[opendmarc-users] Problem with opendmarc SPF?
Daniel Gompf
tech at kdmails.de
Mon Jul 11 00:24:07 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I think there is something wrong with the SPF part of opendmarc, there
are more fails then expected. Sometimes it seems that this is
triggered by recursive DNS queries. If the spf record has only IP
addresses it is ok but with deeper DNS queries or other than mx the
are fails.
Here an example from a spam lover mailbox
Received: from unknown by localhost (amavisd-new, unix socket) id
qJpjSYQ6XNjz
for <Client at mydomain>; Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
Received: from mnews.gofair.biz (mnews.gofair.biz [79.124.90.207])
by mx01.xxx.xx (amavisd-milter);
Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
(envelope-from <moore at gofair.biz>)
Received: from mnews.gofair.biz (mnews.gofair.biz [79.124.90.207])
by mx01.xxx.xx (Postfix) with ESMTP id 8280D1C
for <Client at mydomain>; Mon, 11 Jul 2016 05:09:07 +0200 (CEST)
MIME-Version: 1.0
From: "Megan Moore" <moore at gofair.biz>
To: Client at mydomain
Reply-To: reservations at getaltd.co.uk
Date: 11 Jul 2016 06:09:06 +0300
Subject: EUROPEAN COATINGS SHOW 2017
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Authentication-Results: mx01.xxx.xx; spf=fail
smtp.mailfrom=moore at gofair.biz
Authentication-Results: mx01.xxx.xx; dmarc=none (p=NONE dis=NONE)
header.from=gofair.biz
postfix -> opendkim(milter)
-> opendmarc(milter)
-> amavisd(milter)
I use opendmarc 1.3.1 patched as described at
https://andreasschulze.de/dmarc/opendmarc
Here the current config.
BaseDirectory /home/opendmarc/
HistoryFile opendmarc.dat
PidFile run/opendmarc.pid
PublicSuffixList public_suffix_list.dat
IgnoreHosts opendmarc.ignore.hosts
IgnoreAuthenticatedClients true
Socket inet:8893 at localhost
SPFIgnoreResults true
SPFSelfValidate true
Syslog true
userID opendmarc
RejectFailures true
MilterDebug 0
RequiredHeaders yes
AuthServID mx01.xxx.xx
AutoRestart true
AutoRestartCount 0
AutoRestartRate 10/1m
Thank you.
Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXg0mXAAoJENuvw56q5FOiBDAIAKJWsz2n9TeQmzXJVwdOOswr
T4j52eNHFWE8H7jJXS7PSNLuReI4uy4udB6N8PdQ6ZOmgj4KKlpzChzaBlJNfvk/
YrzQQkZAru62vRouu0XEycdZvQXlgJqF7IG3HmVRvUofUz5j5u/NRb+ANqge0N+k
+VcADEZDiCBGZHILOWa2BCYC6qS3Y73qVFVZ3NxrnQN4Ld+eFyalfxsGT04JAXhQ
jPHNRy2wNY2kNVfF0I5YFA55f8WeqItGM5EmG/c62IIjHASHso1CHBfjckhBm3gg
mIOVa7aVjUY5+T0cpjv5GUgKzOg1nJelEC9z9QffR5WsjYMfru/oFJCZ41YWC1E=
=L09X
-----END PGP SIGNATURE-----
More information about the opendmarc-users
mailing list