Amavis and OpenDMARC

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Nov 28 10:45:01 CET 2023 

>>I agree that DKIM designers messed this up quite much.
>>But again, we are here talking about DMARC.

>>On 21.11.23 12:06, Noel Butler wrote:
>But they are inter-twined, DMARC just does what DKIM and SPF declare, 
>so any perceived DMARC issues *do* include DKIM and SPF

but this is irelevant here.

>On 21/11/2023 20:08, Matus UHLAR - fantomas wrote:
>>I believe the issue lies in bad formulation of condition for fo:
>
>>The problem I see is that with "fo=1" it should be reported, even if 
>>everything is okay.

On 28.11.23 10:36, Noel Butler wrote:
>Well, if there is a pass and a failure not "everything" is OK.

Not "a pass and a failure". A DKIM pass and SPF pass.

But when the SPF is not aligned, DMARC wording requires sending report for 
"fo=1", because of RFC 
	something other than an aligned "pass" result.

reporting 2 passes but inaligned is non-sense and quite common for mail 
forwarding, and mailing lists, including this one.

>>Perhaps RFC 7489 needs clarification of what exactly needs to be 
>>reported and what not.
>
>7489  makes fo=1|s|d clear, perhaps fo=0 could be worded differently, 

>most of us, or perhaps just many of us,  understand 0 means only if 

I did a mistake before and corrected it:

Wording of fo=0 is fine, report is only send for failed DMARC check.
The unaligned SPF is only issue when DKIM fails.


>everything fails then send a report because thats how I see it and how 
>it seemed to work when first ran DMARC until I moved fo=1 because I 
>want to get failure reports - remember, not all failure reports go to 
>humans ;)

>Generally people who halve some idea of what they are doing don't 
>bother with RFC's, perhaps the problem is with the software 
>documentation as that's what they tend to go for.

So, generally do you recommend us not to follow RFC and risk possible issues 
that are currently unseen?
I prefer fixing the RFC instead.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.

More information about the amavis-users mailing list