search

trusteddomainproject / OpenDMARC

This is the Trusted Domain Project's impementation of the DMARC protocol libary and mail filter, called OpenDMARC. A "milter" connects to unix-based mailers (originally, sendmail, but now many) and provides a standard filtering API.
Other
98 stars 52 forks source link

DKIM results missing from report #230

Open EffectShapiro opened 1 year ago

EffectShapiro commented 1 year ago

Hello,

I am struggling with an opendmarc report.

distribution: Debian buster kernel: 4.19.0-9-amd64 opendmarc version : 1.4.1.1-2~bpo10+1

An another provider's report

    <auth_results>
      <dkim>
        <domain>domain.tld</domain>
        <result>pass</result>
        <selector>20200212</selector>
      </dkim>
      <dkim>
        <domain>domain.tld</domain>
        <result>pass</result>
        <selector>20200212</selector>
      </dkim>
      <spf>
        <domain>provider.domain.tld</domain>
        <result>pass</result>
      </spf>
    </auth_results>

Ours

      <auth_results>
          <spf>
              <domain>domain.com</domain>
              <result>pass</result>
          </spf>
      </auth_results>

Any idea what could cause the DKIM part to be missing ?

Thank you.

mgeisselreiter commented 1 year ago

Hi,

I think I have the same problem - the auth_results section has no report of a DKIM signature. I have checked that all of my outgoing xml reports miss section

  <auth_results>
   <dkim>
    <domain>domain.com</domain>
    <result>pass</result>
   </dkim>
  </auth_results>

So we correctly report dkim pass, but it is missing in auth_results section of report.

   ...
    <row>
      <source_ip>X.X:X.X</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
        <reason>
          <type>local_policy</type>
          <comment>arc=fail</comment>
        </reason>
      </policy_evaluated>
    </row>
   <identifiers>
      <header_from>[somedom.com](http://somedom.com/)</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>[somedom.com](http://somedom.com/)</domain>
        <result>pass</result>
      </spf>
    </auth_results>
   ...

There must be some bug in program what I use for generating reports. I use opendmarc-1.4.1.1-3.el7.x86_64 on CentOS7.

tomkicamp commented 1 year ago

dmarcian has been seeing large numbers of submission environments with this pattern of invalid data.