<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Please take a look in this mailing list's archives for these subject
    lines:<br>
    <ul>
      <li>"pypolicyd-spf integration" from March of this year</li>
      <li>"OpenDMARC Postfix SPF implementation" from April of this year<br>
      </li>
    </ul>
    Those messages will tell you all you need to get this working.<br>
    <br>
    Cheers,<br>
        -nic<br>
    <br>
    Archives are here:
    <a class="moz-txt-link-freetext" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a><br>
    <br>
    <div class="moz-cite-prefix">On 08/11/2014 09:05 AM, Christoph
      Steindl wrote:<br>
    </div>
    <blockquote cite="mid:53E8CD91.6060609@univie.ac.at" type="cite">Hello,
      <br>
      <br>
      I still have some troubles with the spf validation in opendmarc.
      Currently I'm using postfix with opendkim,
      postfix-policyd-spf-python and opendmarc (v. 1.3.0). The spf
      module adds a "Received-SPF:" header with the right results and
      the opendkim milter adds an "Authentication-Results:" header with
      the right results. But in the history files, which are used to
      generate the reports, spf always fails (spf = -1). See the logs
      for an email from gmail to my own domain below. It would be great
      if somebody could help me with this problem.
      <br>
      <br>
      Thanks in advance,
      <br>
      Christoph
      <br>
      <br>
      <br>
      <br>
      history file (opendmarc):
      <br>
      #########################
      <br>
      job 2922AAC0303
      <br>
      reporter dmarctest.info
      <br>
      received 1407764522
      <br>
      ipaddr 209.85.212.180
      <br>
      from gmail.com
      <br>
      mfrom gmail.com
      <br>
      dkim gmail.com 0       # dkim is ok
      <br>
      spf -1                         # spf has a problem
      <br>
      pdomain gmail.com
      <br>
      policy 15
      <br>
      rua <a class="moz-txt-link-freetext" href="mailto:mailauth-reports@google.com">mailto:mailauth-reports@google.com</a>
      <br>
      pct 100
      <br>
      adkim 114
      <br>
      aspf 114
      <br>
      p 110
      <br>
      sp 0
      <br>
      align_dkim 4
      <br>
      align_spf 5
      <br>
      action 2
      <br>
      #########################
      <br>
      <br>
      <br>
      Mail header:
      <br>
      #########################
      <br>
      Return-Path: <a class="moz-txt-link-rfc2396E" href="mailto:test@gmail.com"><test@gmail.com></a>
      <br>
      X-Original-To: <a class="moz-txt-link-abbreviated" href="mailto:christoph@mydomain.com">christoph@mydomain.com</a>
      <br>
      Delivered-To: <a class="moz-txt-link-abbreviated" href="mailto:christoph@mydomain.com">christoph@mydomain.com</a>
      <br>
      Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
      client-ip=209.85.212.179; helo=mail-wi0-f179.google.com;
      <a class="moz-txt-link-abbreviated" href="mailto:envelope-from=test@gmail.com">envelope-from=test@gmail.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:receiver=christoph@mydomain.com">receiver=christoph@mydomain.com</a>
      <br>
      Authentication-Results: mydomain.com; dkim=pass
      <br>
          reason="2048-bit key; unprotected key"
      <br>
          header.d=gmail.com <a class="moz-txt-link-abbreviated" href="mailto:header.i=@gmail.com">header.i=@gmail.com</a> header.b=jZobihA3;
      <br>
          dkim-adsp=pass; dkim-atps=neutral
      <br>
      Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com
      [209.85.212.179])
      <br>
          (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
      <br>
          (Client CN "smtp.gmail.com", Issuer "Google Internet Authority
      G2" (verified OK))
      <br>
          by mydomain.com (Postfix) with ESMTPS id 96E56AC0303
      <br>
          for <a class="moz-txt-link-rfc2396E" href="mailto:christoph@mydomain.com"><christoph@mydomain.com></a>; Mon, 11 Aug 2014 15:22:37
      +0200 (CEST)
      <br>
      Received: by mail-wi0-f179.google.com with SMTP id
      f8so4191754wiw.6
      <br>
          for <a class="moz-txt-link-rfc2396E" href="mailto:christoph@mydomain.com"><christoph@mydomain.com></a>; Mon, 11 Aug 2014 06:25:17
      -0700 (PDT)
      <br>
      DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
      <br>
          d=gmail.com; s=20120113;
      <br>
          h=message-id:date:from;
      <br>
          bh=+5MTaFlEEPuOhZYsC4F3LrgZyCMC4AuHpjeVyA5jfOo=;
      <br>
b=jZobihA3nuRSbCmvYfTOIEPekkcFXLGTI9jJhuztBd+31/G9vbgckfzW3EgpzTmjhH
      <br>
t06JI+rNJYLtxAW8c9HlW61VUYVjIAWml3zBP/mRoCzz13pOJjkkt2tZ3Q6FxODc6kKh
      <br>
BsI7mNGtF/GUgJCnYmXAD8JWEtulUWD/NzVG47cLiQQY0DmvgMdPlQHVFutO2iUyqKLP
      <br>
tGeymgsjAMJAzCMknwVTb560Khuv3OduxFgitnaUK7CP/yGsUuWDCn339XeWCoVrysIG
      <br>
HQos4Gr7FLSWjoR0WZ8tnirAWPrNrTCex9i9kO1rxQuV9WGVSbf+eKj76fCILKaFQSt5
      <br>
          G8lQ==
      <br>
      X-Received: by 10.180.73.235 with SMTP id
      o11mr25722870wiv.41.1407763517782;
      <br>
          Mon, 11 Aug 2014 06:25:17 -0700 (PDT)
      <br>
      Received: from eos.fc.univie.ac.at
      ([2001:62a:4:2401:1aa9:5ff:fef0:6c47])
      <br>
          by mx.google.com with ESMTPSA id
      dc3sm1598986wjc.27.2014.08.11.06.25.17
      <br>
          for <a class="moz-txt-link-rfc2396E" href="mailto:christoph@mydomain.com"><christoph@mydomain.com></a>
      <br>
          (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
      bits=128/128);
      <br>
          Mon, 11 Aug 2014 06:25:17 -0700 (PDT)
      <br>
      Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:53e8c43d.03b3c20a.718e.617d@mx.google.com"><53e8c43d.03b3c20a.718e.617d@mx.google.com></a>
      <br>
      Date: Mon, 11 Aug 2014 06:25:17 -0700 (PDT)
      <br>
      From: <a class="moz-txt-link-abbreviated" href="mailto:test@gmail.com">test@gmail.com</a>
      <br>
      Authentication-Results: mydomain.com; dmarc=pass
      header.from=gmail.com
      <br>
      DMARC-Filter: OpenDMARC Filter v1.3.0 mydomain.com 96E56AC0303
      <br>
      ...
      <br>
      #########################
      <br>
      <br>
      <br>
      mail.log (system):
      <br>
      #########################
      <br>
      ...
      <br>
      policyd-spf[6312]: None; identity=helo; client-ip=74.125.82.50;
      helo=mail-wg0-f50.google.com; <a class="moz-txt-link-abbreviated" href="mailto:envelope-from=test@gmail.com">envelope-from=test@gmail.com</a>;
      <a class="moz-txt-link-abbreviated" href="mailto:receiver=christoph@mydomain.com">receiver=christoph@mydomain.com</a>
      <br>
      policyd-spf[6312]: Pass; identity=mailfrom;
      client-ip=74.125.82.50; helo=mail-wg0-f50.google.com;
      <a class="moz-txt-link-abbreviated" href="mailto:envelope-from=test@gmail.com">envelope-from=test@gmail.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:receiver=christoph@mydomain.com">receiver=christoph@mydomain.com</a>
      <br>
      postfix/smtpd[6309]: A6290AC0303:
      client=mail-wg0-f50.google.com[74.125.82.50]
      <br>
      postfix/cleanup[6313]: A6290AC0303:
      message-id=<a class="moz-txt-link-rfc2396E" href="mailto:53e8c302.26bbb40a.1ef5.ffff8f32@mx.google.com"><53e8c302.26bbb40a.1ef5.ffff8f32@mx.google.com></a>
      <br>
      opendkim[12505]: A6290AC0303: mail-wg0-f50.google.com
      [74.125.82.50] not internal
      <br>
      opendkim[12505]: A6290AC0303: not authenticated
      <br>
      opendkim[12505]: A6290AC0303: s=20120113 d=gmail.com SSL
      <br>
      opendmarc[2145]: A6290AC0303: gmail.com pass
      <br>
      ...
      <br>
      #########################
      <br>
      <br>
      <br>
      main.cf (postfix):
      <br>
      #########################
      <br>
      ...
      <br>
      smtpd_recipient_restrictions = reject_unknown_client_hostname,
      <br>
          reject_unknown_sender_domain, reject_unknown_recipient_domain,
      <br>
          reject_unauth_pipelining, permit_mynetworks,
      <br>
          permit_sasl_authenticated, reject_unauth_destination,
      <br>
          reject_invalid_hostname, reject_non_fqdn_sender,
      check_policy_service unix:private/policy-spf
      <br>
      ...
      <br>
      policy-spf_time_limit = 3600s
      <br>
      ...
      <br>
      smtpd_milters = unix:/var/run/opendkim/opendkim.sock
      unix:/var/run/opendmarc/opendmarc.sock
      <br>
      ...
      <br>
      #########################
      <br>
      <br>
      <br>
      master.cf (postfix):
      <br>
      #########################
      <br>
      ...
      <br>
      policy-spf  unix  -       n       n       -       0       spawn
      <br>
           user=policyd-spf argv=/usr/bin/policyd-spf
      <br>
      ...
      <br>
      #########################
      <br>
      _______________________________________________
      <br>
      opendmarc-users mailing list
      <br>
      <a class="moz-txt-link-abbreviated" href="mailto:opendmarc-users@trusteddomain.org">opendmarc-users@trusteddomain.org</a>
      <br>
      <a class="moz-txt-link-freetext" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a>
      <br>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Nic Bernstein                             <a class="moz-txt-link-abbreviated" href="mailto:nic@onlight.com">nic@onlight.com</a>
Onlight llc.                              <a class="moz-txt-link-abbreviated" href="http://www.onlight.com">www.onlight.com</a>
219 N. Milwaukee St., Ste. 2A             v. 414.272.4477
Milwaukee, Wisconsin  53202               f. 414.290.0335
</pre>
  </body>
</html>