Amavis and OpenDMARC
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Nov 15 09:03:26 CET 2023
>On 14/11/2023 23:00, Matus UHLAR - fantomas wrote:
>>That's not what I was talking about.
>>
>>If anyone sets fo=0 in dmarc record of a domain, they will get
>>notification for every mail from their domain that gets forwarded
>>through a mailing list
>>
>>(or via other means)
>>
>>I would understand if those reports were required for DKIM fail or
>>SPF fail, but missing aligned SPF pass is something common with
>>mailing lists.
On 15.11.23 13:03, Noel Butler wrote:
>You only get them on failures not every message, and no, not all
>mailing lists fail on DKIM, those who take the time to configure
>mailman properly should be fine.
sorry, mistake was supposed write fo=1
By RFC 7489, section 6.3:
fo: Failure reporting options (plain-text; OPTIONAL; default is "0")
[...]
1: Generate a DMARC failure report if any underlying
authentication mechanism produced something other than an
aligned "pass" result.
This in my understanding generates failure reports for any forwarded mail
including any mail to lists that do not completely rewrite From:
(including this one mailing list)
- even if DKIM is preserved and valid, such mail won't generate aligned SPF
pass
unless you have better explanation of that section...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.
More information about the amavis-users
mailing list