Hello, we use OpenDKIM to validate DKIM signatures for inbound messages. Works so far as usual. Of course, OpenDKIM add Authentication-Results header as defined per RFC 7601. Before adding such header, OpenDKIM test any existent Authentication-Results header if it pretend to be generated from $self. Such Authentication-Results header are removed.
So OpenDKIM have to parse Authentication-Results header. It happen, that some messages contain headers not conform RFC 7601. Also as usual: such condition trigger a warning. Now it happen we receive many messages from microsoft/outlook.com/office365/... Virtually all messages trigger a warning: "failed to parse authentication-results: header field" This is the code: https://github.com/trusteddomainproject/OpenDKIM/blob/5c539587561785a66c1f67f720f2fb741f320785/opendkim/opendkim.c#L13439-L13463 Setting the OpenDKIM option 'KeepAuthResults' (https://github.com/trusteddomainproject/OpenDKIM/blob/5c539587561785a66c1f67f720f2fb741f320785/opendkim/opendkim.conf.5.in#L326-L328), OpenDKIM do not try to remove existing Authentication-Results header and this way we found the header triggering the warning: ``` authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=example.com; ``` This is clearly violating RFC 7601, the authserv-id is missing. Is this a known fault? Andreas _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
