[opendmarc-users] Missing dmarc results header on incoming mail

Dominic Raferd dominic at timedicer.co.uk
Fri Jul 14 08:05:41 PDT 2017


On 14 July 2017 at 15:50, Christian Kivalo <ml+opendmarc-users at valo.at>
wrote:

>
>
> >My understanding is that for the latter behaviour you must have
> >policyd-spf
> >set to provide an 'Authentication-Results' header (opendmarc doesn't
> >understand the 'Received-SPF' header), and furthermore - if you are
> >using
> >postfix - you must add an initial 'dummy' header line before the
> >'check_policy_service unix:private/policy-spf' because this gets
> >stripped
> >out in the information passed to the opendmarc milter and otherwise it
> >therefore loses sight of the SPF header.
> >
> >To test this, set 'SPFSelfValidate = false' in opendmarc.conf and see
> >if it
> >can still authenticate incoming mails.
>
> I can't confirm this behavior, my opendmarc milter has SPFSelfValidate =
> false (the default) and I can see all headers added by the milters
> (postfix-policyd-spf-python + opendkim + opendmarc all adding their
> Authentication-Results header (on Debian 8).
>

​It is a strange er 'feature' so although the end recipient sees all the
headers the milter does not see the first added header​ - see
https://incenp.org/notes/2016/postfix-policydspf-opendmarc.html and
https://groups.google.com/forum/#!topic/mailing.postfix.users/FyFdakjwZ-s.
If Wietse says it's true, that's good enough for me - I have never tested
it. Mind you this was in 2014, it might have been fixed since then.

In practice the SPF header is very rarely important, because most senders
with an enforced DMARC policy use DKIM correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20170714/2af2d4de/attachment.htm>


More information about the opendmarc-users mailing list