[opendmarc-users] patreon.com

Robert Dinse nanook at eskimo.com
Thu Mar 12 20:30:29 PDT 2020


      I don't but what I did not have set was trusted hosts.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
  Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
    Knowledgeable human assistance, not telephone trees or script readers.
  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Thu, 12 Mar 2020, Alistair McIntosh wrote:

> Date: Thu, 12 Mar 2020 09:01:01 +0000
> From: Alistair McIntosh <awm2 at st-andrews.ac.uk>
> To: Scott Kitterman <sklist at kitterman.com>,
>     "opendmarc-users at trusteddomain.org" <opendmarc-users at trusteddomain.org>
> Subject: Re: [opendmarc-users] patreon.com
> 
>>> Mar 11 07:45:48 mx1 opendmarc[11026]: 287FF40812 ignoring Authentication- Results at 1 from mx1.eskimo.com
>
> I believe this line is inserted by the opendmarc milter when you have
>
> SPFIgnoreResults true
>
> In your opendmarc config. Which should be used in conjunction with
>
> SPFSelfValidate true
>
> To tell opendmarc to ignore any SPF Authentication Headers records passed on and check SPF yourself.
>
>>>  I would make sure that TrustedAuthservIDs is set correctly in the local opendmarc configuration.
>
> With the TrustedAuthservIDs directive, I found recently that having it set to HOSTNAME was pretty useless as the authentication headers being set in our environment (by dkim for example) was from the FQDN. So opendmarc was not getting the dkim result.  Adding the server's FQDN to the list helped that.
>
> Also having a look in the history file is real helpful to see what opendmarc has done, I've not quite found a complete guide to what all the values mean but most are explained here.
>
> http://www.trusteddomain.org/opendmarc/opendmarc-README
>
> --- 
> Ally
>
>
> -----Original Message-----
> From: opendmarc-users-bounces at trusteddomain.org <opendmarc-users-bounces at trusteddomain.org> On Behalf Of Scott Kitterman
> Sent: 12 March 2020 04:49
> To: opendmarc-users at trusteddomain.org
> Subject: Re: [opendmarc-users] patreon.com
>
> I don't think so.
>
> Mar 11 07:45:48 mx1 opendmarc[11026]: 287FF40812: patreon.com fail
>
> This means that opendmarc thought the relevant policy domain was patreon.com, not a subdomain.
>
> If I were to hazard a guess, I think the clue is in this log line:
>
> Mar 11 07:45:48 mx1 opendmarc[11026]: 287FF40812 ignoring Authentication- Results at 1 from mx1.eskimo.com
>
> Since that is (I think) the local MTA, the problem may be that opendmarc isn't configured to recognize locally added A-R header fields as trusted.  I would make sure that TrustedAuthservIDs is set correctly in the local opendmarc configuration.  See man (5) opendmarc.conf for details [1].
>
> Scott K
>
> [1] https://manpages.debian.org/unstable/opendmarc/opendmarc.conf.5.en.html
>
> On Thursday, March 12, 2020 12:10:38 AM EDT Philip wrote:
>> Hi there,
>>
>> I think it might have something to do with the DMARC record they have...
>>
>> v=DMARC1; p=quarantine; adkim=r; aspf=s; fo=1; pct=100;
>> rua=mailto:ezqrltdi at ag.dmarcian.com;
>> ruf=mailto:ezqrltdi at fr.dmarcian.com
>>
>> Because the one for their root domain isn't extended to the sub domain
>> that they are sending from it will fail.
>>
>> https://mxtoolbox.com/SuperTool.aspx?action=mx:mailgun.patreon.com&new
>> AppVer
>> sion=1
>>
>> Phil
>>
>> On 12/03/2020 16:25, Robert Dinse wrote:
>>>      What information can I provide?  OpenDmarc itself is not
>>> logging much even with debugging enabled.  Here are mail.log entries
>>> for one failed
>>> message:
>>>
>>> Mar 11 07:45:44 mx1 postfix/smtpd[17433]: 287FF40812:
>>> client=m225-207.mailgun.net[159.135.225.207]
>>> Mar 11 07:45:48 mx1 postfix/cleanup[20947]: 287FF40812:
>>> message-id=<20200311144525.1.3689A561EB9E68B6 at mailgun.patreon.com>
>>> Mar 11 07:45:48 mx1 opendkim[17970]: 287FF40812: s=krs
>>> d=mailgun.patreon.com SSL Mar 11 07:45:48 mx1 opendmarc[11026]:
>>> 287FF40812 ignoring Authentication-Results at 1 from mx1.eskimo.com
>>> Mar 11 07:45:48 mx1 opendmarc[11026]: 287FF40812: patreon.com fail
>>> Mar 11 07:45:48 mx1 postfix/cleanup[20947]: 287FF40812: milter-hold:
>>> END-OF-MESSAGE from m225-207.mailgun.net[159.135.225.207]: milter
>>> triggers HOLD action;
>>> from=<bounce+a89d70.e05498-jal=eskimo.com at mailgun.patreon.com>
>>> to=<jal at eskimo.com> proto=ESMTP helo=<m225-207.mailgun.net> Mar 11
>>> 19:48:07 mx1 postfix/pickup[21999]: C12DA41291: uid=154
>>> from=<bounce+a89d70.e05498-jal=eskimo.com at mailgun.patreon.com>
>>> orig_id=287FF40812
>>>
>>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>>> -_-_-_
>>> -_-_-
>>>
>>>  Eskimo North Linux Friendly Internet Access, Shell Accounts, and
>>> Hosting.
>>>    Knowledgeable human assistance, not telephone trees or script readers.
>>>  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
>>> 246-6874.
>>>
>>> On Thu, 12 Mar 2020, Philip wrote:
>>>> Date: Thu, 12 Mar 2020 16:22:22 +1300
>>>> From: Philip <philip at treads.nz>
>>>> To: "opendmarc-users at trusteddomain.org  >>
>>>> opendmarc-users"@trusteddomain.org
>>>> Cc: Robert Dinse <nanook at eskimo.com>
>>>> Subject: Re: [opendmarc-users] patreon.com
>>>>
>>>> Hi there,
>>>>
>>>> You might need to provide some more information.
>>>>
>>>> Phil
>>>>
>>>> On 12/03/2020 16:03, Robert Dinse wrote:
>>>>>      I have opendmarc, opendkim, and the pything version of spf
>>>>> all installed.
>>>>> For some reason mail from mailgun.patreon.com is failing opendmarc
>>>>> and the mail is being held.  I can not understand why it is doing
>>>>> this. I've turned debugging on but it does not log any additional
>>>>> data as far as I can tell.
>>>>>
>>>>>
>>>>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>>>>> -_-_-_
>>>>> -_-_-_- Eskimo North Linux Friendly Internet Access, Shell
>>>>> Accounts, and Hosting.
>>>>>    Knowledgeable human assistance, not telephone trees or script
>>>>> readers.
>>>>>  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
>>>>> 246-6874.
>>>>> _______________________________________________
>>>>> opendmarc-users mailing list
>>>>> opendmarc-users at trusteddomain.org
>>>>> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
>
>
>
>
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
>
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
>


More information about the opendmarc-users mailing list