Amavis and OpenDMARC

Noel Butler noel.butler at ausics.net
Tue Nov 28 01:36:11 CET 2023 

On 21/11/2023 20:08, Matus UHLAR - fantomas wrote:

> On 21.11.23 12:06, Noel Butler wrote:
> 
>> This also depends on how you set DKIM's canonicalization
> 
> this is a (known) problem of DKIM and playing with DMARC will not solve 
> it.
> 
>> Anyone using simple/simple should have a DKIM fail and plenty use that 
>> setting, prior to July this year - when I was using this address on 
>> file with Federal Law Enforcement agencies for receiving shall we say 
>> certain formal requests ;) I used fully strict with simple/simple - as 
>> earlier posts on this list would show
> 
> I agree that DKIM designers messed this up quite much.
> But again, we are here talking about DMARC.

But they are inter-twined, DMARC just does what DKIM and SPF declare, so 
any perceived DMARC issues *do* include DKIM and SPF

> I believe the issue lies in bad formulation of condition for fo:

> The problem I see is that with "fo=1" it should be reported, even if 
> everything is okay.

Well, if there is a pass and a failure not "everything" is OK.
Of all DMARC notices I've had its because DKIM failed, and thankfully 
for me at least all of them are list based, its when I start seeing them 
for non list posts that I'll sit up and take notice.

> Perhaps RFC 7489 needs clarification of what exactly needs to be 
> reported and what not.

7489  makes fo=1|s|d clear, perhaps fo=0 could be worded differently, 
most of us, or perhaps just many of us,  understand 0 means only if 
everything fails then send a report because thats how I see it and how 
it seemed to work when first ran DMARC until I moved fo=1 because I want 
to get failure reports - remember, not all failure reports go to humans 
;)

Generally people who halve some idea of what they are doing don't bother 
with RFC's, perhaps the problem is with the software documentation as 
that's what they tend to go for.

-- 
Regards,
Noel Butler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20231128/dbba65bd/attachment.htm>

More information about the amavis-users mailing list