Hi therem Hoping someone can help me get to the bottom of this one. I'm in the process of configuring Exim to process inbound DMARC validation and hope to configure DMARC reporting using the Exim DMARC history file in combination with OpenDmarc.
Exim is validating SPF/DKIM and DMARC as expected in inbound email (well as far as I can tell), however for some reason our DMARC history file isn't being populated with complete authentication results. Below is a example DMARC history log entry for message 1q6haa-00FZGj-13, as you can see Exim hasn't populated the SPF and DKIM authentication results: job 1q6haa-00FZGj-13 reporter test.hostname.com.au received 1686099833 ipaddr 209.85.210.41 from gmail.com mfrom gmail.com spf 0 dkim gmail.com 0 pdomain gmail.com policy 15 rua mailto:mailauth-repo...@google.com pct 100 adkim 114 aspf 114 p 110 sp 113 align_dkim 4 align_spf 4 action 2 Here is the main.log entry for the delivery 1q6haa-00FZGj-13: 2023-06-07 11:03:52.180 [3710497] SPF validation passed 2023-06-07 11:03:52.522 [3710497] 1q6haa-00FZGj-13 DKIM validation passed 2023-06-07 11:03:52.522 [3710497] 1q6haa-00FZGj-13 DKIM: d=gmail.com s=20221208 c=relaxed/relaxed a=rsa-sha256 b=2048 t=1686099829 x=1688691829 [verification succeeded] 2023-06-07 11:03:53.120 [3710497] 1q6haa-00FZGj-13 H=mail-ot1-f41.google.com [209.85.210.41]:57397 I=[103.209.24.57]:25 Warning: "SpamAssassin as sslreservedsite detected message as NOT spam (-0.2)" 2023-06-07 11:03:53.122 [3710497] 1q6haa-00FZGj-13 DMARC results: spf_domain=gmail.com dmarc_domain=gmail.com spf_align=yes dkim_align=yes enforcement='Accept' 2023-06-07 11:03:53.125 [3710497] 1q6haa-00FZGj-13 H=mail-ot1-f41.google.com [209.85.210.41]:57397 I=[103.209.24.57]:25 Warning: DMARC STATUS: accept gmail.com 2023-06-07 11:03:53.137 [3710497] 1q6haa-00FZGj-13 <= macken...@gmail.com H=mail-ot1-f41.google.com [209.85.210.41]:57397 I=[103.209.24.57]:25 P=esmtps L.- X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no SNI=mail.testdomain.com S=4762 M8S=0 DKIM=gmail.com RT=0.193s id=CAD2o6GwSZLrehVOiQDzw7PB9Z1jZsH9RjT=mmyfs31xj-nm...@mail.gmail.com T="test" from <macken...@gmail.com> for macken...@testdomain.com 2023-06-07 11:03:53.162 [3710506] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1q6haa-00FZGj-13 2023-06-07 11:03:53.342 [3710506] 1q6haa-00FZGj-13 => mackenzie <macken...@testdomain.com> F=<macken...@gmail.com> P=<macken...@gmail.com> R=virtual_user T=dovecot_virtual_delivery S=4986 C="250 2.0.0 <macken...@testdomain.com> LJHTEHnXf2QunjgAK/qN0w Saved" QT=0.822s DT=0.083s 2023-06-07 11:03:53.343 [3710506] 1q6haa-00FZGj-13 Completed QT=1.016s Relevant mail headers: X-DKIM: DKIM validation passed: (address=macken...@gmail.com domain=gmail.com), signature is good Received-SPF: pass (test.hostname.com.au: domain of gmail.com designates 209.85.210.41 as permitted sender) client-ip=209.85.210.41; envelope-from=macken...@gmail.com; helo=mail-ot1-f41.google.com; Authentication-Results: test.hostname.com.au; iprev=pass (mail-ot1-f41.google.com) smtp.remote-ip=209.85.210.41; spf=pass smtp.mailfrom=gmail.com; dkim=pass header.d=gmail.com header.s=20221208 header.a=rsa-sha256; dmarc=pass header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686099829; x=1688691829; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=bSHuoI85Pm9RxcaYBalhLZ/eEUMmxQvUFo5ZMye14lQ=; b=Z+XJpdyQKNQeLkIFbFuKVq53sq3X0gzmrukK+LoU1JWuXHiQCcC0Wz3GJJxSo26cBJ bB/iQxu4zodOA6zXBacsEucHuYez+gt1aGj9jq9kiwtS9Ny0tTiXqF2zFAubf64gxGDl mH4EsIdlRNnY3uR6x/+ct/OywqlpfaCGD06QBnqmmnV1jPlCEnvp7OyL8RIb51pnwbQj cUswDRh9lVzps6GgcFItkj3sdInD2T7jp4JOHLREHJQlfeyYt1vZ6yraE3x4cZO/ltOx Nhmg0bo6tvBgC7q2TLejud3ZK/1DKAgs0iu2H+xGEsQsdD2MFm3GTqBzt8AH5cmeH5/z aD8A== Received-SPF: pass (test.hostname.com.au: domain of gmail.com designates 209.85.210.41 as permitted sender) client-ip=209.85.210.41; envelope-from=macken...@gmail.com; helo=mail-ot1-f41.google.com; Exim version details: Exim version 4.96 #2 built 22-Nov-2022 14:41:01 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL TLS_resume Content_Scanning DANE DKIM DMARC DNSSEC Event OCSP PIPECONNECT PRDR PROXY Queue_Ramp SOCKS SPF TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 2023-06-07 10:49:23.444 [3709262] cwd=/etc/mail/spamassassin 2 args: exim -bV Configuration file is /etc/exim/exim.conf In exim.conf we have the following relevant configurations (I've listed these in no particular order): Main options dmarc_tld_file = /usr/share/publicsuffix/public_suffix_list.dat dmarc_history_file = /var/spool/exim/opendmarc.dat dmarc_forensic_sender = noreply-dm...@hostname.com.au acl_smtp_data: warn dmarc_status = accept : none : off !authenticated = * log_message = DMARC STATUS: $dmarc_status $dmarc_used_domain warn dmarc_status = !accept !authenticated = * log_message = DMARC STATUS: '$dmarc_status' for $dmarc_used_domain warn dmarc_status = quarantine !authenticated = * set acl_m_quarantine = 1 deny dmarc_status = reject !authenticated = * message = Message from $dmarc_used_domain failed sender's DMARC policy, REJECT warn add_header = :at_start:${authresults {$primary_hostname}} acl_smtp_dkim: acl_smtp_dkim: deny dkim_status = fail message = DKIM validation failed: $dkim_verify_status log_message = DKIM validation failed: $dkim_verify_status \ (address=$sender_address, domain=$dkim_cur_signer), \ signature is bad defer dkim_status = invalid message = DKIM signature invalid: $dkim_verify_status log_message = DKIM signature invalid: $dkim_verify_status \ (address=$sender_address, domain=$dkim_cur_signer), \ invalid signature accept # Add an X-DKIM header to the message add_header = :at_start: X-DKIM: DKIM validation passed: \ (address=$sender_address domain=$dkim_cur_signer), \ signature is good logwrite = DKIM validation passed acl_smtp_rcpt: accept hosts = : control = dkim_disable_verify control = dmarc_disable_verify accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify control = dmarc_disable_verify accept authenticated = * control = submission control = dkim_disable_verify control = dmarc_disable_verify acl_smtp_mail: # SPF validation deny spf = fail : softfail message = SPF validation failed: \ $sender_host_address is not allowed to send mail from \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}} log_message = SPF validation failed\ ${if eq{$spf_result}{softfail} { (softfail)}{}}: \ $sender_host_address is not allowed to send mail from \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}} deny spf = permerror message = SPF validation failed: \ syntax error in SPF record(s) for \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}} log_message = SPF validation failed (permerror): \ syntax error in SPF record(s) for \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}} defer spf = temperror message = temporary error during SPF validation; \ please try again later log_message = SPF validation failed temporary; deferred # Log SPF none/neutral result warn spf = none : neutral log_message = SPF validation none/neutral accept # Add an SPF-Received header to the message add_header = :at_start: $spf_received logwrite = SPF validation passed >From my understanding Exim's dmarc_history_file provides all data required to >generate DMARC reports using OpenDmarc however the data logged by Exim in my >example is not enough information for DMARC report generation, so I suspect >the issue is within my Exim configuration although I'm at a complete loss to >where this configuration is incomplete or inaccurate. What am I missing here? >Please help! All the best, Mackenzie -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
