Hello, As a followup of my previous question, I would like to get some clarification about Source-IP (as shown in failure reports for example). My setup is described below:
> On 26 févr. 2019, at 19:03, Patrick Proniewski via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > Hello, > > I'm running OpenDMARC for a couple of days now on my email server. It mostly > runs ok, but I've just got some weird failure reports. > My setup: > I run Postfix and Amavisd-new as a before queue content filter. > Policyd-SFP checks SPF on the outer SMTP and add proper authentication header. > Amavis checks DKIM and add proper authentication header. > If the mail is acceptable, Amavis handle it to the inner SMTP. > > OpenDMARC can't run on outer smtp in a BQCF setup, so it runs on the inner > SMTP. Then it sees emails coming from 127.0.0.1, no big deal because it's > setup to trust Policyd-SFP header. > Unfortunately it looks like it does not trust Amavis' DKIM header. But I'm > not sure about that. ../.. Sample report: > ------------- > Feedback-Type: auth-failure > Version: 1 > User-Agent: OpenDMARC-Filter/1.3.2 > Auth-Failure: dmarc > Authentication-Results: my-server; dmarc=fail header.from=gmail.com > Original-Envelope-Id: 4F92A7FB1 > Original-Mail-From: framalang-ow...@framalistes.org > Source-IP: 127.0.0.1 (localhost) > Reported-Domain: gmail.com > ------------- So, my setup impose that OpenDMARC sees only 127.0.0.1 as Source-IP. How can I be sure that it won't play against me? I can't understand the source code of OpenDMARC, so I can't be sure the verification process won't use that IP address, for example for SPF, even though SPFIgnoreResults is set to false. Thanks patrick _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
