In the same vein,
I am receiving forensic DMARC reports from mx01.nausch.org.
Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report.
It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass...
Here is what I am getting :
This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST).
Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mreport@vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr
Authentication-Results: mx1.nausch.org; dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW" Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom=<mreport@vmfacility.fr> smtp.helo=db04.ivansoftware.com Received: from db04 (localhost [127.0.0.1]) by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870 for<dmarc-reports@nausch.org>; Thu, 24 Aug 2017 19:45:02 +0200 (CEST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.99.2 at db04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr; s=mail; t=1503596702; bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=; h=To:From:Subject:Date:From; b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv 0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC 902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5 +RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu LePx9Q8z3nALg== To:dmarc-reports@nausch.org From:mreport@vmfacility.fr Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@ X-Mailer: opendmarc-reports v1.3.2 Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST) Message-ID: <nausch.org-1503596702@> Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="report_section"
Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF.
I am also getting forensic reports from this MTA when posting to the list.
So my guess is someone@nausch.org on this mailing list might have a misbehaving DMARC responder/filter.
Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed).
--Ivan