope from <marco at libero.it>,
using an MSA that is not allowed by libero.it policy:
libero.it descriptive text "v=spf1 ip4:212.48.25.128/25
ip4:212.48.14.160/27 include:srs.bis.na.blackberry.com
include:srs.bis.eu.blackberry.com include:srs.bis.ap.blackberry.com
include:mail.zendesk.com -all"
So, if I well understand, the spf check would fail.
opendmarc is configured to make its own spf check (libspf2):
ldd /usr/sbin/opendmarc
linux-vdso.so.1 => (0x00007fff32fbc000)
libopendmarc.so.2 => /lib64/libopendmarc.so.2 (0x00007f2424b1c000)
libmilter.so.1.0 => /lib64/libmilter.so.1.0 (0x00007f242490b000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f24246f0000)
libspf2.so.2 => /lib64/libspf2.so.2 (0x00007f24244d4000)
libbsd.so.0 => /lib64/libbsd.so.0 (0x00007f24242c5000)
librt.so.1 => /lib64/librt.so.1 (0x00007f24240bc000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2423ea0000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2423adf000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f24238c5000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2424d36000)
opendmarc.conf:
AuthservID HOSTNAME
SPFIgnoreResults true
SPFSelfValidate true
hostname is "04mx.example.com".
The mail I receive is:
Return-Path: <marco at libero.it>
Received: from 04mx.example.com (04mx.example.com [x.x.x.86])
by ucstore.example.com (Cyrus v2.4.17-Invoca-RPM-2.4.17-6.el6) with LMTPA;
Thu, 31 Dec 2015 08:48:04 +0100
X-Sieve: CMU Sieve 2.4
Received: from localhost (localhost [127.0.0.1])
by 04mx.example.com (MailFarm) with ESMTP id 3pWM6D1dNjzFpVl
for <marco at example.com>; Thu, 31 Dec 2015 08:48:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at example.com
X-Spam-Flag: NO
X-Spam-Score: 1.696
X-Spam-Level: *
X-Spam-Status: No, score=1.696 tagged_above=-999 required=4.5
tests=[BODY_SINGLE_WORD=0.001, DSPAM_HAM_99=-0.5, FREEMAIL_FROM=0.001,
RDNS_NONE=1.274, SPF_FAIL=0.919, TVD_SPACE_RATIO=0.001]
autolearn=disabled
Received: from localhost ([127.0.0.1])
by localhost (04mx.example.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 4vah2SkDixO0 for <marco at example.com>;
Thu, 31 Dec 2015 08:48:03 +0100 (CET)
Received: from msa.example.com (unknown [x.x.x.55])
by 04mx.example.com (MailFarm) with ESMTP id 3pWM6C04hwzFpVj
for <marco at example.com>; Thu, 31 Dec 2015 08:48:02 +0100 (CET)
DMARC-Filter: OpenDMARC Filter v1.3.1 04mx.example.com 3pWM6C04hwzFpVj
Authentication-Results: 04mx.example.com; dmarc=fail header.from=libero.it
Authentication-Results: 04mx.example.com; spf=pass
smtp.mailfrom=marco at libero.it
DKIM-Filter: OpenDKIM Filter v2.10.3 04mx.example.com 3pWM6C04hwzFpVj
Received: from [x.x.x.13] (client.example.com [x.x.x.13])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by msa.example.com (MailFarm) with ESMTPSA id 3pWM6B69pfzBrKb
for <marco at example.com>; Thu, 31 Dec 2015 08:48:02 +0100 (CET)
To: Marco <marco at example.com>
From: Marco <marco at libero.it>
...
This mail should fail SPF check, but "Authentication-Results" says it
passes. In log I only see:
2015-12-31T08:48:03.092716+01:00 04mx opendmarc[23762]: implicit
authentication service: 04mx.example.com
2015-12-31T08:48:03.198839+01:00 04mx opendmarc[23762]: 3pWM6C04hwzFpVj:
libero.it fail
the dat file says:
job 3pWM6C04hwzFpVj
reporter 04mx.example.com
received 1451548083
ipaddr x.x.x.55
from libero.it
mfrom libero.it
spf 0
pdomain libero.it
policy 17
rua mailto:dmarc_agg_rep at libero.it
pct 100
adkim 114
aspf 114
p 113
sp 0
align_dkim 5
align_spf 5
action 2
"spf 0" means that spf check passes, but after it fails the DKIM and SPF
alignment. I believed to find an spf check failed, but aligned, because
envelope from and header from are the same.
Could you explain me how to understand this behavior?
Thank you very much
Happy new year
Marco
More information about the opendmarc-users
mailing list