[opendmarc-users] RHEL 9 Usage Anyone?

Benny Pedersen me at junc.eu
Wed Jun 11 04:32:18 PDT 2025 

Steve Siirila skrev den 2025-06-10 23:52:
> We resolved the issue.  opendmarc was not properly linked with libspf2
> and was using its internal SPF logic (which is apparently broken in
> more ways that one!).
> 
> It would still be useful to know who all is using opendmarc
> (regardless of the platform it's running on).
> 
> Anyone?

X-Spam-Status	Yes, score=5.166 tagged_above=-999 required=5 
tests=[AUTHRES_ATPS_NEUTRAL=0.5, AUTHRES_DKIM_FAIL=0.5, 
AUTHRES_SENDER_ID_FAIL=0.5, AUTHRES_SPF_FAIL=1.5, DKIM_INVALID=0.1, 
DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.065, 
HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-0.1, RELAYCOUNTRY_GREY=0.1, 
SPF_HELO_NONE=2, SPF_PASS=-0.1] autolearn=no autolearn_force=no
Authentication-Results	mx.junc.eu (amavis); dkim=fail (2048-bit key) 
reason="fail (message has been altered)" header.d=umn.edu
Authentication-Results	medusa.blackops.org; dkim=fail reason="signature 
verification failed" (2048-bit key; unprotected) header.d=umn.edu 
header.i=@umn.edu header.b=NF5SOaxd; dkim-atps=neutral
Authentication-Results	medusa.blackops.org; sender-id=fail 
(NotPermitted) header.sender=opendmarc-users-bounces at trusteddomain.org; 
spf=fail (NotPermitted) 
smtp.mfrom=opendmarc-users-bounces at trusteddomain.org
Authentication-Results	medusa.blackops.org; sender-id=none 
header.from=sfs at umn.edu; spf=none smtp.mfrom=sfs at umn.edu

blackops fails

umn.edu not dnssec domain

trusteddomain.org always spf fails

trusteddomain.org is still untrusted, not trusted

trusteddomain.org should implement OpenARC, and run it BEFORE all is 
breaking DKIM in there mail handling

> 
> On Mon, Jun 9, 2025 at 7:52 PM Steve Siirila <sfs at umn.edu> wrote:
> 
>> Is anyone using opendmarc on a RHEL 9 production environment
>> (particularly in reject mode)?
>> 
>> We have run into issues on our RHEL 9 servers running opendmarc
>> where SPF queries involving macros or ones involving CNAME record
>> chaining are not working as expected.  The former yields SPF
>> failures, and the latter yields SPF TEMPFAILs.  We're unsure whether
>> this is an issue with opendmarc or with DNS name resolution.
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users

More information about the opendmarc-users mailing list