In the same vein,
I am receiving forensic DMARC reports from mx01.nausch.org.
Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report.
It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass...
Here is what I am getting :
This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST).
Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mreport@vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr
Authentication-Results: mx1.nausch.org;
dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW"
Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom=mreport@vmfacility.fr smtp.helo=db04.ivansoftware.com
Received: from db04 (localhost [127.0.0.1])
by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870
fordmarc-reports@nausch.org; Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at db04
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr;
s=mail; t=1503596702;
bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=;
h=To:From:Subject:Date:From;
b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv
0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC
902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5
+RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm
p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu
LePx9Q8z3nALg==
To:dmarc-reports@nausch.org
From:mreport@vmfacility.fr
Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@
X-Mailer: opendmarc-reports v1.3.2
Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
Message-ID:
Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF.
I am also getting forensic reports from this MTA when posting to the list.
So my guess is someone@nausch.org on this mailing list might have a misbehaving DMARC responder/filter.
Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed).
--Ivan