[dmarc-discuss] Amazon email rejected by OpenDMARC but SPF & DKIM are OK

Tue, 30 Sep 2014 03:54:05 -0700 

Dear list members,
Last night, an email being sent from [email protected] got quarantined on my inbound mail server. 


The headers of this email states that both SPF & DKIM succeeded but 
DMARC marked it as fail and quarantined it as a consequence :



  Received-SPF: Pass (icecube.pnzone.net: domain of bounces.amazon.com 
designates 54.240.0.150 as permitted sender) client-ip=54.240.0.150; 
envelope-from="[email protected]"; 
helo=a0-150.smtp-out.eu-west-1.amazonses.com; 
receiver=icecube.pnzone.net; mechanism="include:amazon.com"; 
identity=mailfrom
  DMARC-Filter: OpenDMARC Filter v1.3.0 icecube.pnzone.net 
s8TNlnH1021919
  Authentication-Results: icecube.pnzone.net; dmarc=fail 
header.from=amazon.fr

  Authentication-Results: icecube.pnzone.net; dkim=pass
    reason="1024-bit key; unprotected key"
    header.d=amazonses.com [email protected] header.b=BOrJMGL0;
    dkim-adsp=pass; dkim-atps=neutral


The only strange thing with this email is that it contains a double 
DKIM-Signature, the second one appearing just after the first one:


  DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

        s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; 
t=1412034462;
        
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Feedback-ID;

        bh=VKyERykOnXuwT148K9JRiUB/yQMG2z9j51TvQm8FOv0=;

        
b=BOrJMGL0Qc0MsuAk2CZcsoMOkisE/ggL3EWt5IPaxF8M6cLBTR9MI3wIvHgAf+2T
        
0i5eYA81dJggz74BU1Z2E7E4wTdc3IFaitDeoHrpQddw8DVe9wPR7WTa7bPP6Z7lm7O

        mGzOKly8zxSLzjE7s1NMup4dDPB5uNh/v9mq/gto=
  DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=5zdoyfqyfxlifezpzeq2nfprqa2dkxl2; d=amazon.fr; t=1412034462;
        h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
        bh=VKyERykOnXuwT148K9JRiUB/yQMG2z9j51TvQm8FOv0=;

        
b=DqaoivmnqwYCu8gsqIv0rbbYo+2Jg9N6rmsVadUZfWV2enqsypgC8i4HQ7qHv4is
        
szwWNBIH2+Dit/Um/Rw14fbQwvGYI//Dn++Fwsa6pG9wdKAHS8k2/mfnSY6Yso6urO8

        eDZjBm2jTZK5OqOhbJzfAv1vEv6//l5QrujZof4s=

All the rest looks OK.


Details of my configuration:
  root@icecube:/var/spool/mqueue# cat /etc/issue.net
  Debian GNU/Linux jessie/sid

  root@icecube:/var/spool/mqueue# uname -a

  Linux icecube.pnzone.net 3.16-2-amd64 #1 SMP Debian 3.16.3-2 
(2014-09-20) x86_64 GNU/Linux


  root@icecube:/var/spool/mqueue# dpkg -l opendmarc
  Desired=Unknown/Install/Remove/Purge/Hold

  | 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name            Version      Architecture Description

  
+++-===============-============-============-====================================
  ii  opendmarc       1.3.0+dfsg-1 amd64        Milter implementation of 
DMARC


  root@icecube:/var/spool/mqueue# dpkg -l opendkim
  Desired=Unknown/Install/Remove/Purge/Hold

  | 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name            Version      Architecture Description

  
+++-===============-============-============-====================================
  ii  opendkim        2.9.2-1      amd64        Milter implementation of 
DomainKeys


  root@icecube:/var/spool/mqueue# dpkg -l spf-milter-python
  Desired=Unknown/Install/Remove/Purge/Hold

  | 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

  ||/ Name                                Version                
Architecture           Description
  
+++-===================================-======================-======================-============================================================================
  ii  spf-milter-python                   0.8.18-2               all     
               RFC 4408 compliant SPF Milter for Sendmail and Postfix


  root@icecube:/var/spool/mqueue# dpkg -l sendmail
  Desired=Unknown/Install/Remove/Purge/Hold

  | 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

  ||/ Name                                Version                
Architecture           Description
  
+++-===================================-======================-======================-============================================================================
  ii  sendmail                            8.14.4-7               all     
               powerful, efficient, and scalable Mail Transport Agent 
(metapackage)


  root@icecube:/var/spool/mqueue# grep dmarc /etc/mail/sendmail.cf
  O InputMailFilters=clmilter, spfmilter, opendkim, opendmarc
  Xopendmarc, S=local:/var/run/opendmarc/opendmarc.sock

  # INPUT_MAIL_FILTER(`opendmarc', 
`S=local:/var/run/opendmarc/opendmarc.sock')


Is this a known issue or am I missing something ?

Thanks,
Arnaud.


_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)






















					Reply via email to