dmarc-srg
dmarc-srg copied to clipboard
liuch
Please add RUF support
Feature request:
As title says: Please add RUF Support! I love your tool!
Hello, ReVoLt112 I'm a little confused. Do mail servers send out such reports now? I haven't received any RUF report yet. I thought that sending such reports was the exception rather than the rule.
OpenDMARC is one package that supports sending these reports, but Im not sure that they require any processing. There is little there beyond the originating IP address, From: address, and the reported failed DMARC domain.
For my small mail server, I simply point my domain's RUF= to postmaster, and also BCC postmaster with any Failure Reports that OpenDMARC generates for other domains, just to keep an eye on them.
There is certainly no XML attachment etc, that I have seen, however I am a tiny MTA by general standards, so dont decide based on my feedback. I only wished to confirm that indeed, some mail servers do send these out.
Hello, ReVoLt112 I'm a little confused. Do mail servers send out such reports now? I haven't received any RUF report yet. I thought that sending such reports was the exception rather than the rule.
You can have some if you post emails into Debian mailing lists or something Debian packaging related. Most probably because I sent an email to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031114#43 and it got forwarded to a mailing list
Anyway, here is an example. But RUF reports are pretty rare.
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from dc4.servers.datacenters.network
by dc4.servers.datacenters.network with LMTP
id sPIbGXFX6WPADwAA3BZZyA
(envelope-from <[email protected]>)
for <[email protected]>; Sun, 12 Feb 2023 21:17:37 +0000
Received: from localhost (localhost [127.0.0.1])
by dc4.servers.datacenters.network (Postfix) with ESMTP id 63D3B4521D
for <[email protected]>; Sun, 12 Feb 2023 21:17:37 +0000 (UTC)
X-Virus-Scanned: Yes
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-9999 required=6.31
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: dc4.servers.datacenters.network (amavisd-new);
dkim=pass (2048-bit key) header.d=disroot.org
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=178.21.23.139; helo=knopi.disroot.org; [email protected]; receiver=<UNKNOWN>
Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by dc4.servers.datacenters.network (Postfix) with ESMTPS id 535425033F
for <[email protected]>; Sun, 12 Feb 2023 21:17:19 +0000 (UTC)
Received: by disroot.org (Postfix, from userid 121)
id 2779C4141B; Sun, 12 Feb 2023 22:21:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
t=1676236868; bh=+oab3VApCV5KHW+wuYRugjyw2ilLYj446KAtpDsw0S8=;
h=From:To:Date:Subject;
b=GUNKzUyJFQkP+ATi8g0+VGy3MiSFGSwS6ivNKkSX/alahAgBUxz6IUiNa/vq6MtLD
IkpnDl+8hhGsUDkVjhZY3QyoETeVwKJoAdMwKNE6Cww3GV5NIkNB9C8H/wypclIuOz
vnV696VHZ8Bc1mI4L4mhneH/8BvZ9SAXsKjB/9Cz/EnDDsTsI+ZRHHrzIldnpQICtn
/FlgzbxIMmM7wflAbGWsYARqVcbi1gefwdfnr1YM7wdfkBSAVwqckD+zCFYXsUVlAX
PpPnzXjl3krLtNbfUfavozf0WhAw1mlrY+7RrSqIgd0QbLd6HImq6oLw4UuU/DAj1i
h9QZ81W+fFzwg==
From: OpenDMARC Filter <[email protected]>
To: [email protected]
Date: Sun, 12 Feb 2023 22:21:08 +0100 (CET)
Subject: FW: [Pkg-javascript-devel] Bug#1031114: fwd
MIME-Version: 1.0
Content-Type: multipart/report;
report-type=feedback-report;
boundary="disroot.org:12D3E4129B"
Message-Id: <[email protected]>
--disroot.org:12D3E4129B
Content-Type: text/plain
This is an authentication failure report for an email message received from IP
185.73.44.171 on Sun, 12 Feb 2023 22:21:08 +0100 (CET).
--disroot.org:12D3E4129B
Content-Type: message/feedback-report
Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.4.0
Auth-Failure: dmarc
Authentication-Results: OpenDMARC; dmarc=fail header.from=wdes.fr
Original-Envelope-Id: 12D3E4129B
Original-Mail-From: pkg-javascript-devel-bounces+shirish12=disroot.org@alioth-lists.debian.net
Source-IP: 185.73.44.171 (alioth-lists-01.debian.net)
Reported-Domain: wdes.fr
--disroot.org:12D3E4129B
Content-Type: text/rfc822-headers
Authentication-Results: disroot.org;
dkim=fail reason="signature verification failed" (4096-bit key; unprotected) header.d=wdes.fr [email protected] header.a=rsa-sha256 header.s=mail header.b=cXABK64c;
dkim-atps=neutral
Received: from localhost ([::1] helo=alioth-lists-01.debian.net)
by alioth-lists-01.debian.net with esmtp (Exim 4.92)
(envelope-from <pkg-javascript-devel-bounces+shirish12=disroot.org@alioth-lists.debian.net>)
id 1pRJmV-0006IR-JG
for [email protected]; Sun, 12 Feb 2023 21:21:07 +0000
Received: from buxtehude.debian.org ([2607:f8f0:614:1::1274:39])
by alioth-lists-01.debian.net with esmtps
(TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
(envelope-from <[email protected]>) id 1pRJmT-0006G5-Dm
for [email protected];
Sun, 12 Feb 2023 21:21:05 +0000
Received: from debbugs by buxtehude.debian.org with local (Exim 4.94.2)
(envelope-from <[email protected]>)
id 1pRJmR-002hkX-BG; Sun, 12 Feb 2023 21:21:03 +0000
X-Loop: [email protected]
Resent-From: William Desportes <[email protected]>
Resent-To: [email protected]
Resent-CC: Debian Javascript Maintainers
<[email protected]>
X-Loop: [email protected]
Resent-Date: Sun, 12 Feb 2023 21:21:02 +0000
Resent-Message-ID: <[email protected]>
X-Debian-PR-Message: followup 1031114
X-Debian-PR-Package: src:jquery-timepicker
X-Debian-PR-Keywords: bookworm sid
References: <[email protected]> <[email protected]>
X-Debian-PR-Source: jquery-timepicker
Received: via spool by [email protected]
id=B1031114.1676236586642446
(code B ref 1031114); Sun, 12 Feb 2023 21:21:02 +0000
Received: (at 1031114) by bugs.debian.org; 12 Feb 2023 21:16:26 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=4.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MURPHY_DRUGS_REL8,ONEWORD,
SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no
version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 16; hammy, 81; neutral, 32; spammy, 1.
spammytokens:0.946-+--H*r:bugs.debian.org
hammytokens:0.000-+--backports, 0.000-+--debian's, 0.000-+--debians,
0.000-+--backport, 0.000-+--HAuthentication-Results:4096-bit
Received: from dc4.servers.datacenters.network ([185.171.202.122]:11129)
by buxtehude.debian.org with esmtps
(TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.94.2) (envelope-from <[email protected]>)
id 1pRJhy-002h7m-L3
for [email protected]; Sun, 12 Feb 2023 21:16:26 +0000
X-Virus-Scanned: Yes
Authentication-Results: dc4.servers.datacenters.network (amavisd-new);
dkim=pass (4096-bit key) header.d=wdes.fr
Date: Sun, 12 Feb 2023 22:16:18 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wdes.fr; s=mail;
t=1676236350; bh=cLO/QFqTl29gATIuAig8rmdBlfx1xEMSJC+A+v61Q84=;
h=From:To:Subject:In-Reply-To:References;
b=cXABK64c70nJsRrjsNxT+lIsJjwn9d7J9UM3nl4SswnZJSGemDCITuUNqw2FCHBj4
wgqfaG/P8vxrMITjTq/Q9meE0NjP+L1X1PENcuut2g4PwuwgGjnVPVxd+Q4JgCbMpF
ka4vEazjLZd+99uciWKMwclF1iMiknEybNga2CS2nPYr0ZXe9/DU+beut7PQnjxXNr
p5dlic6NZ7yqNczJYCqZNRzcrgcSoCeeE7dwr9mCN4JBpKX1gJ1O0dKZS8rjfpSoZ8
9CqF1NAVMbrOqKvD8ToXBxQHopBAS8ARek6NnRu1Ls6V8pxFXveIgDqPbtgAe/OBYZ
z88phhWrJWRPDnN4Clz7RWb3vDesBGRTTCRQwiXhyT+nRLoHcJamccCKuL/Acutl5w
WBmgGtrGpDt9hMlj2/V4jmyvxEtbNpPDENitNErkIu+PsUNG7K+mjUfqGcrcZP3/mH
oWBBxPMTJ3vzYUC28QHsVkeCR20o4stXlRhGfoJN+Eu2o+WL1oTQTirIj6QOXqGBj7
s8G8FNdnPnExW5NPHXtDwjQVPFbBHg4553srKacl6nmDzfgkRv40JjVKTGJ3MR6Hbn
0H3+Z+Z9XY/yZMNcMYy75609YrRQRQ0mm9q9cBCNo8++IEiX0ycOb7wQqV4q/2bbGz
bTBk51pO88I0EzvPe7t04O/c=
From: William Desportes <[email protected]>
To: Andres Salomon <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
Message-ID: <[email protected]>
Mime-Version: 1.0
Received-SPF: pass client-ip=2607:f8f0:614:1::1274:39;
[email protected]; helo=buxtehude.debian.org
x-debian-approved: yes
Subject: [Pkg-javascript-devel] Bug#1031114: fwd
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: pkg-javascript main list
<pkg-javascript-devel.alioth-lists.debian.net>
List-Unsubscribe: <https://alioth-lists.debian.net/cgi-bin/mailman/options/pkg-javascript-devel>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe: <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel>,
<mailto:[email protected]?subject=subscribe>
Reply-To: William Desportes <[email protected]>, [email protected]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pkg-javascript-devel-bounces+shirish12=disroot.org@alioth-lists.debian.net
Sender: "Pkg-javascript-devel"
<pkg-javascript-devel-bounces+shirish12=disroot.org@alioth-lists.debian.net>
--disroot.org:12D3E4129B--
That seems to be generated by OpenDMARC, as I mentioned earlier. I dont mean to state the obvious, but for anyone unfamiliar with OpenDMARC, the relevent bit is the "Content-Type: message/feedback-report" section (the failure report), and the plain text immediately above it (pre-amble). The rest seems to be headers from the RUF email sent by OpenDMARC (above) and the attached original (below), having passed through amavisd-new and SpamAssassin.
Essentially, my understanding is that all OpenDMARC does in this case is to read the "Authentication-Results" headers added by a pre-processor such as OpenDKIM, or in this case, amavisd-new, and then optionally emails the RUF report if any of those checks failed. (In addition to its other job of sending out the daily DMARC alignment reports).
Again, appologies if this is obvious, but having recently set up another mail server (with OpenDMARC), its familiar to me, and it felt like the RUF example above, may have been buried in amongst all of those headers.