[opendmarc-users] Missing dmarc results header on incoming mail

[Dominic Raferd]

On 14 July 2017 at 16:10, Juri Haberland <juri at sapienti-sat.org> wrote:

> On 14.07.2017 15:08, Dominic Raferd wrote:
>
> > My understanding is that for the latter behaviour you must have
> policyd-spf
> > set to provide an 'Authentication-Results' header (opendmarc doesn't
> > understand the 'Received-SPF' header), and furthermore - if you are using
>
> This understanding is wrong. OpenDMARC does understand the Received-SPF
> header.
>
> > postfix - you must add an initial 'dummy' header line before the
> > 'check_policy_service unix:private/policy-spf' because this gets stripped
> > out in the information passed to the opendmarc milter and otherwise it
> > therefore loses sight of the SPF header.
>
> I think this was true for older Postfix versions, but there where some
> changes around version 2.10.2 & 2.10.3 that fixed that. At least I don't
> have to do anything special to get the SPF outcome of policy-spf into
> OpenDMARC.


​Thanks Juri for the confirmation.​

Regarding acceptability of 'Received-SPF' headers: it would be good if man
opendmarc was explicit about this. Presently (v1.3.2) it says:
'TrustedAuthservIDs (string) Provides  a  list  of  authserv-ids  that are
to be used to identify Authentication-Results header fields whose contents
are to be assumed as valid input for the DMARC assessment.' This implies
(to me) that trusted headers must start with 'Authentication-Results' as
well as including the specified string as id. I've always used 'Header_Type
= AR' in policyd-spf.conf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20170714/09c94b80/attachment.htm>