Hi Patrick,
You've posted to dmarc-discuss, a list for discussion of the DMARC
protocol and broad interoperability issues, however your question
relates to the OpenDMARC implementation of DMARC. You're looking for the
OpenDMARC forum <https://sourceforge.net/p/opendmarc/discussion/general/>.
- Roland
------------------------------------------------------------------------
On 1/3/19 6:14 am, Patrick Proniewski via dmarc-discuss wrote:
Hello,
As a followup of my previous question, I would like to get some clarification
about Source-IP (as shown in failure reports for example).
My setup is described below:
On 26 févr. 2019, at 19:03, Patrick Proniewski via dmarc-discuss
<dmarc-discuss@dmarc.org> wrote:
Hello,
I'm running OpenDMARC for a couple of days now on my email server. It mostly
runs ok, but I've just got some weird failure reports.
My setup:
I run Postfix and Amavisd-new as a before queue content filter.
Policyd-SFP checks SPF on the outer SMTP and add proper authentication header.
Amavis checks DKIM and add proper authentication header.
If the mail is acceptable, Amavis handle it to the inner SMTP.
OpenDMARC can't run on outer smtp in a BQCF setup, so it runs on the inner
SMTP. Then it sees emails coming from 127.0.0.1, no big deal because it's setup
to trust Policyd-SFP header.
Unfortunately it looks like it does not trust Amavis' DKIM header. But I'm not
sure about that.
../..
Sample report:
-------------
Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.3.2
Auth-Failure: dmarc
Authentication-Results: my-server; dmarc=fail header.from=gmail.com
Original-Envelope-Id: 4F92A7FB1
Original-Mail-From: framalang-ow...@framalistes.org
Source-IP: 127.0.0.1 (localhost)
Reported-Domain: gmail.com
-------------
So, my setup impose that OpenDMARC sees only 127.0.0.1 as Source-IP. How can I
be sure that it won't play against me? I can't understand the source code of
OpenDMARC, so I can't be sure the verification process won't use that IP
address, for example for SPF, even though SPFIgnoreResults is set to false.
Thanks
patrick
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)