[opendmarc-users] troubleshooting an opendmarc 1.3.1 auth failure?
jasonsu at mail-central.com
jasonsu at mail-central.com
Tue May 10 08:45:59 PDT 2016
Petr,
On Tue, May 10, 2016, at 08:06 AM, Petr Novák wrote:
> In your example it should look like:
>
> SPFIgnoreResults false
> SPFSelfValidate false
Have those
> TrustedAuthservIDs spf.mail.example.com,mail.example.com
> Insert the correct hostnames after TrustedAuthservIDs...
Had that, but it was NOT complete, missing one. I'm not entirely sure where that omission's had effect, but I've now made sure to enter every authservID!
Nice catch, thanks!
> That means the mail is sent to smtpd_proxy_filter before milter
> header/body inspection. So the milters which needs to check headers/body
> wont work after smtpd_proxy_filter. But that looks like its not your
> case because they clearly work as you can see their results in headers.
The only 'listener' that uses smtpd_proxy_filter is the 1st-step postscreen listener, in a handoff to a prequeue dkim check
Afterwards I only use (non_)smptd_milters (SPF & DMARC) and content_filter (A/S, A/V).
As you noted, it's working. I'm still scratching my head re: 'why fail' in my OP. Maybe it's the incorrect/incomplete TrustedAuthservID you caught. I'll keep an eye on the logs for awhile and see.
Jason
More information about the opendmarc-users
mailing list