[opendmarc-users] avoid dmarc checks for authenticated connections
Benny Pedersen
me at junc.eu
Wed Oct 16 09:56:29 PDT 2024
Marco Moock skrev den 2024-10-16 17:10:
> Hello!
>
> IIRC the sendmail milter interface can tell a milter when a connection
> is authenticated (e.g. for mail submission from MUA). Can opendmarc use
> this info and avoid checking DMARC?
Yes
X-Spam-Status Yes, score=5.256 tagged_above=-999 required=5
tests=[AUTHRES_ATPS_NEUTRAL=0.5, AUTHRES_DKIM_FAIL=0.5,
AUTHRES_SENDER_ID_PASS=-1.1, AUTHRES_SPF_FAIL=1.5, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248,
KAM_DMARC_STATUS=0.008, MAILING_LIST_MULTI=-0.1,
RELAYCOUNTRY_BAD_DE=0.5, RELAYCOUNTRY_GREY=0.1, SPF_HELO_NONE=3,
SPF_PASS=-0.1] autolearn=no autolearn_force=no
Authentication-Results mx.junc.eu (amavisd-new); dkim=fail (2048-bit
key) reason="fail (message has been altered)" header.d=dorfdsl.de
Authentication-Results medusa.blackops.org; dkim=fail reason="signature
verification failed" (2048-bit key; unprotected) header.d=dorfdsl.de
header.i=@dorfdsl.de header.b=0qyCC8br; dkim-atps=neutral
Authentication-Results medusa.blackops.org; sender-id=fail
(NotPermitted) header.sender=opendmarc-users-bounces at trusteddomain.org;
spf=fail (NotPermitted)
smtp.mfrom=opendmarc-users-bounces at trusteddomain.org
Authentication-Results medusa.blackops.org; sender-id=pass
header.from=mm at dorfdsl.de; spf=none smtp.mfrom=mm at dorfdsl.de
Authentication-Results srv1.dorfdsl.de; dmarc=fail (p=none dis=none)
header.from=dorfdsl.de
Authentication-Results srv1; none (SPF check N/A for local connections -
client-ip=2a01:170:118f:2:41f1:9a73:d13d:a0f;
helo=[IPv6:2a01:170:118f:2:41f1:9a73:d13d:a0f];
envelope-from=mm at dorfdsl.de; receiver=<UNKNOWN>)
to be fair why is spf failing when you mail to blackops ?
why is blackops missing spf helo pass ? :)
or is this really blackops at failing misserable ?
https://mailing.postfix.users.narkive.com/1jti9G9Y/permit-sasl-authenticated-users-to-bypass-dmarc
in opendmarc.conf set MTA=ORIGINATING
in postfix master.cf set -o milter_macro_daemon_name=ORIGINATING for
port 465 and 587, dont set it for port 25
or simple dont add opendmarc at all to port 465 and 587, but opendkim
need to be there :)
More information about the opendmarc-users
mailing list