[opendmarc-users] troubleshooting an opendmarc 1.3.1 auth failure?

jasonsu at mail-central.com jasonsu at mail-central.com
Tue May 10 08:08:08 PDT 2016


Juri

On Tue, May 10, 2016, at 07:23 AM, Juri Haberland wrote:
> Are you talking about two complete different Postfix instances or just
> different listeners of one Postfix instance? With complete independent Postfix
> instances there should not be this problem given that one instance runs the
> milters and the other one the content filter.

'Just' different listeners of one instance.   NOT the 'true' MULTI-INSTANCE setup.

> This domain does not have a DMARC record (according to
> https://dmarcian.com/dmarc-inspector/e.hertzusa.brierleycrm.com) hence
> "dmarc=none".
> Have a look at the history file to see what the OpenDMARC milter really
> thought about SPF and DKIM for that domain.

Ok, well I'm completely mystefied.  Checking with a DMARC-ed inbound mail from gmail, which DOES have a DMARC policy

	https://dmarcian.com/dmarc-inspector/gmail.com

inbound mail received at my server has headers

	...
	DMARC-Filter: OpenDMARC Filter v1.3.1 mail.example.com 5j587m7ejWls8fh
	Authentication-Results: opendmarc.mail.example.com/5j587m7ejWls8fh; dmarc=pass header.from=gmail.com
	...

Where that^ 'passes'.

For that message, the opendmarc history file has

	job 5j587m7ejWls8fh
	reporter mail.example.com
	received 1462892441
	ipaddr 127.0.0.1
	from gmail.com
	mfrom gmail.com
	dkim gmail.com 0
	spf -1
	pdomain gmail.com
	policy 15
	rua mailto:mailauth-reports at google.com
	pct 100
	adkim 114
	aspf 114
	p 110
	sp 0
	align_dkim 4
	align_spf 5
	action 2

It looks like it's working, or doing something at least. 

Not sure what that "spf -1" means.

Jason



More information about the opendmarc-users mailing list