[opendmarc-users] Fw: DMARC fail and reject for one sender

[Dave Jones]

Sorry about that.  I didn't see that request to check something.  This
is my output:

# strings /usr/lib64/libopendmarc.so.2|grep spf2
opendmarc_spf2_specify_ip_address
opendmarc_spf2_free_ctx
opendmarc_spf2_alloc_ctx
opendmarc_spf2_find_mailfrom_domain
opendmarc_spf2_test
libspf2.so.2

Dave

On Fri, May 19, 2017 at 11:07 AM, Juri Haberland <juri at sapienti-sat.org> wrote:
> On 19.05.2017 16:06, Dave Jones wrote:
>> My mail logs say that this SPF check is failing.  Does opendmarc
>> support that type of SPF record for agents.icims.com?  SpamAssassin
>> says it is passing SPF checks.
>
> You didn't check what I asked you to check:
>         >> Please check whether your opendmarc uses libspf2, as the internal SPF code
>>> is broken and will most likely be removed in the next release:
>>>
>>> The command "strings /usr/lib/libopendmarc.so.2|grep spf2" should show
>>> something like:
>>> opendmarc_spf2_alloc_ctx
>>> opendmarc_spf2_free_ctx
>>> opendmarc_spf2_find_mailfrom_domain
>>> opendmarc_spf2_specify_ip_address
>>> opendmarc_spf2_test
>>> libspf2.so.2
>
> I have my doubts that the internal SPF code is able to handle those macros,
> but I'm quite certain that libspf2 can handle this. So it depends, what
> kind of SPF support is compiled into your OpenDMARC binary...
>
>> I think I may try "SPFIgnoreResults false" and "SPFSelfValidate false"
>> to see if that helps.  Both are true right now.
>
> For that you need an additional milter or postfix-policyd that does the SPF
> checking.
>
>
>   Juri