Amavis and OpenDMARC

Noel Butler noel.butler at ausics.net
Sun Nov 12 05:04:42 CET 2023 

On 12/11/2023 13:03, Nick Tait wrote:

> On 12/11/23 15:10, Noel Butler wrote:
> 
>> DMARC (thus OpenDMARC) makes its decision based on the senders DMARC 
>> fo policy -
>> 
>> if policy uses fo=0  then yes, both SPF and DKIM must exist, and both 
>> must pass.
>> 
>> if policy uses fo=1  then no, as a minimum _either_ SPF or DKIM must 
>> exist, and pass, so DMARC will work with only SPF or only DKIM, it 
>> will also work with both, which has the advantage that only one of 
>> these must pass, eg: SPF passes but DKIM fails, DMARC usinng fo=1 will 
>> pass.
>> 
>> I recommend fo=1 for general use but fo=0 for critical areas, like 
>> govts, legal and finance sectors, or those who deal with them on a 
>> very regular basis, in which case they wouldn't be authorised to use 
>> there govt/corp email for private use so if ill-configured mailing 
>> lists for example rejected them, then that's acceptable collateral 
>> damage.
> 
> Hi Noel.
> 
> My understanding of the "fo" option is that it is only used for 
> reporting. i.e. It doesn't control whether the received email is 
> accepted or not, which is always based on _either_ SPF or DKIM checks 
> passing.
> 
> From RFC 7489:
> 
> fo:  Failure reporting options (plain-text; OPTIONAL; default is "0")
> Provides requested options for generation of failure reports.
> Report generators MAY choose to adhere to the requested options.
> This tag's content MUST be ignored if a "ruf" tag (below) is not
> also specified...
> 
> Nick.

Ahhh you're right, my very bad, I was confusing r/s ...

/slap shouldnt do email first thing early Sunday morning after being up 
till 3am watching Cricket :)

-- 
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20231112/e035b255/attachment.htm>

More information about the amavis-users mailing list