[opendmarc-users] IgnoreAuthenticatedClients not working

Theodotos Andreou theo at theo-andreou.org
Fri Apr 29 01:28:05 PDT 2016


Hello,

I am using opendmarc with postfix on a debian jessy. Everything is 
installed from the debian repos.

When I send mail from my home using SMTP AUTH I get a 'dmarc-fail' the 
the outgoing messages.

This is my config:

# grep -v -E '(#|^$)' /etc/opendmarc.conf
AuthservID  mail.example.com
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
TrustedAuthservIDs mail.example.com

And I am using this version:

# apt-cache show opendmarc | grep Version
Version: 1.3.0+dfsg-1


Mail logs:

Apr 29 01:10:45 mail1 postfix/smtpd[31543]: warning: hostname 
client.home.net does not resolve to address 2.2.2.2: Name or service not 
known
Apr 29 01:10:45 mail1 postfix/smtpd[31543]: connect from unknown[2.2.2.2]
Apr 29 01:10:47 mail1 postfix/smtpd[31543]: 953AA205AF: 
client=unknown[2.2.2.2], sasl_method=PLAIN, sasl_username=some.user
Apr 29 01:10:48 mail1 postfix/cleanup[31546]: 953AA205AF: 
message-id=<57231705.3090203example.com>
Apr 29 01:10:48 mail1 opendmarc[31534]: 953AA205AF: example.com fail
Apr 29 01:10:48 mail1 postfix/qmgr[31481]: 953AA205AF: 
from=<some.user at example.com>, size=678, nrcpt=1 (queue active)
Apr 29 01:10:48 mail1 dovecot: lda(some.user at example.com): 
msgid=<57231705.3090203 at example.com>: saved mail to INBOX
Apr 29 01:10:48 mail1 postfix/pipe[31548]: 953AA205AF: 
to=<some.user at example.com>, relay=dovecot, delay=1.3, 
delays=1/0.01/0/0.25, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 29 01:10:48 mail1 postfix/qmgr[31481]: 953AA205AF: removed
Apr 29 01:10:48 mail1 postfix/smtpd[31543]: disconnect from unknown[2.2.2.2]


opendmarc logs:

job 953AA205AF
reporter mail.example.com
received 1461917448
ipaddr 2.2.2.2
from example.com
mfrom example.com
spf -1
pdomain example.com
policy 16
rua mailto:dmarc-reports at example.com
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 2

If I add my home IP in the ignore.hosts file there is no dmarc flag in 
the headers. Alas this is not a practical solution as there are mobile 
clients using my server

Is this a bug or am I doing something wrong?


More information about the opendmarc-users mailing list