[opendmarc-users] troubleshooting an opendmarc 1.3.1 auth failure?
jasonsu at mail-central.com
jasonsu at mail-central.com
Tue May 10 08:08:08 PDT 2016
Juri
On Tue, May 10, 2016, at 07:23 AM, Juri Haberland wrote:
> Are you talking about two complete different Postfix instances or just
> different listeners of one Postfix instance? With complete independent Postfix
> instances there should not be this problem given that one instance runs the
> milters and the other one the content filter.
'Just' different listeners of one instance. NOT the 'true' MULTI-INSTANCE setup.
> This domain does not have a DMARC record (according to
> https://dmarcian.com/dmarc-inspector/e.hertzusa.brierleycrm.com) hence
> "dmarc=none".
> Have a look at the history file to see what the OpenDMARC milter really
> thought about SPF and DKIM for that domain.
Ok, well I'm completely mystefied. Checking with a DMARC-ed inbound mail from gmail, which DOES have a DMARC policy
https://dmarcian.com/dmarc-inspector/gmail.com
inbound mail received at my server has headers
...
DMARC-Filter: OpenDMARC Filter v1.3.1 mail.example.com 5j587m7ejWls8fh
Authentication-Results: opendmarc.mail.example.com/5j587m7ejWls8fh; dmarc=pass header.from=gmail.com
...
Where that^ 'passes'.
For that message, the opendmarc history file has
job 5j587m7ejWls8fh
reporter mail.example.com
received 1462892441
ipaddr 127.0.0.1
from gmail.com
mfrom gmail.com
dkim gmail.com 0
spf -1
pdomain gmail.com
policy 15
rua mailto:mailauth-reports at google.com
pct 100
adkim 114
aspf 114
p 110
sp 0
align_dkim 4
align_spf 5
action 2
It looks like it's working, or doing something at least.
Not sure what that "spf -1" means.
Jason
More information about the opendmarc-users
mailing list