[opendmarc-users] SPF pass with alignment, yet DMARC fail?

Thomas Sturm tst at open.ch
Tue Oct 11 04:47:56 PDT 2016


Hi Juri,

Many thanks for your help so far!

> On 10.10.2016, at 09:59, Juri Haberland <juri at sapienti-sat.org> wrote:
> 
> Using the test option of OpenDMARC I could not reproduce your problem - it
> would pass both SPF and DMARC.
> 
> Thomas, can you give a bit more details about your setup? What OS; did you
> compile it yourself or used a pre-build package? If you compiled it yourself,
> what is the configure line used?
> Can you query your SPF record from the machine in question?
> When you tested 1.3.2-beta0, did you apply the patches from my page?

I compiled 1.3.2-beta0 with all the patches as described here [1] again. I compiled with libspf2. Then I tested this email [2] as follows:

$ env |grep OPENDMARC
OPENDMARC_TEST_HELONAME=smtp10.rbsgc.com
OPENDMARC_TEST_CLIENTHOST=smtp10.rbsgc.com
OPENDMARC_TEST_CLIENTIP=146.121.21.36
OPENDMARC_TEST_ENVFROM=example at rbs.com

$ opendmarc -c opendmarc.conf -t rbs.com.eml -vvvv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 3: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 5: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 6: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 7: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 8: mlfi_header() returned SMFIS_CONTINUE
opendmarc: rbs.com.eml: line 9: mlfi_header() returned SMFIS_CONTINUE
### INSHEADER: idx=1 hname='Authentication-Results' hvalue=‘example-hostname; spf=fail smtp.mailfrom=example at rbs.com'
### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC policy for rbs.com'
opendmarc: rbs.com.eml: mlfi_eom() returned SMFIS_REJECT
opendmarc: mlfi_close() returned SMFIS_CONTINUE

where opendmarc.conf looks like [3] and this history.dat [4] is created. This SPF result seems to be wrong [5].

Let me know if I missed anything.

Cheers,
Thomas


[1] http://batleth.sapienti-sat.org/projects/opendmarc/
[2] http://pastebin.com/b4Jka8gY
[3] http://pastebin.com/UTxhmxQU
[4] http://pastebin.com/3H52107w
[5] http://www.openspf.org/Why?id=example%40rbs.com&ip=146.121.21.36&receiver=example-hostname

-- 
thomas sturm
principal engineer

open systems ag
raeffelstrasse 29
ch-8045 zurich
t: +41 58 100 10 10
f: +41 58 100 10 11

tst at open.ch

http://www.open.ch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4117 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20161011/b4a9a663/attachment.bin>


More information about the opendmarc-users mailing list