[opendmarc-users] troubleshooting an opendmarc 1.3.1 auth failure?

Patrick Ben Koetter p at sys4.de
Tue May 10 00:30:33 PDT 2016


* Juri Haberland <juri at sapienti-sat.org>:
> jasonsu at mail-central.com wrote:
> > I have opendmarc milter running.
> >
> > Inbound mail flows through an SPF check, then a DKIM check, and finally on to
> > a DMARC check in opendmarc.
> >
> > I was notified of the following dmarc FAIL notice the other day -- AFTER the
> > user's actually receiving the (important) mail.
> >
> > I'm trying to figure out, and fix, the problem.  I think it's got to do with
> > the fact it's being bounced around between localhost/127.0.0.1 daemons, but
> > not sure.  And don't know yet what to do about it.
> >
> > Here's the message
> 
> > 	Received: from mail.example.com ([127.0.0.1])
> > 		by amavis.mail.example.com (mail.example.com [127.0.0.1]) (amavisd-new, port
> > 33116)
> > 		with ESMTP id wNWTzdMInUC0 for <user at example.com>;
> > 		Fri,  6 May 2016 08:58:58 -0700 (PDT)
> > 	Authentication-Results: spf.mail.example.com; spf=pass (sender SPF
> > authorized) smtp.mailfrom=ssa.gov (client-ip=137.200.4.23;
> > helo=mailout4.ssa.gov; envelope-from=no-reply at ssa.gov;
> > receiver=user at example.com)
> 
> > Why'd this 'fail', and what am I doing wrong?
> 
> I think the problem is that you are running Amavis as a content filter. I've
> read (can't find it at the moment) that if one uses a content filter
> (smtpd_proxy_filter) the milters don't see the (complete) message or at least
> not headers generated by other milters. This can only be resolved by running
> Amavis as a milter (see amavis-milter).

This is correct. If the OP runs a combination of smtpd_proxy_filter and
smtpd_milters the MILTERs won't be able to 'see' the message body.

I've also written about this in
https://sys4.de/de/blog/2015/07/31/amavisd-milter-howto/ (written in German).

p at rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the opendmarc-users mailing list