From mm at dorfdsl.de  Fri Feb 21 22:04:03 2025
From: mm at dorfdsl.de (Marco Moock)
Date: Sat, 22 Feb 2025 07:04:03 +0100
Subject: [opendmarc-users] fo=0 seems to be ignored
Message-ID: <20250222070403.5dc6d909@zbook>

Hello!

A postmaster told me that my system is generating DMARC failure reports
for his mails that pass SPF, but have no DKIM signature.

This is the original mail:

Return-Path: <root at mail.ausics.net>
Received: from srv1.dorfdsl.de ([unix socket])
	 by srv1 (Cyrus 3.8.1-Debian-3.8.1-1~bpo12+1) with LMTPA;
	 Tue, 18 Feb 2025 20:04:52 +0100
X-Cyrus-Session-Id: cyrus-1739905492-308616-1-13008908454820145790
X-Sieve: CMU Sieve 3.0
Authentication-Results: srv1.dorfdsl.de; dmarc=fail (p=quarantine dis=none) header.from=ausics.net
Authentication-Results: srv1; spf=pass (sender SPF authorized) 
   smtp.mailfrom=mail.ausics.net (client-ip=120.88.115.158; 
   helo=valhalla.ausics.net; envelope-from=root at mail.ausics.net; 
   receiver=<UNKNOWN>)
Received: from mail.ausics.net (valhalla.ausics.net [120.88.115.158])
	by srv1.dorfdsl.de (8.18.1/8.18.1/Debian-6~bpo12+1) with ESMTPS id 51IJ4mph308611
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
	for <reports at dorfdsl.de>; Tue, 18 Feb 2025 20:04:51 +0100
Received: by mail.ausics.net (Postfix, from userid 0)
	id DE109200120; Wed, 19 Feb 2025 05:04:45 +1000 (AEST)
From: opendmarc at ausics.net
To: reports at dorfdsl.de
Date: Wed, 19 Feb 2025 05:04:45 +1000 (AEST)
Subject: FW: Re: IPv6 Geolocation per /64
MIME-Version: 1.0
Content-Type: multipart/report;
	report-type=feedback-report;
	boundary="mail.ausics.net:2E5C3200097"
Message-Id: <20250218190445.DE109200120 at mail.ausics.net>

_dmarc.ausics.net.      85931   IN      TXT     "v=DMARC1;
p=quarantine; aspf=r; adkim=r;
rua=mailto:gmqyz1jw at ag.au.dmarcian.com,mailto:re+ctlzlwfzbeb at dmarc.postmarkapp.com;
ruf=mailto:dmarc at ausics.net,mailto:gmqyz1jw at fr.au.dmarcian.com; fo=0;"

fo=0 means that a report should only be generate if all mechanisms don't create a pass result.

This isn't the case for this message.

I call the milters in this order:
INPUT_MAIL_FILTER(`opendkim', `S=unix:/run/opendkim/opendkim.sock')
INPUT_MAIL_FILTER(`pyspf', `S=local:/run/pyspf-milter/pyspf-milter.sock')
INPUT_MAIL_FILTER(`opendmarc', `S=local:/run/opendmarc/opendmarc.sock')

Is that a problem in OpenDMARC or at another place?

-- 
kind regards
Marco