[opendmarc-users] opendkim 1.3.1 working ok here in most cases; why is this one inbound email failing auth?
Janina Sajka
janina at rednote.net
Sat Jun 11 11:13:42 PDT 2016
I have the same, or perhaps a similar question myself.
opendmarc -V
opendmarc: OpenDMARC Filter v1.3.1
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Active code options:
WITH_SPF
I ssh into my server and use mutt for mail, which delivers to sendmail
locally:
>From my .m uttrc:
set sendmail="/usr/lib/sendmail -oi -oem"
Basically, email sent out from my sendmail gets marked
Authentication-Results: opera.rednote.net; dmarc=fail
header.from=rednote.net
Authentication-Results: opera.rednote.net; spf=pass
smtp.mailfrom=janina at rednote.net
If I add my localhost to /etc/opendmarc/ignore.hosts no dmarc or spf
checking seems to occur, but I see no difference on whether outbound
mail fails.
I do have a problem sending mail to microsoft.com. I haven't
figured out why, and suspect the dmarc failure. Is that possible?
Perhaps not, as the ignore.hosts makes no difference, present or absent.
PS: Is dmarc/spf/dkim IPv6 aware? Running through
pythentic at had-pilot.biz returns data with only IPv4.
Janina
jasonsu at mail-central.com writes:
> I run opendmarc
>
> opendmarc -V
> opendmarc: OpenDMARC Filter v1.3.1
> SMFI_VERSION 0x1000001
> libmilter version 1.0.1
> Active code options:
> WITH_SPF
>
> as a milter on
>
> postconf mail_version
> mail_version = 3.1.1
>
> It's been working ok for awhile now. Almost all inbound mail's properly checked, acted on, etc. I.e., DMARC passes/fails when it should.
>
> In a few instances, it's a mystery. E.g., I received an auth failure report from my opendmarc instance
>
> This is an authentication failure report for an email message received from IP
> 127.0.0.1 on Fri, 10 Jun 2016 09:35:01 -0700 (PDT).
>
> Feedback-Type: auth-failure
> Version: 1
> User-Agent: OpenDMARC-Filter/1.3.1
> Auth-Failure: dmarc
> Authentication-Results: dmarc.example.com; dmarc=fail header.from=news.united.com
> Original-Envelope-Id: 3rRl504yPvz2wZZ
> Original-Mail-From: united.5765 at envfrm.rsys2.com
> Source-IP: 127.0.0.1 (localhost)
> Reported-Domain: news.united.com
>
> DKIM-Filter: OpenDKIM Filter v2.10.3 example.com 3rRl504yPvz2wZZ
> Authentication-Results: opendkim.example.com/3rRl504yPvz2wZZ;
> dkim=pass (1024-bit key; unprotected) header.d=news.united.com header.i=MyMileagePlus at news.united.com header.b=Os2MVbHh
> X-Virus-Status: Clean
> X-Virus-Scanned: clamav-milter devel-clamav-0.99-beta1-499-g09b1357 at av.example.com
> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
> example.com
> Received: from example.com ([127.0.0.1])
> by amavis.example.com (example.com [127.0.0.1]) (amavisd-new, port 42000)
> with ESMTP id Y8d_1kx9Mncu
> for <acct+xxx at example.com>;
> Fri, 10 Jun 2016 09:35:00 -0700 (PDT)
> Authentication-Results: spf.example.com; spf=pass (sender SPF authorized) smtp.mailfrom=envfrm.rsys2.com (client-ip=12.130.136.195; helo=omp.news.united.com; envelope-from=united.5765 at envfrm.rsys2.com; receiver=acct+xxx at example.com)
> Received: from omp.news.united.com (omp.news.united.com [12.130.136.195])
> by example.com (Postfix) with ESMTP
> for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:59 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=united; d=news.united.com;
> h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:To:From:Reply-To:Subject:List-Unsubscribe:Message-ID; i=MyMileagePlus at news.united.com;
> bh=FiDxLwgUxCIm2yazeNmeALBGr1Y=;
> b=Os2MVbHhUTq7PCf9Ypx1WTwAcYUyVrsph5X9jQshTtBsP+FjGK6yXgjtYKMHv0BvpB0LuaZP47T1
> w4O4MIbsn4p9Jsg1jtpyRXawNrZlVNTxx7w1csD/F1PtPJr2JncIsohO4BqspvJ71A5cQ7J7zzK1
> G0LZHIn/lBzOw3Z+VqI=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=united; d=news.united.com;
> b=k5kuDz7ai+KcfKE+veVACm1Ji0MtD13fVQiBX8Rej38QqRNbdFIXfkjD52z9MfCxREfT1wDm/ekU
> jowNzs/d7a1B7rmo3Q2gzM49pB2jG9+ESV1LxyrJ6GozLgnsYBP2RvItgpr7EhL69matYEXOq+Al
> TSANfWkjxYbHPU0JixA=;
> Received: by omp.news.united.com id hbgur81607gn for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
> X-CSA-Complaints: whitelist-complaints at eco.de
> Received: by omp.news.united.com id hbgur41607gr for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
> X-CSA-Complaints: whitelist-complaints at eco.de
> MIME-Version: 1.0
> Content-Type: text/html;
> charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> Date: Fri, 10 Jun 2016 16:22:58 -0700
> To: acct+xxx at example.com
> From: "MileagePlus Statement" <MyMileagePlus at news.united.com>
> Reply-To: "MileagePlus Statement" <MileagePlus_NoReply at united.com>
> Subject: June monthly statement: 250,000 bonus miles offer for MileagePlus members
> Feedback-ID: 5...:9...:oraclersys
> List-Unsubscribe: <https://news.united.com/pub/optout/UnsubscribeOneStepConfirmAction?YES=true&_ri_=X...>, <mailto:unsubscribe-Y... at imh.rsys2.com?subject=List-Unsubscribe>
> X-sgxh1: i...u
> X-rext: 5.interact2.E...s
> X-cid: united.2...
> Message-ID: <0... at omp.news.united.com>
>
> I am unclear as to why that's failed.
>
> I'd like to learn what to look for to figure this out.
>
> Is it my config, or the sender's that's the problem?
>
> Jason
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
--
Janina Sajka, Phone: +1.443.300.2200
sip:janina at asterisk.rednote.net
Email: janina at rednote.net
Linux Foundation Fellow
Executive Chair, Accessibility Workgroup: http://a11y.org
The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures http://www.w3.org/wai/apa
More information about the opendmarc-users
mailing list