[opendmarc-users] subdomain policy is not respected
Petr Novák
novakp43 at gmail.com
Mon Jan 25 05:41:16 PST 2016
Hello,
I have a problem with opendmarc not respecting subdomain "none" policy
(sp=none).
Here is an example.
DMARC record: (v=DMARC1; p=reject; sp=none; fo=1;
rua=mailto:admin at prnk.cz; ruf=mailto:admin at prnk.cz)
[root at prnk opendmarc]# opendmarc-check prnk.cz
DMARC record for prnk.cz:
Sample percentage: 100
DKIM alignment: relaxed
SPF alignment: relaxed
Domain policy: reject
Subdomain policy: none
Aggregate report URIs:
mailto:admin at prnk.cz
Forensic report URIs:
mailto:admin at prnk.cz
I have created this simple mail to test the behaviour:
*****
[root at prnk opendmarc]# cat 3
Received-SPF: fail (prnk.cz: domain of prnk at prnk.cz does not designate
46.30.238.4 as permitted sender) client-ip=46.30.238.4;
To: undisclosed-recipients:;
From: prnk at something.prnk.cz
Message-Id: <20160125113532.84CD810B55B5 at prnk.prnk.cz>
Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)
tets
test
.
*****
Now when I send the mail to opendmarc it gets rejected even when
subdomain policy is "none" and domain in "From:" header is
"something.prnk.cz".
[root at prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUE
### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC
policy for prnk.cz'
### INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter
v1.3.1 DEBUG-j DEBUG-i'
opendmarc: 3: mlfi_eom() returned SMFIS_REJECT
opendmarc: mlfi_close() returned SMFIS_CONTINUE
History file:
job DEBUG-i
reporter DEBUG-j
received 1453728517
ipaddr 127.0.0.1
from something.prnk.cz
mfrom prnk.cz
spf 2
pdomain prnk.cz
policy 16
rua mailto:admin at prnk.cz
pct 100
adkim 114
aspf 114
p 114
sp 110
align_dkim 5
align_spf 5
action 0
I think such mail should be accepted, because the subdomain policy is
set to "none" or am I wrong?
When I try sending the same mail to my email @gmail.com It doesnt get
rejected for the subdomain.
Petr Novak
More information about the opendmarc-users
mailing list