<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class=""><br class=""></div>It may depend on the p tag, according to the docs. Note the underlined section. <div class=""><br class=""></div><div class="">Quote:</div><div class=""><p style="margin: 4px 0px 12px; color: rgb(33, 33, 33); font-family: Roboto, 'Helvetica Neue', Helvetica, sans-serif; font-size: 13px;" class="">Only the <em class="">v (version)</em> and <em class="">p (policy)</em> tags are required. Three possible policy settings, or message dispositions, are available:</p><ul style="margin: 4px 0px 12px; outline: 0px; padding: 0px; vertical-align: baseline; color: rgb(33, 33, 33); font-family: Roboto, 'Helvetica Neue', Helvetica, sans-serif; font-size: 13px;" class=""><li style="margin: 4px 0px; list-style-type: none; padding-left: 16px;" class=""><strong class="">none</strong> - Take no action. Log affected messages on the daily report only.</li><li style="margin: 4px 0px; list-style-type: none; padding-left: 16px;" class=""><strong class="">quarantine</strong> - Mark affected messages as spam.</li><li style="margin: 4px 0px; list-style-type: none; padding-left: 16px;" class=""><strong class="">reject</strong> - Cancel the message at the SMTP layer.</li></ul><p style="margin: 4px 0px 12px; color: rgb(33, 33, 33); font-family: Roboto, 'Helvetica Neue', Helvetica, sans-serif; font-size: 13px;" class="">Alignment mode refers to the precision with which sender records are compared to SPF and DKIM signatures, with the two possible values being relaxed or strict. represented by "r" and "s" respectively. <u class="">In short, relaxed allows partial matches, such as subdomains of a given domain, while strict requires an exact match</u>.</p><p style="margin: 4px 0px 12px; color: rgb(33, 33, 33); font-family: Roboto, 'Helvetica Neue', Helvetica, sans-serif; font-size: 13px;" class="">Make sure to include your email address with the optional rua tag to receive the daily reports.</p></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 25 Jan 2016, at 13:41, Petr Novák <<a href="mailto:novakp43@gmail.com" class="">novakp43@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hello,<br class=""><br class="">I have a problem with opendmarc not respecting subdomain "none" policy (sp=none).<br class=""><br class="">Here is an example.<br class=""><br class="">DMARC record: (v=DMARC1; p=reject; sp=none; fo=1; rua=<a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a>; ruf=<a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a>)<br class=""><br class="">[root@prnk opendmarc]# opendmarc-check prnk.cz<br class="">DMARC record for prnk.cz:<br class=""> Sample percentage: 100<br class=""> DKIM alignment: relaxed<br class=""> SPF alignment: relaxed<br class=""> Domain policy: reject<br class=""> Subdomain policy: none<br class=""> Aggregate report URIs:<br class=""> <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class=""> Forensic report URIs:<br class=""> <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class=""><br class="">I have created this simple mail to test the behaviour:<br class="">*****<br class="">[root@prnk opendmarc]# cat 3<br class="">Received-SPF: fail (prnk.cz: domain of <a href="mailto:prnk@prnk.cz" class="">prnk@prnk.cz</a> does not designate 46.30.238.4 as permitted sender) client-ip=46.30.238.4;<br class="">To: undisclosed-recipients:;<br class="">From: <a href="mailto:prnk@something.prnk.cz" class="">prnk@something.prnk.cz</a><br class="">Message-Id: <<a href="mailto:20160125113532.84CD810B55B5@prnk.prnk.cz" class="">20160125113532.84CD810B55B5@prnk.prnk.cz</a>><br class="">Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)<br class=""><br class="">tets<br class="">test<br class="">.<br class="">*****<br class=""><br class="">Now when I send the mail to opendmarc it gets rejected even when subdomain policy is "none" and domain in "From:" header is "something.prnk.cz".<br class=""><br class="">[root@prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv<br class="">opendmarc: mlfi_connect() returned SMFIS_CONTINUE<br class="">opendmarc: mlfi_helo() returned SMFIS_CONTINUE<br class="">opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUE<br class="">### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC policy for prnk.cz'<br class="">### INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter v1.3.1 DEBUG-j DEBUG-i'<br class="">opendmarc: 3: mlfi_eom() returned SMFIS_REJECT<br class="">opendmarc: mlfi_close() returned SMFIS_CONTINUE<br class=""><br class="">History file:<br class=""><br class="">job DEBUG-i<br class="">reporter DEBUG-j<br class="">received 1453728517<br class="">ipaddr 127.0.0.1<br class="">from something.prnk.cz<br class="">mfrom prnk.cz<br class="">spf 2<br class="">pdomain prnk.cz<br class="">policy 16<br class="">rua <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class="">pct 100<br class="">adkim 114<br class="">aspf 114<br class="">p 114<br class="">sp 110<br class="">align_dkim 5<br class="">align_spf 5<br class="">action 0<br class=""><br class=""><br class="">I think such mail should be accepted, because the subdomain policy is set to "none" or am I wrong?<br class=""><br class="">When I try sending the same mail to my email @<a href="http://gmail.com" class="">gmail.com</a> It doesnt get rejected for the subdomain.<br class=""><br class=""><br class="">Petr Novak<br class="">_______________________________________________<br class="">opendmarc-users mailing list<br class=""><a href="mailto:opendmarc-users@trusteddomain.org" class="">opendmarc-users@trusteddomain.org</a><br class="">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users<br class=""></div></div></blockquote></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><div class="">Robert Chalmers</div><div class=""><a href="mailto:robert@chalmers.com" class="">robert@chalmers.com</a>.au Quantum Radio: <a href="http://tinyurl.com/lwwddov" class="">http://tinyurl.com/lwwddov</a></div><div class=""><div class="">Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB Storage made up of - </div><div class="">Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB. Lower Bay</div></div></div><div class=""><br class=""></div></div></div><br class="Apple-interchange-newline">
</div>
<br class=""></div></body></html>