[opendmarc-users] opendkim 1.3.1 working ok here in most cases; why is this one inbound email failing auth?

Janina Sajka janina at rednote.net
Sat Jun 11 11:13:42 PDT 2016 

I have the same, or perhaps a similar question myself.

opendmarc -V
opendmarc: OpenDMARC Filter v1.3.1
        SMFI_VERSION 0x1000001
	        libmilter version 1.0.1
		        Active code options:
			                WITH_SPF

I ssh into my server and use mutt for mail, which delivers to sendmail
locally:

>From my .m uttrc:
set sendmail="/usr/lib/sendmail -oi -oem"

Basically, email sent out from my sendmail gets marked 
Authentication-Results: opera.rednote.net; dmarc=fail
header.from=rednote.net
Authentication-Results: opera.rednote.net; spf=pass
smtp.mailfrom=janina at rednote.net

If I add my localhost to /etc/opendmarc/ignore.hosts no dmarc or spf
checking seems to occur, but I see no difference on whether outbound
mail fails.

I do have a problem sending mail to microsoft.com. I haven't
figured out why, and suspect the dmarc failure. Is that possible?
Perhaps not, as the ignore.hosts makes no difference, present or absent.

PS: Is dmarc/spf/dkim IPv6 aware? Running through
pythentic at had-pilot.biz returns data with only IPv4.

Janina


jasonsu at mail-central.com writes:
> I run opendmarc
> 
> 	opendmarc -V
> 		opendmarc: OpenDMARC Filter v1.3.1
> 		        SMFI_VERSION 0x1000001
> 		        libmilter version 1.0.1
> 		        Active code options:
> 		                WITH_SPF
> 
> 	as a milter on
> 
> 		postconf mail_version
> 			mail_version = 3.1.1
> 
> It's been working ok for awhile now. Almost all inbound mail's properly checked, acted on, etc.  I.e., DMARC passes/fails when it should.
> 
> In a few instances, it's a mystery.  E.g., I received an auth failure report from my opendmarc instance
> 
> 	This is an authentication failure report for an email message received from IP
> 	127.0.0.1 on Fri, 10 Jun 2016 09:35:01 -0700 (PDT).
> 
> 	Feedback-Type: auth-failure
> 	Version: 1
> 	User-Agent: OpenDMARC-Filter/1.3.1
> 	Auth-Failure: dmarc
> 	Authentication-Results: dmarc.example.com; dmarc=fail header.from=news.united.com
> 	Original-Envelope-Id: 3rRl504yPvz2wZZ
> 	Original-Mail-From: united.5765 at envfrm.rsys2.com
> 	Source-IP: 127.0.0.1 (localhost)
> 	Reported-Domain: news.united.com
> 
> 	DKIM-Filter: OpenDKIM Filter v2.10.3 example.com 3rRl504yPvz2wZZ
> 	Authentication-Results: opendkim.example.com/3rRl504yPvz2wZZ;
> 		dkim=pass (1024-bit key; unprotected) header.d=news.united.com header.i=MyMileagePlus at news.united.com header.b=Os2MVbHh
> 	X-Virus-Status: Clean
> 	X-Virus-Scanned: clamav-milter devel-clamav-0.99-beta1-499-g09b1357 at av.example.com
> 	X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
> 		example.com
> 	Received: from example.com ([127.0.0.1])
> 		by amavis.example.com (example.com [127.0.0.1]) (amavisd-new, port 42000)
> 		with ESMTP id Y8d_1kx9Mncu
> 		for <acct+xxx at example.com>;
> 		Fri, 10 Jun 2016 09:35:00 -0700 (PDT)
> 	Authentication-Results: spf.example.com; spf=pass (sender SPF authorized) smtp.mailfrom=envfrm.rsys2.com (client-ip=12.130.136.195; helo=omp.news.united.com; envelope-from=united.5765 at envfrm.rsys2.com; receiver=acct+xxx at example.com)
> 	Received: from omp.news.united.com (omp.news.united.com [12.130.136.195])
> 		by example.com (Postfix) with ESMTP
> 		for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:59 -0700 (PDT)
> 	DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=united; d=news.united.com;
> 	 h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:To:From:Reply-To:Subject:List-Unsubscribe:Message-ID; i=MyMileagePlus at news.united.com;
> 	 bh=FiDxLwgUxCIm2yazeNmeALBGr1Y=;
> 	 b=Os2MVbHhUTq7PCf9Ypx1WTwAcYUyVrsph5X9jQshTtBsP+FjGK6yXgjtYKMHv0BvpB0LuaZP47T1
> 	   w4O4MIbsn4p9Jsg1jtpyRXawNrZlVNTxx7w1csD/F1PtPJr2JncIsohO4BqspvJ71A5cQ7J7zzK1
> 	   G0LZHIn/lBzOw3Z+VqI=
> 	DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=united; d=news.united.com;
> 	 b=k5kuDz7ai+KcfKE+veVACm1Ji0MtD13fVQiBX8Rej38QqRNbdFIXfkjD52z9MfCxREfT1wDm/ekU
> 	   jowNzs/d7a1B7rmo3Q2gzM49pB2jG9+ESV1LxyrJ6GozLgnsYBP2RvItgpr7EhL69matYEXOq+Al
> 	   TSANfWkjxYbHPU0JixA=;
> 	Received: by omp.news.united.com id hbgur81607gn for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
> 	X-CSA-Complaints: whitelist-complaints at eco.de
> 	Received: by omp.news.united.com id hbgur41607gr for <acct+xxx at example.com>; Fri, 10 Jun 2016 16:22:58 -0700 (envelope-from <united.5765 at envfrm.rsys2.com>)
> 	X-CSA-Complaints: whitelist-complaints at eco.de
> 	MIME-Version: 1.0
> 	Content-Type: text/html;
> 		charset="UTF-8"
> 	Content-Transfer-Encoding: quoted-printable
> 	Date: Fri, 10 Jun 2016 16:22:58 -0700
> 	To: acct+xxx at example.com
> 	From: "MileagePlus Statement" <MyMileagePlus at news.united.com>
> 	Reply-To: "MileagePlus Statement" <MileagePlus_NoReply at united.com>
> 	Subject: June monthly statement: 250,000 bonus miles offer for MileagePlus members
> 	Feedback-ID: 5...:9...:oraclersys
> 	List-Unsubscribe: <https://news.united.com/pub/optout/UnsubscribeOneStepConfirmAction?YES=true&_ri_=X...>, <mailto:unsubscribe-Y... at imh.rsys2.com?subject=List-Unsubscribe>
> 	X-sgxh1: i...u
> 	X-rext: 5.interact2.E...s
> 	X-cid: united.2...
> 	Message-ID: <0... at omp.news.united.com>
> 
> I am unclear as to why that's failed.
> 
> I'd like to learn what to look for to figure this out.
> 
> Is it my config, or the sender's that's the problem?
> 
> Jason
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users

-- 

Janina Sajka,	Phone:	+1.443.300.2200
			sip:janina at asterisk.rednote.net
		Email:	janina at rednote.net

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa

More information about the opendmarc-users mailing list