[opendmarc-users] IgnoreAuthenticatedClients not working
Theodotos Andreou
theo at theo-andreou.org
Fri Apr 29 01:28:05 PDT 2016
Hello,
I am using opendmarc with postfix on a debian jessy. Everything is
installed from the debian repos.
When I send mail from my home using SMTP AUTH I get a 'dmarc-fail' the
the outgoing messages.
This is my config:
# grep -v -E '(#|^$)' /etc/opendmarc.conf
AuthservID mail.example.com
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
TrustedAuthservIDs mail.example.com
And I am using this version:
# apt-cache show opendmarc | grep Version
Version: 1.3.0+dfsg-1
Mail logs:
Apr 29 01:10:45 mail1 postfix/smtpd[31543]: warning: hostname
client.home.net does not resolve to address 2.2.2.2: Name or service not
known
Apr 29 01:10:45 mail1 postfix/smtpd[31543]: connect from unknown[2.2.2.2]
Apr 29 01:10:47 mail1 postfix/smtpd[31543]: 953AA205AF:
client=unknown[2.2.2.2], sasl_method=PLAIN, sasl_username=some.user
Apr 29 01:10:48 mail1 postfix/cleanup[31546]: 953AA205AF:
message-id=<57231705.3090203example.com>
Apr 29 01:10:48 mail1 opendmarc[31534]: 953AA205AF: example.com fail
Apr 29 01:10:48 mail1 postfix/qmgr[31481]: 953AA205AF:
from=<some.user at example.com>, size=678, nrcpt=1 (queue active)
Apr 29 01:10:48 mail1 dovecot: lda(some.user at example.com):
msgid=<57231705.3090203 at example.com>: saved mail to INBOX
Apr 29 01:10:48 mail1 postfix/pipe[31548]: 953AA205AF:
to=<some.user at example.com>, relay=dovecot, delay=1.3,
delays=1/0.01/0/0.25, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 29 01:10:48 mail1 postfix/qmgr[31481]: 953AA205AF: removed
Apr 29 01:10:48 mail1 postfix/smtpd[31543]: disconnect from unknown[2.2.2.2]
opendmarc logs:
job 953AA205AF
reporter mail.example.com
received 1461917448
ipaddr 2.2.2.2
from example.com
mfrom example.com
spf -1
pdomain example.com
policy 16
rua mailto:dmarc-reports at example.com
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 2
If I add my home IP in the ignore.hosts file there is no dmarc flag in
the headers. Alas this is not a practical solution as there are mobile
clients using my server
Is this a bug or am I doing something wrong?
More information about the opendmarc-users
mailing list