[opendmarc-users] Problem with opendmarc SPF?

Daniel Gompf tech at kdmails.de
Mon Jul 11 00:24:07 PDT 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I think there is something wrong with the SPF part of opendmarc, there
are more fails then expected. Sometimes it seems that this is
triggered by recursive DNS queries. If the spf record has only IP
addresses it is ok but with deeper DNS queries or other than mx the
are fails.

Here an example from a spam lover mailbox

Received: from unknown by localhost (amavisd-new, unix socket) id
qJpjSYQ6XNjz
        for <Client at mydomain>; Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
Received: from mnews.gofair.biz (mnews.gofair.biz [79.124.90.207])
        by mx01.xxx.xx (amavisd-milter);
        Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
        (envelope-from <moore at gofair.biz>)
Received: from mnews.gofair.biz (mnews.gofair.biz [79.124.90.207])
        by mx01.xxx.xx (Postfix) with ESMTP id 8280D1C
        for <Client at mydomain>; Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
MIME-Version: 1.0
From: "Megan Moore" <moore at gofair.biz>
To: Client at mydomain
Reply-To: reservations at getaltd.co.uk
Date: 11 Jul 2016 06:09:06 +0300
Subject: EUROPEAN COATINGS SHOW 2017
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Authentication-Results: mx01.xxx.xx; spf=fail
smtp.mailfrom=moore at gofair.biz
Authentication-Results: mx01.xxx.xx; dmarc=none (p=NONE dis=NONE)
header.from=gofair.biz

postfix -> opendkim(milter)
        -> opendmarc(milter)
	-> amavisd(milter)


I use opendmarc 1.3.1 patched as described at
https://andreasschulze.de/dmarc/opendmarc

Here the current config.
BaseDirectory           /home/opendmarc/
HistoryFile             opendmarc.dat
PidFile                 run/opendmarc.pid
PublicSuffixList        public_suffix_list.dat
IgnoreHosts             opendmarc.ignore.hosts
IgnoreAuthenticatedClients      true
Socket                  inet:8893 at localhost
SPFIgnoreResults        true
SPFSelfValidate         true
Syslog                  true
userID                  opendmarc
RejectFailures          true
MilterDebug             0
RequiredHeaders         yes
AuthServID              mx01.xxx.xx
AutoRestart             true
AutoRestartCount        0
AutoRestartRate         10/1m

Thank you.
Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXg0mXAAoJENuvw56q5FOiBDAIAKJWsz2n9TeQmzXJVwdOOswr
T4j52eNHFWE8H7jJXS7PSNLuReI4uy4udB6N8PdQ6ZOmgj4KKlpzChzaBlJNfvk/
YrzQQkZAru62vRouu0XEycdZvQXlgJqF7IG3HmVRvUofUz5j5u/NRb+ANqge0N+k
+VcADEZDiCBGZHILOWa2BCYC6qS3Y73qVFVZ3NxrnQN4Ld+eFyalfxsGT04JAXhQ
jPHNRy2wNY2kNVfF0I5YFA55f8WeqItGM5EmG/c62IIjHASHso1CHBfjckhBm3gg
mIOVa7aVjUY5+T0cpjv5GUgKzOg1nJelEC9z9QffR5WsjYMfru/oFJCZ41YWC1E=
=L09X
-----END PGP SIGNATURE-----

More information about the opendmarc-users mailing list