[opendmarc-users] troubleshooting an opendmarc 1.3.1 auth failure?
Juri Haberland
juri at sapienti-sat.org
Tue May 10 00:18:01 PDT 2016
jasonsu at mail-central.com wrote:
> I have opendmarc milter running.
>
> Inbound mail flows through an SPF check, then a DKIM check, and finally on to
> a DMARC check in opendmarc.
>
> I was notified of the following dmarc FAIL notice the other day -- AFTER the
> user's actually receiving the (important) mail.
>
> I'm trying to figure out, and fix, the problem. I think it's got to do with
> the fact it's being bounced around between localhost/127.0.0.1 daemons, but
> not sure. And don't know yet what to do about it.
>
> Here's the message
> Received: from mail.example.com ([127.0.0.1])
> by amavis.mail.example.com (mail.example.com [127.0.0.1]) (amavisd-new, port
> 33116)
> with ESMTP id wNWTzdMInUC0 for <user at example.com>;
> Fri, 6 May 2016 08:58:58 -0700 (PDT)
> Authentication-Results: spf.mail.example.com; spf=pass (sender SPF
> authorized) smtp.mailfrom=ssa.gov (client-ip=137.200.4.23;
> helo=mailout4.ssa.gov; envelope-from=no-reply at ssa.gov;
> receiver=user at example.com)
> Why'd this 'fail', and what am I doing wrong?
I think the problem is that you are running Amavis as a content filter. I've
read (can't find it at the moment) that if one uses a content filter
(smtpd_proxy_filter) the milters don't see the (complete) message or at least
not headers generated by other milters. This can only be resolved by running
Amavis as a milter (see amavis-milter).
Cheers,
Juri
More information about the opendmarc-users
mailing list