[opendmarc-users] [Help] amazon false positive?
Sistemisti Posta
sistemisti-posta at csi.it
Tue Apr 26 04:33:05 PDT 2016
Hello Petr,
I use internal SPF check:
SPFIgnoreResults true
SPFSelfValidate true
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Active code options:
WITH_SPF
with patches #120 and #149.
Opendkim is the first milter in Postfix:
smtpd_milters = { inet:localhost:8891,
default_action=accept },
{ inet:localhost:8893,
default_action=accept }
I can't understand why is a bad signature.
Thank you very much for this help,
Marco
Il 26/04/2016 12:59, Petr Novák ha scritto:
> Hello,
>
> - SPF record for bounces.amazon.it is:
> v=spf1 include:amazon.com -all
> - amazon.com:
> v=spf1 include:spf1.amazon.com include:spf2.amazon.com
> include:amazonses.com -all
> - amazonses.com:
> v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 -all
>
> IP 54.240.0.145 is in this rule "ip4:54.240.0.0/18" . So the result of
> SPF check should be a "pass". You can also check it here:
> http://www.kitterman.com/spf/validate.html or
> http://vamsoft.com/support/tools/spf-policy-tester .
>
> DMARC record of amazon.it doesnt specify aspf value, that means default
> value is used which is relaxed. So the mailfrom(bounces.amazon.it) and
> from(amazon.it) domains are "in alignment" and DMARC SPF check should
> pass so DMARC should also pass.
>
> So the question is why is your SPF result wrong. What SPF check do you use.
>
> Those DKIM fails could mean that a header that was signed or email
> content was modified before opendkim checked the signature. You should
> check if anything checks the email before opendkim and could have
> modified it. Or maybe the email was modified at the source after signing
> who knows :).
More information about the opendmarc-users
mailing list