Hello, I have a policy server which do SPF verification at smtpd_recipient_restrictions stage and prepend a header. For exemple : spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=209.85.128.179; helo=mail-ve0-f179.google.com; envelope-from=[hidden]@gmail.com; receiver=[hidden]@numeezy.com)
Next, a milter application (opendmarc) read the SPF header added by the policy server and do some stuff. One of the actions done by the milter is to check if the sender domain From match the envelope-from. In my exemple, the From is [hidden]@gmail.com and it match with the envelope-from domain. So, opendmarc should log "spf 0" which mean "matched". Instead of that, it logs "spf -1" which mean "fail". One of the reason would be that a milter application can't see a header added by a policy server in the same smtpd(8) process. Can you tell me if that's true ? If the header should be seen, then I will ask help on opendmarc list. I just want to make sure my postfix implementation is correct. Thanks for your help. Alexandre
