Closed mariuszpgit closed 1 month ago
Your opendmarc.dat said that RFC5322.from domain is not aligned with Authentication Identifier (smtp.envfrom for SPF, signing domain for DKIM) (RFC 7489 .3.1 Alignment), so both of the reslut of SPF and DKIM was not taken for DMARC check.
Yes, OpenDMARC result from opendmarc.dat for spf and dkim are not aligned.
In the headers are:
Mail from domain: "help.dell.com"
Mail from field: "Dell Tech Support <technical_support@help.dell.com>"
DKIM domain-level identifier d=: "help.dell.com"
They all match, so should be in alignment as described in RFC 7489?
In the headers are:
Mail from domain: "help.dell.com" Mail from field: "Dell Tech Support <technical_support@help.dell.com>" DKIM domain-level identifier d=: "help.dell.com"
They all match, so should be in alignment as described in RFC 7489?
Yes, so if it is also from the message rejected, OpenDMARC was missed the DKIM results.
And then looking your opendmarc.dat again, there is no line start with "dkim ". Also, I overlooked the line below in your "Mail proceed" log:
... # opendmarc opendmarc[65243]: 4WtvtH3HzDz1mM ignoring Authentication-Results at 1 from mailgw.domain.com ...
So I guess the ignored line above was Authentication-Results: header inserted by opendkim milter (, or the result of opendkim milter was not passed to opendmarc milter).
@futatuki thank you, my mistake in AuthservID setting.
Interesting, if I add in OpenDKIM
AuthservIDWithJobId yes
Authentication header is
Authentication-Results: mailgw.domain.com/4WxSjJ71XGz2T5;
and also ignored in mail logs:
opendmarc: 4WxSjJ71XGz2T5: ignoring Authentication-Results at 1 from mailgw.domain.com/4WxSjJ71XGz2T5
Case close.
Hi, this project is great and protect many users, so I hope will be developed.
I think dmarc should be valid, spf and dkim are valid, header from = help.dell.com. On gmail and by checking https://toolbox.googleapps.com/apps/messageheader/ message is valid.
OS: alpine 3.20.2
Some used opendmarc.
Mail logs:
Mail proceed
DNS records:
opendmarc.dat
Headers mail from some personal gmail where message passed, I hidden recipient
Test opendmarc whole source delivered to gmail
and opendkim