Re: [mailop] antispamcloud.com (SpamExperts) forensics reports format

2020-09-10 Thread Ashley Elphick via mailop 
Hello!

We're using OpenDMARC with Exim. I've opened up an internal ticket with our
developers so they can take a look at where this needs fixing.

Thanks for the heads up! I'll report back here when I have any info.

Cheers
Ashley

On Wed, Sep 9, 2020 at 8:52 PM John Levine via mailop 
wrote:

> In article <3ffd7862f4a54754a38e4caf927ee...@ex1.obs.local> you write:
> >Instead we receive it with this format:
>
> You're right, it is supposed to be in multipart/report ARF format and
> that's not it.  I looked at my failure report folder and see the same
> thing.
>
> R's,
> John
>
> >A message claiming to be from you has failed the published DMARC
> >policy for your domain.
> >
> >  Sender Domain: xyz.ch
> >  Sender IP Address: x.x.x.x
> >  Received Date: Fri, 04 Sep 2020 16:37:40 +0200
> >  SPF Alignment: no
> >  DKIM Alignment: no
> >  DMARC Results: None, Accept
> >
> >-- This is a copy of the headers that were received before the error
> >   was detected.
> >
> >
> >[then all headers of the offending message here that I removed for this
> post]
> >
> >
> >Thanks a lot for your infos and help.
> >
> >Kind regards,
> >
> >Sébastien RICCIO
> >SYSTEM ADMINISTRATOR
> >P  +41 840 888 888
> >F  +41 840 888 000
> >M sric...@swisscenter.com
> >
> >
> >
> >
> >
> >-=-=-=-=-=-
> >[Alternative: text/html]
> >-=-=-=-=-=-
> >-=-=-=-=-=-
> >___
> >mailop mailing list
> >mailop@mailop.org
> >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> >-=-=-=-=-=-
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] antispamcloud.com (SpamExperts) forensics reports format

2020-09-09 Thread Sébastien Riccio via mailop 
Hello,

We are parsing dmarc reports using parsedmarc and the forensics reports coming 
from antispamcloud.com seems not to follow the recommended reporting format 
(AFRF) and therefore are considered invalid.

Maybe is there anyone from SpamExperts in this list that could enlighten me 
about how we could request to receive the reports in a common format?

If I understand correctly that should be the case by default:

https://tools.ietf.org/html/rfc7489#section-7.3
When a Domain Owner requests failure reports for the purpose of
forensic analysis, and the Mail Receiver is willing to provide such
reports, the Mail Receiver generates and sends a message using the
format described in [AFRF]; this document updates that reporting
format, as described in Section 7.3.1.

https://tools.ietf.org/html/rfc7489#section-6.3
rf:  Format to be used for message-specific failure reports (colon-
  separated plain-text list of values; OPTIONAL; default is "afrf").
  The value of this tag is a list of one or more report formats as
  requested by the Domain Owner to be used when a message fails both
  [SPF] and [DKIM] tests to report details of the individual
  failure.  The values MUST be present in the registry of reporting
  formats defined in Section 11; a Mail Receiver observing a
  different value SHOULD ignore it or MAY ignore the entire DMARC
  record.  For this version, only "afrf" (the auth-failure report
  type defined in [AFRF]) is presently supported.  See Section 7.3
  for details.  For interoperability, the Authentication Failure
  Reporting Format (AFRF) MUST be supported.


Instead we receive it with this format:

A message claiming to be from you has failed the published DMARC
policy for your domain.

  Sender Domain: xyz.ch
  Sender IP Address: x.x.x.x
  Received Date: Fri, 04 Sep 2020 16:37:40 +0200
  SPF Alignment: no
  DKIM Alignment: no
  DMARC Results: None, Accept

-- This is a copy of the headers that were received before the error
   was detected.


[then all headers of the offending message here that I removed for this post]


Thanks a lot for your infos and help.

Kind regards,

Sébastien RICCIO
SYSTEM ADMINISTRATOR
P  +41 840 888 888
F  +41 840 888 000
M sric...@swisscenter.com





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop