On Sat, Mar 1, 2014 at 2:56 AM, Darren Ilston <[email protected]> wrote: > Seeing this in the logs for PayPal: > > 2014-02-28 18:21:57 1WJS4L-000Gsx-8G DKIM: d=paypal.co.uk s=pp-dkim1 > c=relaxed/relaxed a=rsa-sha256 [email protected] t=1393611715 [verification > succeeded] > 2014-02-28 18:21:57 1WJS4L-000Gsx-8G DMARC results: > spf_domain=paypal.co.ukdmarc_domain= > paypal.co.uk spf_align=no dkim_align=no enforcement='Reject' > 2014-02-28 18:21:57 1WJS4L-000Gsx-8G H=mx0.slc.paypal.com ( > mx2.slc.paypal.com) [173.0.84.225] Warning: Message from > paypal.co.ukfailed sender's DMARC policy, should reject. > 2014-02-28 18:21:57 1WJS4L-000Gsx-8G <= [email protected] H= > mx0.slc.paypal.com (mx2.slc.paypal.com) [173.0.84.225] P=esmtp S=9557 > [email protected] > > PayPal's DMARC checks out. > Any ideas ?
That's definitely a bug of some kind. I see the same thing in my logs: paypal.com passes DMARC, but paypal.co.uk fails DMARC. I can verify that individually, both SPF and DKIM pass for paypal.co.uk, but when the DMARC library is processing the result, it comes up with a fail for both, so DMARC fails. Let's debug a little bit. Looking in the file I/we use for "dmarc_tld_file", it contains this for .uk: // uk : http://en.wikipedia.org/wiki/.uk *.uk *.sch.uk !bl.uk !british-library.uk !icnet.uk !jet.uk !mod.uk !nel.uk !nhs.uk !nic.uk !nls.uk !national-library-scotland.uk !parliament.uk !police.uk I have a hunch that *.uk isn't matching in the library. Try adding a single line: co.uk I have added it to mine too. We will see if that changes the behavior. If it does, then I will work with the opendmarc developer to figure out either if it's a bug or if it's something wrong procedurally with using the opendmarc library. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
