[exim] Re: dmarc_history_file - incomplete data logged for s…

Top Page
Delete this message
Reply to this message
Author: Mackenzie Taiaroa
Date:  
To: exim-users
Subject: [exim] Re: dmarc_history_file - incomplete data logged for spf and dkim
Hi Jeremy,

Thanks for your response. The DMARC results line is populated by Exim
when the dmarc_history_file is specified in the main configuration and
the dmarc_status ACL condition is called in acl_smtp_data, for a
sender who has a dmarc policy configured on the domain. Here is a log
except of this process from Exim in debug mode:

3959510 check dmarc_status = accept : none : off
3959510 DMARC using SPF sender domain = gmail.com
3959510 DMARC adding DKIM sender domain = gmail.com
3959510 DNS lookup of _dmarc.gmail.com (TXT) succeeded
3959510 DMARC record found for gmail.com
3959510 LOG: MAIN
3959510 DMARC results: spf_domain=gmail.com dmarc_domain=gmail.com
spf_align=yes dkim_align=yes enforcement='Accept'
3959510 DMARC logging history data for opendmarc reporting

The DMARC results data from Exim (as seen above) are not the complete
authentication results as it excludes the dkim and spf authentication
results, so our history file reports zero data for both spf and dkim
(of course resulting in no DMARC report being able to be generated,
since the required data is not available). This seems unusual because we
observe Exim clearly processing SPF/DKIM/DMARC authentication
correctly but Exim doesn't consolidate those authentication results
into DMARC results history logging.

I can provide the debug output from Exim while processing
SPF/DKIM/DMARC during an inbound email, however these logs are very
verbose so I don't want to pollute this request with the details
unless requested.

Do you know how "DMARC results" in Exim can become more verbose? so
all authentication results are reported/logged, subsequently enabling
OpenDmarc to generate reports using the Exim dmarc_history_log?

Thanks in advance for your help - it's appreciated.

All the best,
Mackenzie

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/