[opendmarc-users] pct=0 question
Dominic Raferd
dominic at timedicer.co.uk
Tue Nov 10 08:25:32 PST 2020
On 10/11/2020 12:01, Sistemisti Posta wrote:
> I have a question about pct=0 (really, pct!=100, but let suppose pct=0
> to be simple).
>
> OpenDMARC write a AR header as
>
> dmarc=fail (p=quarantine dis=none) header.from=example.com
>
> and suppose the
>
> _dmarc.example.com TXT is "v=DMARC1\; p=quarantine\; pct=0 ..."
>
> In this case I though to see
>
> dmarc=fail (p=none dis=none)
>
> because the next-most restrictive policy is "none".
> Examining logs it seems instead that I always see "p=quarantine", that
> is the published policy.
>
> Where can I read the real enforced policy? I could need this value to
> filter the mail by other software in the mail flow.
If you set HistoryFile in /etc/opendmarc.conf then full information is
recoverable from there, but it may be too late for mail flow. It will
record lots of things for each mail processed by opendmarc including:
adkim and aspf (strict or relaxed identified alignment):
114 relaxed
115 strict
p and sp (the defined domain and subdomain policies):
0 absent
110 none
113 quarantine
114 reject
policy (the policy that was actually applied[?]):
14 absent
15 pass
16 reject
17 quarantine
18 none
align_dkim and align_spf:
4 pass
5 fail
action:
0 reject
2 pass
4 quarantine
In your example case I would expect it to record policy quarantine, pct
0 and action pass. If you have not set 'RejectFailures true' in
opendmarc.conf then the action will always be pass. I do this and use
postfix milter_header_checks to spot the header added by opendmarc and
then redirect emails that would have been rejected by opendmarc.
More information about the opendmarc-users
mailing list