Re: Authentication results header when message has multiple DKIM signatures from Alexandre Ellert on 2014-08-31 (OpenDKIM Users mailing list)

From: Alexandre Ellert <aellert_at_numeezy.com>
Date: Sun, 31 Aug 2014 17:27:49 +0200

2014-08-31 9:06 GMT+02:00 Cristian Mammoli <c.mammoli_at_apra.it>:

> Hi list, I'm using opendkim milter with opendmarc milter. I noticed a lot
> of messages from amazonses are getting refused by the dmarc milter. After
> further investigation I noticed the if a message has multiple dkim
> signatures only the first domain is reported in the Authentication results
> header:
>
> Feedback-Type: auth-failure
> Version: 1
> User-Agent: OpenDMARC-Filter/1.3.0
> Auth-Failure: dmarc
> Authentication-Results: mail.bzone.it; dmarc=fail header.from=amazon.it
> Original-Envelope-Id: 7DB7C14C066C
> Original-Mail-From:20140831063042f6f1ac0e71a84251a4d3d05a0b5d5742-
> C1NWZ0IM6YBHRQ_at_bounces.amazon.com
> Source-IP: 54.240.0.77
> Reported-Domain: amazon.it
>
> Authentication-Results: mail.bzone.it; dkim=pass reason="1024-bit key"
> header.d=amazonses.comheader.i=_at_amazonses.com header.b=SWf+j+b2;
> dkim-adsp=pass
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
> s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; t=1409466642;
> h=Date:From:To:Message-ID:Subject:MIME-Version:Content-
> Type:Feedback-ID;
> bh=wmHc8UgY7ozrcH8VFzWg2umPhYSwbUdyJdOc3edIexI=;
> b=SWf+j+b2CKLDTK6ZgoVVLZolJ0fePVxbbkYEgdI5SGs4GKXfcLy+SLFtA7kzXJwx
> pZYPDUaTegN6ef61BqYNIN3xqQpmE1izj1SFLzzfyWBhDXD7f3acQvJiIFTH
> rvN43Oe
> geBA7cgVLoZJ+LJ7cbHInscvDf4FTwG72eByh5is=
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
> s=iltqsb7upau2q3qxme4cdwlxyxynl66h; d=amazon.it; t=1409466642;
> h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
> bh=wmHc8UgY7ozrcH8VFzWg2umPhYSwbUdyJdOc3edIexI=;
> b=fegvU6DTAZu62251/5w7ZmpBqVDp5Kv60qKckrG4/Vyd1jiLpWPJSP3CfokLuO4W
> TJqOuXCes9eUJefKVLqVQhVEgAg4q0VVCDCTkl11RfqAb3AdJisViDDkJC/
> YcrzxDvi
> 0hULrmQg7FRpTs6uyvBVQ3qAb83c06ISxSoxHsyw=
> Date: Sun, 31 Aug 2014 06:30:42 +0000
> From: "Amazon.it"<promotion-it_at_amazon.it>
>
> OpenDMARC refuses the message because only amazonses.com is reported in
> the Authentication-results header, while the message is from _at_amazon.it.
>
> Am I missing something here? Is this supposed to be correct?
>
> Ty
>
>
> --
> Mammoli Cristian
> System administrator
> T. +39 0731 22911
> Via Brodolini 6 | 60035 Jesi (an)
>
>
>
Hello,

I had encountered a similar issue before and I've set
AddAllSignatureResults to true.

Alexandre
Received on Sun Aug 31 2014 - 15:28:08 PST

This archive was generated by hypermail 2.3.0 : Sun Aug 31 2014 - 15:36:02 PST