[opendmarc-users] OpenDMARC-milter detects only "fail" after upgrade
Karol Augustin
karol at augustin.pl
Thu Apr 5 09:18:08 PDT 2018
On 05/04/2018 05:02 PM, Benny Pedersen wrote:
> Benny Pedersen skrev den 2018-04-05 17:49:
>> Jonathan Sélea skrev den 2018-04-05 16:51:
>>
>>> Apr 5 16:25:26 hashmal opendmarc[16756]: C61E549C20: selea.se pass
>>>
>>> Any other logs that is more relevant? Or can I enable more detailed logging?
>>
>> Authentication-Results: linode.junc.eu; dmarc=fail (p=none dis=none)
>> header.from=selea.se
>> Authentication-Results: linode.junc.eu;
>> dkim=fail reason="signature verification failed" (2048-bit key)
>> header.d=selea.se header.i=@selea.se header.b=hkd/NGr2;
>> dkim-atps=neutral
>>
>> hmm
>>
>> can it be edns0 ?
>>
>> maybe your dns hoster blocks it ?
>>
>> try one with key size 512, i know its below 1024, but if thats pass we know more
>
> followup
>
> Authentication-Results: medusa.blackops.org;
> dkim=fail reason="signature verification failed" (1024-bit key;
> unprotected) header.d=junc.eu header.i=@junc.eu header.b=ZSy/GB6b;
> dkim-atps=neutral
>
> so maillist braeks dnssec
>
> but remember if spf gives pass it will in some cases be dmarc pass
> aswell even if dkim fails
>
> https://dane.sys4.de/smtp/selea.se
> https://dane.sys4.de/smtp/junc.eu
>
> might be irrelevant :=)
It is irrelevant. SPF might pass but it is not aligned as 'envelope
from' when you get e-mail form the list doesn't match From domain. So
SPF is not aligned and DKIM fails. It is well known fact that lists that
modify subject or body of the messages break DMARC. Nothing new.
OP:
You should check if your DKIM headers are correctly recognized by
opendmarc. The full logs of incoming message that should pass DMARC
would be helpful. Send yourself e-mail form gmail account and post all
logs from connection to INBOX delivery.
k.
--
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
More information about the opendmarc-users
mailing list