[opendmarc-users] Fw: DMARC fail and reject for one sender
Scott Kitterman
sklist at kitterman.com
Fri May 19 10:11:25 PDT 2017
On Friday, May 19, 2017 06:07:58 PM Juri Haberland wrote:
> On 19.05.2017 16:06, Dave Jones wrote:
> > My mail logs say that this SPF check is failing. Does opendmarc
> > support that type of SPF record for agents.icims.com? SpamAssassin
> > says it is passing SPF checks.
>
> You didn't check what I asked you to check:
> >> Please check whether your opendmarc uses libspf2, as the internal SPF
> >> code
> >>
> >> is broken and will most likely be removed in the next release:
> >>
> >> The command "strings /usr/lib/libopendmarc.so.2|grep spf2" should show
> >> something like:
> >> opendmarc_spf2_alloc_ctx
> >> opendmarc_spf2_free_ctx
> >> opendmarc_spf2_find_mailfrom_domain
> >> opendmarc_spf2_specify_ip_address
> >> opendmarc_spf2_test
> >> libspf2.so.2
>
> I have my doubts that the internal SPF code is able to handle those macros,
> but I'm quite certain that libspf2 can handle this. So it depends, what
> kind of SPF support is compiled into your OpenDMARC binary...
It doesn't (or at least I couldn't find it). I've looked at the code and
there's nothing in there to deal with macros or processing limits (which are a
DoS prevention/mitigation requirement). IMO the internal code is completely
unsuitable for use outside an isolated lab environment.
Scott K
More information about the opendmarc-users
mailing list