Re: [dmarc-discuss] Use of in DMARC aggregate reports

2021-12-20 Thread Juri Haberland via dmarc-discuss 
On 02.12.21 13:34, Maarten Oelering via dmarc-discuss wrote:
> Hi list members,
> 
> We see many aggregate reports where  is a subdomain 
> which does not publish a DMARC record. The DMARC record is on the 
> organisation domain.

> It’s so widespread it looks like some DMARC reporting software is broken. In 
> one of the reports I saw "X-Mailer: opendmarc-reports v1.3.2".

Yes, see https://sourceforge.net/p/opendmarc/tickets/207/
The development has silently moved to Github, maybe it is fixed now...

> Do others notice this as well? And how do you treat these reports, drop them 
> or fix them?

Just accepting as-is seems the best way IMHO.


Regards,
  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] newbie question about Source-IP

2019-03-02 Thread Juri Haberland via dmarc-discuss 
On 01/03/2019 03:09, Roland Turner via dmarc-discuss wrote:

> You've posted to dmarc-discuss, a list for discussion of the DMARC 
> protocol and broad interoperability issues, however your question 
> relates to the OpenDMARC implementation of DMARC. You're looking for the 
> OpenDMARC forum .

Or subscribe to the OpenDMARC mailing list at
http://www.trusteddomain.org/mailman/listinfo/opendmarc-users - I don't
think that there are many people monitoring the forum.


  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Aggregate report 'loop'

2018-10-09 Thread Juri Haberland via dmarc-discuss 
On 09/10/18 12:00, Paul Smith via dmarc-discuss wrote:

[...]
> Several days ago, we received a marketing email from 'johnlewis.co.uk'. 
> Our server dutifully sent a DMARC aggregate report back to them as their 
> 'rua' record says.
> 
> Then, the next day, we get an aggregate report back from them - with one 
> message in - our aggregate report
> 
> So, our server sends back an aggregate report back to them - with one 
> message in - their aggregate report
{...]

The recommended way to prevent such "loops" is to send your reports from a
subdomain with a DMARC record that has no 'rua' tag. That way you won't
trigger new reports for your report.


Cheers,
  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] my agg. reports

2018-04-19 Thread Juri Haberland via dmarc-discuss 
On 19.04.2018 18:38, A. Schulze via dmarc-discuss wrote:
> Am 19.04.2018 um 08:30 schrieb Juri Haberland via dmarc-discuss:
>> [btw. the SPF result seems wrong: "none" instead of "pass" for a mail from 
>> the opendmarc-users ML]
> 
> RFC5321.MailFrom for messages from opendmarc-users is 
> "f...@trusteddomain.org".
> That generate "spf=pass 
> smtp.mailfrom=opendmarc-users-boun...@trusteddomain.org"
> but for DMARC that's unaligned.
> 
> So, which report do you refer? what do you see and what do you expect?
> It may be possible, there are bugs in rspamd's dmarc code. I like to 
> understand and report them upstream.
> But I like to avoid a situation where the developer ask me something I'm not 
> prepared to answer :-)

I refer to the  section, not the  section, see:

> 
> 
> 208.69.40.157
> 1
> 
> none
> fail
> fail
> 
> 
> 
> sapienti-sat.org
> 
> 
> 
> sapienti-sat.org
> fail
> 
> 
> trusteddomain.org
> none
__
> 
> 
> 


Cheers,
  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] my agg. reports

2018-04-19 Thread Juri Haberland via dmarc-discuss 
On 19.04.2018 12:32, Alessandro Vesely via dmarc-discuss wrote:
> On Thu 19/Apr/2018 08:30:04 +0200 Juri Haberland via dmarc-discuss wrote:

>> This is what I found:
>> - wrong MIME type: expected: text/xml (.xml); found: application/xml (.xml)
> I found text/xml as required

Right.

>> - missing  at the top
> I had that.  However, I missed the  element inside .

And again right.

*Sigh*, should not have trusted my new Web frontend. That had a misleading
message and made me think I see the pure attachment and not an
interpretation of it.

Sorry,
  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] my agg. reports

2018-04-19 Thread Juri Haberland via dmarc-discuss 

On 2018-04-19 07:55, A. Schulze via dmarc-discuss wrote:

Hello @all,


Hello Andreas,

since some days aggregated reports we generate using an other software: 
rspamd

These reports are invisible at dmarcian.com. I would like to ask the
group to review
my reports if they are syntactical valid.


This is what I found:
- wrong MIME type: expected: text/xml (.xml); found: application/xml 
(.xml)

- missing  at the top
- not gziped

[btw. the SPF result seems wrong: "none" instead of "pass" for a mail 
from the opendmarc-users ML]



  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

2017-06-05 Thread Juri Haberland via dmarc-discuss 
On 05.06.2017 05:09, Yeo via dmarc-discuss wrote:
> Hi all,
> 
> We just recently enabled DMARC for our outgoing mails. We noticed our out of 
> office (OOF) messages to internet so far ok e.g gmail.com.
> But when OOF messages send to linkedin.com we will get DMARC verification 
> failed due to Original-Mail-From is blank.

If you get a DMARC failure for a mail with a NULL sender, than you
a) don't sign your outgoing bounces/OOO with DKIM
b) you don't have SPF records for your sending mail hosts (e.g.
smtp11.infineon.com)

> How to overcome such issue as a sender?

Add SPF records for every server that is sending mail out to the internet
and/or sign bounces/OOO with DKIM.

  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] I Need help to get everything to 100% - Microsoft and dmarctest.org fails

2017-04-24 Thread Juri Haberland via dmarc-discuss 
Marko Nix via dmarc-discuss wrote:

> I am running a CentOS server, with configured Postfix / Dovecot setup.

What DMARC software do you use? I assume it is OpenDMARC - if so, the
opendmarc-users ML might be better suited than this generic DMARC mailing
list.

> My other problem is that every report from dmarctest.org is failing the SPF
> alignment - but thats the only error. DKIM pass, SPF pass, DKIM alignment
> pass, but SPF alignemtn fail.

>From time to time Microsoft has problems with DKIM and/or SPF - ignore it.

Dmarctest.org uses an old and buggy version (1.3.0) of OpenDMARC - my test
mail failed the SPF alignment as well, even though in the mail that they send
you back (not the report) you can see that it does align.

> I also used Google and Unlocktheinbox.com- both end up with 100% pass.

Then I'd say it is ok.


  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] New to DMARC need help

2017-03-22 Thread Juri Haberland via dmarc-discuss 
On 22.03.2017 13:49, Don Buchanan via dmarc-discuss wrote:
>  Trying to implement a DMARC record for reporting purposes to start. I had a 
> simple TXT record put in place, but I am not getting reports, and believe the 
> record is not working as a DMARC record.
> for mail domain : bloomingdales.com
> Here is how I submitted the request to our 3rd party that hosts our 
> records
> _dmarc.bloomingdales.com. IN TXT "v=DMARC1; p=none; 
> rua=mailto:bloomiesdm...@macys.com; sp=none; ri=86400"
> What did I mess Up ?

Something went wrong at your 3rd party DNS provider:
They put the DMARC record directly under bloomingdales.com, not under
_dmarc.bloomingdales.com.

Use e.g. https://dmarcian.com/dmarc-inspector/bloomingdales.com to check
your DMARC record.

What Vladimir wrote in his answer applies, too.


  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] opendkim-atpszone reproducibility and examples

2017-02-01 Thread Juri Haberland via dmarc-discuss 
SheridanJ West via dmarc-discuss wrote:
> I only have the mismatch problem with opendmarc-reports and thats using
> most of the command line options.
>
> Normal email (port 587) is matched with spf,dkim and dmarc.Please do
> not consider our email servers as mentally retarded in regard to that.
> Hence my posting on a dmarc list.
>
> report emails per the dmarc spec is the last thing left that i struggled
> with.

So your problem seems to be locally generated emails?
Without giving concrete examples of domain names, logfile excerpts and
possibly showing a generated report without any obfuscation it is not possible
to help you as I don't have a crystal ball :)

  Juri


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] opendkim-atpszone reproducibility and examples

2017-02-01 Thread Juri Haberland via dmarc-discuss 
SheridanJ West via dmarc-discuss wrote:
> i appear to need atps records for google this is with atps dns text records
> and probably others
>
> opendmarc-reports: sent report for gmail.com to mailauth-repo...@google.com
> (2.0.0 Ok: queued as x1)
>
> without atps [results i got from last week]
>
> postfix/smtp[5820]:
>  x0: to=,
> relay=aspmx.l.google.com[74.125.71.26]:25, delay=1.1,
>  delays=0.13/0.01/0.49/0.43, dsn=5.7.1, status=bounced
> (host aspmx.l.google.com[74.125.71.26] said: 550-5.7.1
> Unauthenticated email from example.eu  is not accepted
> due to 550-5.7.1 domain's DMARC policy.
> Please contact the administrator of 550-5.7.1 example.eu
> domain if this was a legitimate mail.

Ok, so without ATPS Google won't take your mail. I suggest to check your SPF
settings - if ATPS (or DKIM) fails, it should at least authenticate via SPF.

> I used (appears to work) dns records
>  _adsp._domainkey.example.eu. "dkim=all atps=y; asl=example.com;"
> ._atps.example.eu. "v=atps01; d=example.com;"
> not work (or tried yet) the content made by openmarc-atpszone
> v=ATPS1; d=example.net

I don't know anything about ATPS, but I fail to see how OpenDMARC is the
culprit for your problems. You seem to have at least two problems:
- missing or wrong SPF RR for your sending host
- some ATPS/DKIM problem (looking at RFC6541 yields that v=ATPS1 is right and
v=atps01 is wrong)

  Juri


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] opendkim-atpszone reproducibility and examples

2017-01-31 Thread Juri Haberland via dmarc-discuss 
SheridanJ West via dmarc-discuss wrote:
> I encountered a opendmarc bug that required adsp records as well to send
> dmarc reports and i had a fun time trying to reproduce the output for i do
> not know how long the url i mention will last.

> Is nearly the same but I am confused - is the web parser right and the
> opendkim-atpszone command wrong? with v=ATPS1

> I ask as this affects only dmarc reports (no i do not run example.com) our
> normal email is sent ok

Even though this is not an OpenDMARC specific mailing list but a generic DMARC
discussion list, can you be a bit more specific in which way OpenDMARC reports
are affected by the differing output of the webtool vs. opendkim-atpszone?

  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] DMARC forensic reporting options

2016-12-23 Thread Juri Haberland via dmarc-discuss 
On 23.12.2016 17:10, John Comfort via dmarc-discuss wrote:
> I would be perfectly fine with limiting the information if people are
> really that paranoid about header information.  For example:  date,
> receiving server information, originating smtp server sender, and subject
> line.  This would be a good start at least.

When I look at the few failure reports that I receive, they all consist of
headers only - but all headers, not just a few. They do not include a
single line of the body.
So your proposal would just describe the reality - or what am I missing?


  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] FBL via DMARC?

2016-11-30 Thread Juri Haberland via dmarc-discuss 
On 29.11.2016 19:06, John Levine via dmarc-discuss wrote:

> But see https://datatracker.ietf.org/doc/draft-levine-herkula-oneclick/
> 
> This is likely to be an RFC soon, and is apparently already
> implemented at some large webmail providers.  You can put a new header
> in your message which encourages recipient systems to do a one-click
> non-interactive unsubscribe when someone reports the message as junk.

Is this really a good idea? Spammers will add this new header as they added
List-Unsubscribe headers as well and you will kindly validate the spammed
email address if a user marks it as junk.

Dunno, but sounds like bad idea...

  Juri


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] mkdb.mysql or schema.mysql?

2016-10-26 Thread Juri Haberland via dmarc-discuss 
On 26.10.2016 21:29, Niklaas Baudet von Gersdorff via dmarc-discuss wrote:
> OpenDMARC, as distributed by FreeBSD, comes with two files for
> creating a database for reporting: mkdb.mysql and schema.mysql.
> Which one should I use?
> 
> I think about using the former because it seems to be newer
> (copyright is from 2013 vs. 2010), but I'm wondering why the
> older one is packaged too.

Hi Niklaas,

very good question, but it would be better asked on the opendmarc-users or
opendmarc-dev mailing list, not on the generic DMARC mailing list ;)

Currently I have no real answer, but I'll look into it.

  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

2016-10-14 Thread Juri Haberland via dmarc-discuss 

On 2016-10-13 20:06, Matt Simerson via dmarc-discuss wrote:


This thread has been hijacked by the lack of reading comprehension.
Nobody (in this thread) has complained of DMARC reports being too
large.


Right.


The problem in this thread is an issue with some DMARC report senders
failing to parse the DMARC URIs properly, if that DMARC URI includes
size limits.


Right again. That's why I hesitated to re-post my findings on the IETF 
dmarc list.


For what it's worth, the largest report I ever got is ~2kB (compressed, 
46kB uncompressed), but I run only a small system with a handful of 
users and lists. Would be interesting to hear what sizes larger sites 
receive (or send), but I doubt it gets into the region of ~1MB 
(compressed) - if the sender has a decent implementation (which 
OpenDMARC currently has not).


So again: Some report senders do not parse reporting URIs correct - 
please check your implementations... That was my point.



Cheers,
  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

2016-10-14 Thread Juri Haberland via dmarc-discuss 

On 2016-10-14 00:26, Brandon Long wrote:
Actually, from the code, I'm surprised we handle a single address with 
!

correctly.  I'll file a bug.


Thanks, Brandon!

  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

2016-10-12 Thread Juri Haberland via dmarc-discuss 
On 12.10.2016 12:17, Steven M Jones via dmarc-discuss wrote:
> On 10/12/16 01:32, Juri Haberland via dmarc-discuss wrote:

>> Btw: Did anyone notice that AOL sends DMARC reports with two To: headers?
> 
> Looking at the last few reports I received from them for this domain, I
> only see one 5322.To header. But the most recent report was
> mid-September. Anybody else out there seeing two? It could make tracking
> down a bug much easier for them.

My last report is half a year old, but has two headers, too:

> From: abuse_dm...@abuse.aol.com
> To: r...@dmarc.sapienti-sat.org
> To: pboza...@ag.dmarcian.com

So it seems, AOL is putting every rua URI into a seperate To: header...

  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

2016-10-12 Thread Juri Haberland via dmarc-discuss 

Hi,

I hoped to get a reaction here of some sort from Microsoft, Google or 
Yahoo,
but my mail might got burried underneath useless rants about DMARC and 
DNSSEC...


Btw: Did anyone notice that AOL sends DMARC reports with two To: 
headers?



Kind regards,
  Juri


On 2016-10-04 09:21, Juri Haberland via dmarc-discuss wrote:

Hi,

while writing a patch for OpenDMARC, I stumbled accross problems with 
the

size limit in DMARC URIs that some of the big players have.

Microsoft cannot cope at all with an URI like "rep...@example.org!10m" 
-

you won't receive a single report.

Yahoo and Google do send a report and respect the size limit - as long 
as

this URI is the only one in the rua tag.
As soon as one adds another URI (with or without size limit) to the rua
tag, Google and Yahoo forget to strip the size limit from the URI and 
thus

try to send a mail to "rep...@example.org!10m"!

As OpenDMARC also had problems with the size limit in older versions, 
it is

best to avoid the use of size limits for now.

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] dmarc.org breaks dkim & dmarc

2016-10-04 Thread Juri Haberland via dmarc-discuss 
On 04.10.2016 20:27, Benny Pedersen via dmarc-discuss wrote:

> what will happend if opendmarc skips last signer if multiple signed ?, 
> imho opendmarc should really be more dnssec strict, and make all dkim 
> keys pass before it does dmarc pass, my msgs do pass on dmarc.org 
> mailserveres, but since thay fix some unknown problem with mailman it 
> will not give dkim pass on return, and hell broke out with it :(

I really don't know what hell you are talking about? I don't care if my
DKIM signature is valid after I receive my mail back from the list. All I
care about is a RFC5322.From that it is aligned. And that's what happening
here.

> as it is now we all loose on it :/

I'm not happy with DMARC and mailing lists in general and how Yahoo forced
my to use a beta version of Mailman in the early days, but I can live with
it now. Get over it.

  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] dmarc fail for linkedin

2016-10-04 Thread Juri Haberland via dmarc-discuss 
On 04.10.2016 17:35, DurgaPrasad - DatasoftComnet via dmarc-discuss wrote:
> I have done a stock dmarc implementation on centos 7.
> 
> We use MailScanner and spamassassin with decent success since many years. I 
> would prefer a milter anyday so that I can influence my scores. 
> 
> My concerns is that if dmarc=fail is the result of the check - why do I need 
> to look at the spf result. Why doesn’t the OpenDMARC Filter v1.3.1 return a 
> pass for dmarc if intended result is indeed a combination output of the dmarc 
> and spf data.?
> 
> I’m sorry if I am missing something here.

The point is:
DMARC uses a combination of the SPF and the DKIM result. Per default
OpenDMARC searches for an Authentication-Result: header or a Received-SPF:
header that was inserted by a previous milter on your receiving MTA.
If, for some reason, your OpenDMARC milter does not see the SPF result, the
DMARC decission might be wrong.

You might take this to the opendmarc-users mailing list and show your
configuration to the folks at that ML.


  Juri

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)