Authentication results header when message has multiple DKIM signatures from Cristian Mammoli on 2014-08-31 (OpenDKIM Users mailing list)

From: Cristian Mammoli <c.mammoli_at_apra.it>
Date: Sun, 31 Aug 2014 09:06:18 +0200

Hi list, I'm using opendkim milter with opendmarc milter. I noticed a
lot of messages from amazonses are getting refused by the dmarc milter.
After further investigation I noticed the if a message has multiple dkim
signatures only the first domain is reported in the Authentication
results header:

Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.3.0
Auth-Failure: dmarc
Authentication-Results: mail.bzone.it; dmarc=fail header.from=amazon.it
Original-Envelope-Id: 7DB7C14C066C
Original-Mail-From:20140831063042f6f1ac0e71a84251a4d3d05a0b5d5742-C1NWZ0IM6YBHRQ_at_bounces.amazon.com
Source-IP: 54.240.0.77
Reported-Domain: amazon.it

Authentication-Results: mail.bzone.it; dkim=pass reason="1024-bit key"
        header.d=amazonses.comheader.i=_at_amazonses.com header.b=SWf+j+b2;
        dkim-adsp=pass
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; t=1409466642;
        h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Feedback-ID;
        bh=wmHc8UgY7ozrcH8VFzWg2umPhYSwbUdyJdOc3edIexI=;
        b=SWf+j+b2CKLDTK6ZgoVVLZolJ0fePVxbbkYEgdI5SGs4GKXfcLy+SLFtA7kzXJwx
        pZYPDUaTegN6ef61BqYNIN3xqQpmE1izj1SFLzzfyWBhDXD7f3acQvJiIFTHrvN43Oe
        geBA7cgVLoZJ+LJ7cbHInscvDf4FTwG72eByh5is=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=iltqsb7upau2q3qxme4cdwlxyxynl66h; d=amazon.it; t=1409466642;
        h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
        bh=wmHc8UgY7ozrcH8VFzWg2umPhYSwbUdyJdOc3edIexI=;
        b=fegvU6DTAZu62251/5w7ZmpBqVDp5Kv60qKckrG4/Vyd1jiLpWPJSP3CfokLuO4W
        TJqOuXCes9eUJefKVLqVQhVEgAg4q0VVCDCTkl11RfqAb3AdJisViDDkJC/YcrzxDvi
        0hULrmQg7FRpTs6uyvBVQ3qAb83c06ISxSoxHsyw=
Date: Sun, 31 Aug 2014 06:30:42 +0000
From: "Amazon.it"<promotion-it_at_amazon.it>

OpenDMARC refuses the message because only amazonses.com is reported in
the Authentication-results header, while the message is from _at_amazon.it.

Am I missing something here? Is this supposed to be correct?

Ty

-- 
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)

Received on Sun Aug 31 2014 - 07:06:32 PST

This archive was generated by hypermail 2.3.0 : Sun Aug 31 2014 - 09:36:01 PST