[opendmarc-users] OpenDMARC ignoring DKIM result, debugging

Ladislav Laska krakonos at krakonos.org
Fri Oct 1 10:25:50 PDT 2021 

Thanks. I'm still not happy though, I'd like a way to verify this is
actually the case. Is there no way of getting more info on why the dmarc
check resulted in fail?

Also, is this mailing list setup incorrectly? Looked up your message and
found:

Authentication-Results: mouflon; dmarc=fail (p=reject dis=none) header.from=ptld.com
Authentication-Results: mouflon; spf=pass smtp.mailfrom=trusteddomain.org
Authentication-Results: mouflon;
        dkim=fail reason="signature verification failed" (2048-bit key) header.d=ptld.com
        header.i=@ptld.com header.b=hDllrs9n

Here the SPF passed, but DKIM failed (I guess the mailing list touched
something it shouldn't have?).

Anyway, the dmarc still failed, even though SPF passed. I'd like to
point out that SPF check was performed using OpenDMARC itself.

Regards,
Ladislav

On Fri, Oct 01, 2021 at 12:04:53PM -0400, list at ptld.com wrote:
> > Oct 01 17:03:13 mouflon opendkim[50486]: D473D525A2: DKIM verification
> > successful
> > Oct 01 17:03:13 mouflon opendmarc[50891]: D473D525A2 ignoring
> > Authentication-Results at 6 from medusa.blackops.org
> > Oct 01 17:03:14 mouflon opendmarc[50891]: D473D525A2: SPF(mailfrom):
> > trusteddomain.org pass
> > Oct 01 17:03:15 mouflon opendmarc[50891]: D473D525A2: trusteddomain.org
> > pass
> 
> > Authentication-Results: mouflon; dmarc=fail (p=none dis=none)
> > header.from=comcast.net
> > Authentication-Results: mouflon; spf=fail smtp.mailfrom=groups.io
> > Authentication-Results: mouflon; dkim=pass (1024-bit key)
> > header.d=groups.io header.i=@groups.io header.b=OZOfLbUX
> 
> 
> Nothing is wrong, many mailing list are not setup right. What you are seeing
> is an alignment issue between the envelope and header from. You have a
> situation where you are getting an email from ???@groups.io but it was sent
> from blackops.org / trusteddomain.org
> 
> SPF passed for trusteddomain.org, but the email header From: is
> ???@groups.io. Even though SPF passed, it passed for the wrong domain. It
> didn't pass for groups.io which is who the email is from. As you see in the
> logs spf=fail for groups.io.
> 
> Same issue for dkim, dkim passed for groups.io but the mail was received
> from medusa.blackops.org
> 
> When it says DKIM verfication successful, its just reporting that it found a
> signature and the signature is valid, but doesn't mean its the right
> signature needed based on who is sending that email.
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20211001/26ac1a2e/attachment.pgp>

More information about the opendmarc-users mailing list