[opendmarc-users] subdomain policy is not respected

Petr Novák novakp43 at gmail.com
Mon Jan 25 05:41:16 PST 2016 

Hello,

I have a problem with opendmarc not respecting subdomain "none" policy 
(sp=none).

Here is an example.

DMARC record: (v=DMARC1; p=reject; sp=none; fo=1; 
rua=mailto:admin at prnk.cz; ruf=mailto:admin at prnk.cz)

[root at prnk opendmarc]# opendmarc-check prnk.cz
DMARC record for prnk.cz:
         Sample percentage: 100
         DKIM alignment: relaxed
         SPF alignment: relaxed
         Domain policy: reject
         Subdomain policy: none
         Aggregate report URIs:
                 mailto:admin at prnk.cz
         Forensic report URIs:
                 mailto:admin at prnk.cz

I have created this simple mail to test the behaviour:
*****
[root at prnk opendmarc]# cat 3
Received-SPF: fail (prnk.cz: domain of prnk at prnk.cz does not designate 
46.30.238.4 as permitted sender) client-ip=46.30.238.4;
To: undisclosed-recipients:;
From: prnk at something.prnk.cz
Message-Id: <20160125113532.84CD810B55B5 at prnk.prnk.cz>
Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)

tets
test
.
*****

Now when I send the mail to opendmarc it gets rejected even when 
subdomain policy is "none" and domain in "From:" header is 
"something.prnk.cz".

[root at prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUE
### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC 
policy for prnk.cz'
### INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter 
v1.3.1 DEBUG-j DEBUG-i'
opendmarc: 3: mlfi_eom() returned SMFIS_REJECT
opendmarc: mlfi_close() returned SMFIS_CONTINUE

History file:

job DEBUG-i
reporter DEBUG-j
received 1453728517
ipaddr 127.0.0.1
from something.prnk.cz
mfrom prnk.cz
spf 2
pdomain prnk.cz
policy 16
rua mailto:admin at prnk.cz
pct 100
adkim 114
aspf 114
p 114
sp 110
align_dkim 5
align_spf 5
action 0


I think such mail should be accepted, because the subdomain policy is 
set to "none" or am I wrong?

When I try sending the same mail to my email @gmail.com It doesnt get 
rejected for the subdomain.


Petr Novak

More information about the opendmarc-users mailing list