Original->> Authentication-Results: iecc.com; spf=neutral [email protected] spf.helo=spmpdv02.ieee.org; Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 15 Jun 2015 21:28:59 -0000 Date: 15 Jun 2015 17:28:49 -0400 Message-ID: <[email protected]> From: "John R Levine" <[email protected]> To: "Tim Draegen" <[email protected]> Cc: [email protected], [email protected] Subject: Re: [dmarc-discuss] probably bug in OpenDMARCs AR-header parser In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> User-Agent: Alpine 2.11 (OSX 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> Only thing I noticed was that there were multiple Auth-Res: headers in > Andreas's example, one dkim= result per header. Slightly different from > below, where multiple dkim= results are living in a single header. How is Andreas passing the DKIM results to opendmarc? In my code, at the end of the message body I call opendkim to check the signatures, then loop over them to generate the text for the A-R record and at the same time pass any good signatures to opendmarc, then get the DMARC result. So opendmarc never looks at an A-R record. As I said, given that this all has to happen at SMTP end of data to handle p=reject I don't see why DMARC code would ever be looking at an existing A-R header. >> On Jun 15, 2015, at 4:50 PM, John Levine via dmarc-discuss >> <[email protected]> wrote: >> >>> It looks like the OpenDMARCs AR-header parser fail to recognise the >>> AR-header generated by OpenDKIM. >> >> It must be more than that. I also use both opendkim and opendmarc, and >> multiple >> DKIM signatures are not a problem: >> >> Authentication-Results: iecc.com; spf=neutral [email protected] >> spf.helo=spmpdv02.ieee.org; >> dkim=pass header.d=iecc.com header.b="I8oYyArI"; dkim=pass >> header.d=taugh.com header.b="YRY5Bjv7"; >> dmarc=pass header.from=taugh.com policy=none >> >> I do run them in the same process and pass the DKIM results to DMARC >> via API calls. If you ever want to implement p=reject that seems >> unavaoidable. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
