dmarc report faild ?

Ivan Warren ivan at vmfacility.fr
Thu Aug 24 22:05:16 EEST 2017


In the same vein,

I am receiving forensic DMARC reports from mx01.nausch.org.

Whenever I send a message to the mailing list or when my server sends a 
DMARC report, I'm getting a DMARC Forensic report.

It's odd, because the actual report tells me both DKIM and SPF (in the 
the of a DMARC report) pass...

Here is what I am getting :

This is an authentication failure report for an email message received from IP
163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST).



Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.3.2
Auth-Failure: dmarc
Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr
Original-Envelope-Id: 7AA88C00088
Original-Mail-From:mreport at vmfacility.fr
Source-IP: 163.172.81.229 (db04.ivansoftware.com)
Reported-Domain: vmfacility.fr



Authentication-Results: mx1.nausch.org;
	dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr  header.b="oHXeoWbW"
Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom=<mreport at vmfacility.fr>  smtp.helo=db04.ivansoftware.com
Received: from db04 (localhost [127.0.0.1])
	by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870
	for<dmarc-reports at nausch.org>; Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at db04
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr;
	s=mail; t=1503596702;
	bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=;
	h=To:From:Subject:Date:From;
	b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv
	 0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC
	 902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5
	 +RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm
	 p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu
	 LePx9Q8z3nALg==
To:dmarc-reports at nausch.org
From:mreport at vmfacility.fr
Subject: Report Domain: nausch.org Submitter:  Report-ID: nausch.org-1503596702@
X-Mailer: opendmarc-reports v1.3.2
Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
Message-ID: <nausch.org-1503596702@>
Auto-Submitted: auto-generated
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="report_section"

************************

Note that the first part says authentication failed, but the second part 
(which is the mail headers for a legit DMARC aggregate report sent to 
the published DMARC rua for nausch.org) passes all the tests - both DKIM 
and SPF.

I am also getting forensic reports from this MTA when posting to the list.

So my guess is someone at nausch.org on this mailing list might have a 
misbehaving DMARC responder/filter.

Note also that this is the only domain/MX I have had so far that 
responds in that way (that is - one that sends me a failed DMARC 
forensic report for a message I *KNOW* I sent - validated and through my 
SPF validated and with headers which are properly DKIM signed).

--Ivan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3970 bytes
Desc: Signature cryptographique S/MIME
URL: <http://dovecot.org/pipermail/dovecot/attachments/20170824/fc873907/attachment-0001.p7s>


More information about the dovecot mailing list