[opendmarc-users] opendkim 1.3.1 working ok here in most cases; why is this one inbound email failing auth?

jasonsu at mail-central.com jasonsu at mail-central.com
Sat Jun 11 10:03:11 PDT 2016 

I run opendmarc

	opendmarc -V
		opendmarc: OpenDMARC Filter v1.3.1
		        SMFI_VERSION 0x1000001
		        libmilter version 1.0.1
		        Active code options:
		                WITH_SPF

	as a milter on

		postconf mail_version
			mail_version = 3.1.1

It's been working ok for awhile now. Almost all inbound mail's properly checked, acted on, etc.  I.e., DMARC passes/fails when it should.

In a few instances, it's a mystery.  E.g., I received an auth failure report from my opendmarc instance

	This is an authentication failure report for an email message received from IP
	127.0.0.1 on Fri, 10 Jun 2016 09:35:01 -0700 (PDT).

	Feedback-Type: auth-failure
	Version: 1
	User-Agent: OpenDMARC-Filter/1.3.1
	Auth-Failure: dmarc
	Authentication-Results: dmarc.example.com; dmarc=fail header.from=news.united.com
	Original-Envelope-Id: 3rRl504yPvz2wZZ
	Original-Mail-From: united.5765 at envfrm.rsys2.com
	Source-IP: 127.0.0.1 (localhost)
	Reported-Domain: news.united.com

	DKIM-Filter: OpenDKIM Filter v2.10.3 example.com 3rRl504yPvz2wZZ
	Authentication-Results: opendkim.example.com/3rRl504yPvz2wZZ;
		dkim=pass (1024-bit key; unprotected) header.d=news.united.com header.i=MyMileagePlus at news.united.com header.b=Os2MVbHh
	X-Virus-Status: Clean
	X-Virus-Scanned: clamav-milter devel-clamav-0.99-beta1-499-g09b1357 at av.example.com
	X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
		example.com
	Received: from example.com ([127.0.0.1])
		by amavis.example.com (example.com [127.0.0.1]) (amavisd-new, port 42000)
		with ESMTP id Y8d_1kx9Mncu
		for <acct+xxx at example.com>;
		Fri, 10 Jun 2016 09:35:00 -0700 (PDT)
	Authentication-Results: spf.example.com; spf=pass (sender SPF authorized) smtp.mailfrom=envfrm.rsys2.com (client-ip=12.130.136.195; helo=omp.news.united.com; envelope-from=united.5765 at envfrm.rsys2.com; receiver=acct+xxx at example.com)
	Received: from omp.news.united.com (omp.news.united.com [12.130.136.195])
		by example.com (Postfix) with ESMTP
		for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:59 -0700 (PDT)
	DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=united; d=news.united.com;
	 h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:To:From:Reply-To:Subject:List-Unsubscribe:Message-ID; i=MyMileagePlus at news.united.com;
	 bh=FiDxLwgUxCIm2yazeNmeALBGr1Y=;
	 b=Os2MVbHhUTq7PCf9Ypx1WTwAcYUyVrsph5X9jQshTtBsP+FjGK6yXgjtYKMHv0BvpB0LuaZP47T1
	   w4O4MIbsn4p9Jsg1jtpyRXawNrZlVNTxx7w1csD/F1PtPJr2JncIsohO4BqspvJ71A5cQ7J7zzK1
	   G0LZHIn/lBzOw3Z+VqI=
	DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=united; d=news.united.com;
	 b=k5kuDz7ai+KcfKE+veVACm1Ji0MtD13fVQiBX8Rej38QqRNbdFIXfkjD52z9MfCxREfT1wDm/ekU
	   jowNzs/d7a1B7rmo3Q2gzM49pB2jG9+ESV1LxyrJ6GozLgnsYBP2RvItgpr7EhL69matYEXOq+Al
	   TSANfWkjxYbHPU0JixA=;
	Received: by omp.news.united.com id hbgur81607gn for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
	X-CSA-Complaints: whitelist-complaints at eco.de
	Received: by omp.news.united.com id hbgur41607gr for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
	X-CSA-Complaints: whitelist-complaints at eco.de
	MIME-Version: 1.0
	Content-Type: text/html;
		charset="UTF-8"
	Content-Transfer-Encoding: quoted-printable
	Date: Fri, 10 Jun 2016 16:22:58 -0700
	To: acct+xxx at example.com
	From: "MileagePlus Statement" <MyMileagePlus at news.united.com>
	Reply-To: "MileagePlus Statement" <MileagePlus_NoReply at united.com>
	Subject: June monthly statement: 250,000 bonus miles offer for MileagePlus members
	Feedback-ID: 5...:9...:oraclersys
	List-Unsubscribe: <https://news.united.com/pub/optout/UnsubscribeOneStepConfirmAction?YES=true&_ri_=X...>, <mailto:unsubscribe-Y... at imh.rsys2.com?subject=List-Unsubscribe>
	X-sgxh1: i...u
	X-rext: 5.interact2.E...s
	X-cid: united.2...
	Message-ID: <0... at omp.news.united.com>

I am unclear as to why that's failed.

I'd like to learn what to look for to figure this out.

Is it my config, or the sender's that's the problem?

Jason

More information about the opendmarc-users mailing list