[opendmarc-users] subdomain policy is not respected

Robert Chalmers robert at chalmers.com.au
Mon Jan 25 07:00:44 PST 2016 

Excellent explanation also here. Full details of both the p tag, and sp tag. Hope it helps.

http://www.zytrax.com/books/dns/ch9/dmarc.html




> On 25 Jan 2016, at 13:41, Petr Novák <novakp43 at gmail.com> wrote:
> 
> Hello,
> 
> I have a problem with opendmarc not respecting subdomain "none" policy (sp=none).
> 
> Here is an example.
> 
> DMARC record: (v=DMARC1; p=reject; sp=none; fo=1; rua=mailto:admin at prnk.cz; ruf=mailto:admin at prnk.cz)
> 
> [root at prnk opendmarc]# opendmarc-check prnk.cz
> DMARC record for prnk.cz:
>        Sample percentage: 100
>        DKIM alignment: relaxed
>        SPF alignment: relaxed
>        Domain policy: reject
>        Subdomain policy: none
>        Aggregate report URIs:
>                mailto:admin at prnk.cz
>        Forensic report URIs:
>                mailto:admin at prnk.cz
> 
> I have created this simple mail to test the behaviour:
> *****
> [root at prnk opendmarc]# cat 3
> Received-SPF: fail (prnk.cz: domain of prnk at prnk.cz does not designate 46.30.238.4 as permitted sender) client-ip=46.30.238.4;
> To: undisclosed-recipients:;
> From: prnk at something.prnk.cz
> Message-Id: <20160125113532.84CD810B55B5 at prnk.prnk.cz>
> Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)
> 
> tets
> test
> .
> *****
> 
> Now when I send the mail to opendmarc it gets rejected even when subdomain policy is "none" and domain in "From:" header is "something.prnk.cz".
> 
> [root at prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv
> opendmarc: mlfi_connect() returned SMFIS_CONTINUE
> opendmarc: mlfi_helo() returned SMFIS_CONTINUE
> opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE
> opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE
> opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUE
> ### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC policy for prnk.cz'
> ### INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter v1.3.1 DEBUG-j DEBUG-i'
> opendmarc: 3: mlfi_eom() returned SMFIS_REJECT
> opendmarc: mlfi_close() returned SMFIS_CONTINUE
> 
> History file:
> 
> job DEBUG-i
> reporter DEBUG-j
> received 1453728517
> ipaddr 127.0.0.1
> from something.prnk.cz
> mfrom prnk.cz
> spf 2
> pdomain prnk.cz
> policy 16
> rua mailto:admin at prnk.cz
> pct 100
> adkim 114
> aspf 114
> p 114
> sp 110
> align_dkim 5
> align_spf 5
> action 0
> 
> 
> I think such mail should be accepted, because the subdomain policy is set to "none" or am I wrong?
> 
> When I try sending the same mail to my email @gmail.com It doesnt get rejected for the subdomain.
> 
> 
> Petr Novak
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users

Robert Chalmers
robert at chalmers.com <mailto:robert at chalmers.com>.au  Quantum Radio: http://tinyurl.com/lwwddov
Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB Storage made up of - 
Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB. Lower Bay



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20160125/a59bd02f/attachment.htm>

More information about the opendmarc-users mailing list