[opendmarc-users] dmarc fail on internal emails

Juri Haberland juri at sapienti-sat.org
Fri Apr 21 14:16:25 PDT 2017


On 21.04.2017 21:53, Ian Evans wrote:
> On Fri, Apr 21, 2017 at 1:49 AM, Juri Haberland <juri at sapienti-sat.org>
> wrote:

> [...] Don't think Amavis is
> handling DKIM through it's own mechanisms, that is, I didn't alter any conf
> files. OpenDKIM is installed directly as per:

I thought DKIM validation is done by Amavis because of the headers you
posted in your first mail:

> Authentication-Results: amavis.local (amavisd-new); dkim=pass (1024-bit key)
>     header.d=example.com

I did not see any AR-header from OpenDKIM nor from
postfix-policyd-spf-python (or a Received-SPF-header)...
The missing AR-header from OpenDKIM might be due to a missing DKIM
signature... so why is your setup not signing internal mails?

As checking SPF is irrelevant for internal mail (that is: mail from
localhost or from hosts all over the world, authenticated by username and
password), as you cannot include localhost or 0.0.0.0 in your SPF record,
we can ignore the fact that there is no AR-header for SPF.

How are you internal mails submitted? Via the submission port? If so, that
configuration is not included in your post on the postfix-users ML.

But again, why do you insist on validating internal mails, that are either
generated on your system and submitted via localhost or are received via
submission and should be authenticated by username/password?

All in all, I don't think this an OpenDMARC issue, but a generic
Postfix/Milter/OpenDKIM configuration issue and might be better handled on
the postfix-users ML.


  Juri



More information about the opendmarc-users mailing list