[opendmarc-users] dmarc fail on internal emails
Juri Haberland
juri at sapienti-sat.org
Thu Apr 20 22:49:03 PDT 2017
Ian Evans wrote:
> On Thu, Apr 20, 2017 at 5:23 PM, Juri Haberland <juri at sapienti-sat.org>
> wrote:
>> >> > IMHO it doesn't make any sense to check internal mail for
>> SPF/DKIM/DMARC.
>> >> > But if you insist, please send your opendmarc.conf for a review.
>>
>> > AuthservID carson.digitalhit.com
>> > TrustedAuthservIDs carson.digitalhit.com
>>
>> Ok, good. Does Amavis use the same AuthservID?
>
> Actually, no. As per this thread (
> https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/#comment-11570),
> discussing Amavis eating some headers, the amavis AuthservID is
> amavis.local. They said:
>
> "Amavis deletes the Authentication-Results headers if $myauthservid is the
> same as AuthservID in opendmarc.conf. They both default to the local
> hostname by default. To use both together set
>
> $myauthservid = ?amavis.local?;
If you use Amavis to do the DKIM check, it doesn't matter if it deletes the AR
header, as there shouldn't be one. The order of filters/milters must be:
Amavis -> OpenDMARC, as OpenDMARC needs to check the AR header inserted by
Amavis. In order to do that, the AuthservID used by Amavis needs to be in
TrustedAuthservIDs. So either set $myauthservid to carson.digitalhit.com in
50-user, or add amavis.local to TrustedAuthservIDs in opendmarc.conf.
Btw:
What software does the SPF check?
Juri
More information about the opendmarc-users
mailing list