[opendmarc-users] Missing dmarc results header on incoming mail
Dominic Raferd
dominic at timedicer.co.uk
Fri Jul 14 08:11:17 PDT 2017
On 14 July 2017 at 16:05, Dominic Raferd <dominic at timedicer.co.uk> wrote:
>
>
> On 14 July 2017 at 15:50, Christian Kivalo <ml+opendmarc-users at valo.at>
> wrote:
>
>>
>>
>> >My understanding is that for the latter behaviour you must have
>> >policyd-spf
>> >set to provide an 'Authentication-Results' header (opendmarc doesn't
>> >understand the 'Received-SPF' header), and furthermore - if you are
>> >using
>> >postfix - you must add an initial 'dummy' header line before the
>> >'check_policy_service unix:private/policy-spf' because this gets
>> >stripped
>> >out in the information passed to the opendmarc milter and otherwise it
>> >therefore loses sight of the SPF header.
>> >
>> >To test this, set 'SPFSelfValidate = false' in opendmarc.conf and see
>> >if it
>> >can still authenticate incoming mails.
>>
>> I can't confirm this behavior, my opendmarc milter has SPFSelfValidate =
>> false (the default) and I can see all headers added by the milters
>> (postfix-policyd-spf-python + opendkim + opendmarc all adding their
>> Authentication-Results header (on Debian 8).
>>
>
> It is a strange er 'feature' so although the end recipient sees all the
> headers the milter does not see the first added header - see
> https://incenp.org/notes/2016/postfix-policydspf-opendmarc.html and
> https://groups.google.com/forum/#!topic/mailing.postfix.users/FyFdakjwZ-s.
> If Wietse says it's true, that's good enough for me - I have never tested
> it. Mind you this was in 2014, it might have been fixed since then.
>
> In practice the SPF header is very rarely important, because most senders
> with an enforced DMARC policy use DKIM correctly.
>
Sorry I now see this behaviour was fixed in October 2014 - it should not
now be necessary to add a dummy header for Postfix 2.11.2+ (and some
backported versions) - see
http://www.postfix.org/announcements/postfix-2.11.2.html. My apologies for
sowing any confusion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20170714/b443f4ad/attachment.htm>
More information about the opendmarc-users
mailing list