[exim] Re: dmarc_history_file - incomplete data logged for s…

Top Page
Delete this message
Reply to this message
Author: Mackenzie Taiaroa
Date:  
To: exim-users
Subject: [exim] Re: dmarc_history_file - incomplete data logged for spf and dkim
Hi Jeremy,

Thanks for your response. The DMARC results line is populated by Exim when
the dmarc_history_file is specified in the main configuration and the
dmarc_status ACL condition is called in acl_smtp_data, for a sender who has
a dmarc policy configured on the domain. Here is a log except of this
process from Exim in debug mode:

3959510 check dmarc_status = accept : none : off
3959510 DMARC using SPF sender domain = gmail.com
3959510 DMARC adding DKIM sender domain = gmail.com
3959510 DNS lookup of _dmarc.gmail.com (TXT) succeeded
3959510 DMARC record found for gmail.com
3959510 LOG: MAIN
3959510 DMARC results: spf_domain=gmail.com dmarc_domain=gmail.com
spf_align=yes dkim_align=yes enforcement='Accept'
3959510 DMARC logging history data for opendmarc reporting

The DMARC results data from Exim (as seen above) are not the complete
authentication results as it excludes the dkim and spf authentication
results, so our history file reports zero data for both spf and dkim (of
course resulting in no DMARC report being able to be generated, since the
required data is not available). This seems usual because we observe Exim
clearly processing SPF/DKIM/DMARC authentication correctly but Exim doesn't
consolidate those authentication results into DMARC results history logging.

I can provide the debug output from Exim while processing SPF/DKIM/DMARC
during an inbound email, however these logs are very verbose so I don't
want to pollute this request with the details unless requested.

Do you know how "DMARC results" in Exim can become more verbose? so all
authentication results are reported/logged, subsequently enabling OpenDmarc
to generate reports using the Exim dmarc_history_log?

Thanks in advance for your help - it's appreciated.

All the best,
*Mackenzie*

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/