On 24.08.2017 21:05, Ivan Warren wrote: > In the same vein, > > I am receiving forensic DMARC reports from mx01.nausch.org.
> It's odd, because the actual report tells me both DKIM and SPF (in the > the of a DMARC report) pass... > > Here is what I am getting : > Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr > Authentication-Results: mx1.nausch.org; > dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr > header.b="oHXeoWbW" > Note that the first part says authentication failed, but the second part > (which is the mail headers for a legit DMARC aggregate report sent to > the published DMARC rua for nausch.org) passes all the tests - both DKIM > and SPF. > > I am also getting forensic reports from this MTA when posting to the list. > > So my guess is some...@nausch.org on this mailing list might have a > misbehaving DMARC responder/filter. Yes, I've seen this, too. I already mailed them, but never got a reaction. Most likely they run an old version of Postfix which has some problems with milters adding headers not seen by later milters... Juri