[opendmarc-users] Fw: DMARC fail and reject for one sender

Juri Haberland juri at sapienti-sat.org
Fri May 19 09:07:58 PDT 2017


On 19.05.2017 16:06, Dave Jones wrote:
> My mail logs say that this SPF check is failing.  Does opendmarc
> support that type of SPF record for agents.icims.com?  SpamAssassin
> says it is passing SPF checks.

You didn't check what I asked you to check:
	>> Please check whether your opendmarc uses libspf2, as the internal SPF code
>> is broken and will most likely be removed in the next release:
>> 
>> The command "strings /usr/lib/libopendmarc.so.2|grep spf2" should show
>> something like:
>> opendmarc_spf2_alloc_ctx
>> opendmarc_spf2_free_ctx
>> opendmarc_spf2_find_mailfrom_domain
>> opendmarc_spf2_specify_ip_address
>> opendmarc_spf2_test
>> libspf2.so.2

I have my doubts that the internal SPF code is able to handle those macros,
but I'm quite certain that libspf2 can handle this. So it depends, what
kind of SPF support is compiled into your OpenDMARC binary...

> I think I may try "SPFIgnoreResults false" and "SPFSelfValidate false"
> to see if that helps.  Both are true right now.

For that you need an additional milter or postfix-policyd that does the SPF
checking.


  Juri


More information about the opendmarc-users mailing list