[opendmarc-users] opendmarc 1.3.2~Beta1-2 milter failure

Dominic Raferd dominic at timedicer.co.uk
Thu Jan 19 00:28:37 PST 2017


On 19 January 2017 at 07:43, Dominic Raferd <dominic at timedicer.co.uk> wrote:
> Thanks for the great work on opendmarc!
>
> I'm using opendmarc 1.3.2~Beta1-2 on one of our mail servers.
> opendmarc -V reports:
> opendmarc: OpenDMARC Filter v1.3.2
>         SMFI_VERSION 0x1000001
>         libmilter version 1.0.1
>         Active code options:
>                 WITH_SPF
>                 WITH_SPF2
>
> opendmarc is using /etc/opendmarc.conf which contains the line:
> RejectFailures true
>
> We had our first dmarc 'fail' report yesterday, but (unlike similar
> cases with opendmarc 1.3.1) this one sailed onward through postfix to
> its final destination. Opendmarc reported the 'fail' in the log but
> didn't seem to have passed the fail back through the milter interface
> to postfix.
>
> I'm not sure how to test this. Has anything changed in opendmarc's
> milter communication between 1.3.1 and 1.3.2~Beta1-2 which might
> explain the behaviour?
>
> TIA, Dominic

My bad. When I look at the actual email I see opendmarc's header
includes: 'dmarc=fail (p=none dis=none)'. So the sender has a 'none'
policy, this is why the email was sent onward and not rejected or put
into the hold queue. I presume 'dis' in the header means 'action taken
by opendmarc'?

So I think opendmarc 1.3.2~Beta1-2 is working fine. Might be better if
more information was logged (i.e. the same info as appears in the
email header, so that the context of a 'fail' could be seen from the
log).


More information about the opendmarc-users mailing list