<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Excellent explanation also here. Full details of both the p tag, and sp tag. Hope it helps.</div><div class=""><br class=""></div><div class=""><a href="http://www.zytrax.com/books/dns/ch9/dmarc.html" class="">http://www.zytrax.com/books/dns/ch9/dmarc.html</a></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On 25 Jan 2016, at 13:41, Petr Novák <<a href="mailto:novakp43@gmail.com" class="">novakp43@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hello,<br class=""><br class="">I have a problem with opendmarc not respecting subdomain "none" policy (sp=none).<br class=""><br class="">Here is an example.<br class=""><br class="">DMARC record: (v=DMARC1; p=reject; sp=none; fo=1; rua=<a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a>; ruf=<a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a>)<br class=""><br class="">[root@prnk opendmarc]# opendmarc-check prnk.cz<br class="">DMARC record for prnk.cz:<br class=""> Sample percentage: 100<br class=""> DKIM alignment: relaxed<br class=""> SPF alignment: relaxed<br class=""> Domain policy: reject<br class=""> Subdomain policy: none<br class=""> Aggregate report URIs:<br class=""> <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class=""> Forensic report URIs:<br class=""> <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class=""><br class="">I have created this simple mail to test the behaviour:<br class="">*****<br class="">[root@prnk opendmarc]# cat 3<br class="">Received-SPF: fail (prnk.cz: domain of <a href="mailto:prnk@prnk.cz" class="">prnk@prnk.cz</a> does not designate 46.30.238.4 as permitted sender) client-ip=46.30.238.4;<br class="">To: undisclosed-recipients:;<br class="">From: <a href="mailto:prnk@something.prnk.cz" class="">prnk@something.prnk.cz</a><br class="">Message-Id: <<a href="mailto:20160125113532.84CD810B55B5@prnk.prnk.cz" class="">20160125113532.84CD810B55B5@prnk.prnk.cz</a>><br class="">Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)<br class=""><br class="">tets<br class="">test<br class="">.<br class="">*****<br class=""><br class="">Now when I send the mail to opendmarc it gets rejected even when subdomain policy is "none" and domain in "From:" header is "something.prnk.cz".<br class=""><br class="">[root@prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv<br class="">opendmarc: mlfi_connect() returned SMFIS_CONTINUE<br class="">opendmarc: mlfi_helo() returned SMFIS_CONTINUE<br class="">opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE<br class="">opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUE<br class="">### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC policy for prnk.cz'<br class="">### INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter v1.3.1 DEBUG-j DEBUG-i'<br class="">opendmarc: 3: mlfi_eom() returned SMFIS_REJECT<br class="">opendmarc: mlfi_close() returned SMFIS_CONTINUE<br class=""><br class="">History file:<br class=""><br class="">job DEBUG-i<br class="">reporter DEBUG-j<br class="">received 1453728517<br class="">ipaddr 127.0.0.1<br class="">from something.prnk.cz<br class="">mfrom prnk.cz<br class="">spf 2<br class="">pdomain prnk.cz<br class="">policy 16<br class="">rua <a href="mailto:admin@prnk.cz" class="">mailto:admin@prnk.cz</a><br class="">pct 100<br class="">adkim 114<br class="">aspf 114<br class="">p 114<br class="">sp 110<br class="">align_dkim 5<br class="">align_spf 5<br class="">action 0<br class=""><br class=""><br class="">I think such mail should be accepted, because the subdomain policy is set to "none" or am I wrong?<br class=""><br class="">When I try sending the same mail to my email @<a href="http://gmail.com" class="">gmail.com</a> It doesnt get rejected for the subdomain.<br class=""><br class=""><br class="">Petr Novak<br class="">_______________________________________________<br class="">opendmarc-users mailing list<br class=""><a href="mailto:opendmarc-users@trusteddomain.org" class="">opendmarc-users@trusteddomain.org</a><br class="">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users<br class=""></div></div></blockquote></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><div class="">Robert Chalmers</div><div class=""><a href="mailto:robert@chalmers.com" class="">robert@chalmers.com</a>.au Quantum Radio: <a href="http://tinyurl.com/lwwddov" class="">http://tinyurl.com/lwwddov</a></div><div class=""><div class="">Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB Storage made up of - </div><div class="">Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB. Lower Bay</div></div></div><div class=""><br class=""></div></div></div><br class="Apple-interchange-newline">
</div>
<br class=""></body></html>