Hello John,
John Levine via dmarc-discuss:
It looks fine.
in which sense?
- RFC5322.From is "amazon.DE"
- SPF pass for "bounces.amazon.COM"
- DKIM pass for "amazonses.COM"
so neither SPF nor DKIM is aligned. according to the published record
the message should be quarantined:
$ opendmarc-check amazon.de
DMARC record for amazon.de:
Sample percentage: 100
DKIM alignment: relaxed
SPF alignment: relaxed
Domain policy: quarantine
Subdomain policy: unspecified
Aggregate report URIs:
mailto:[email protected]
Forensic report URIs:
mailto:[email protected]
How does your code pass the DKIM validation results to the DMARC code?
it's a bunch of milters plugged to postfix:
smf-spf + opendkim + opendmarc
Authentication-Results: idvmailin13.datevnet.de;
dkim=pass (1024-bit key; unprotected) header.d=amazonses.com
[email protected] header.b=IGahw/4Y
Authentication-Results: idvmailin13.datevnet.de;
spf=pass
smtp.mailfrom=<201506160039204c745a2b7a8d4cd89e6e312cb96417e9-cuo19kbgo1...@bounces.amazon.com>
smtp.helo=a0-79.smtp-out.eu-west-1.amazonses.com
I have never seen an A-R implementation that added multiple headers.
Everyone else puts all the results in one header, separated by
semicolons. If your code reads the A-R header, that's likely the
problem, it only expects one A-R header so it only looks at the first
one, which in this case happens not to include a result that makes
DMARC happy.
Oh, never thought about that. I know that scheme (separate A-R header)
since years. You're right. they may be combined to only one A-R.
But the way I use it they insert multiple A-R header.
Would be good to hear from Murray if this is the intended use-case for
OpenDMARC. In general I know OpenDMARC simply as an A-R header parser.
So my assumptions could not be completely wrong...
Andreas
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
