OpenDMARC icon indicating copy to clipboard operation
OpenDMARC copied to clipboard
verified publisher icon trusteddomainproject

fo=0 seems to be ignored

Open Pentium4User opened this issue 10 months ago • 1 comments

Hello!

I asked that on the mailing list, but nobody replied, so I'll try it here.

A postmaster told me that my system is generating DMARC failure reports for his mails that pass SPF, but have no DKIM signature.

This is the original mail:

Return-Path: [email protected] Received: from srv1.dorfdsl.de ([unix socket]) by srv1 (Cyrus 3.8.1-Debian-3.8.1-1~bpo12+1) with LMTPA; Tue, 18 Feb 2025 20:04:52 +0100 X-Cyrus-Session-Id: cyrus-1739905492-308616-1-13008908454820145790 X-Sieve: CMU Sieve 3.0 Authentication-Results: srv1.dorfdsl.de; dmarc=fail (p=quarantine dis=none) header.from=ausics.net Authentication-Results: srv1; spf=pass (sender SPF authorized) smtp.mailfrom=mail.ausics.net (client-ip=120.88.115.158; helo=valhalla.ausics.net; [email protected]; receiver=<UNKNOWN>) Received: from mail.ausics.net (valhalla.ausics.net [120.88.115.158]) by srv1.dorfdsl.de (8.18.1/8.18.1/Debian-6~bpo12+1) with ESMTPS id 51IJ4mph308611 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for [email protected]; Tue, 18 Feb 2025 20:04:51 +0100 Received: by mail.ausics.net (Postfix, from userid 0) id DE109200120; Wed, 19 Feb 2025 05:04:45 +1000 (AEST) From: [email protected] To: [email protected] Date: Wed, 19 Feb 2025 05:04:45 +1000 (AEST) Subject: FW: Re: IPv6 Geolocation per /64 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="mail.ausics.net:2E5C3200097" Message-Id: [email protected]

_dmarc.ausics.net. 85931 IN TXT "v=DMARC1; p=quarantine; aspf=r; adkim=r; rua=mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected]; fo=0;"

fo=0 means that a report should only be generate if all mechanisms don't create a pass result.

This isn't the case for this message.

I call the milters in this order: INPUT_MAIL_FILTER(opendkim', S=unix:/run/opendkim/opendkim.sock') INPUT_MAIL_FILTER(pyspf', S=local:/run/pyspf-milter/pyspf-milter.sock') INPUT_MAIL_FILTER(opendmarc', S=local:/run/opendmarc/opendmarc.sock')

Is that a problem in OpenDMARC or at another place?

-- kind regards Marco

Pentium4User avatar Mar 07 '25 05:03 Pentium4User