-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with vali.email SPF macros #262
Comments
devicenull
added a commit
to devicenull/OpenDMARC
that referenced
this issue
Aug 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
vali.email uses macros in their SPF records, they suggest a record of
v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
OpenDMARC reports SPF failures for any domains that are relying on this - after enabling DEBUG mode in libspf2 (and copy over some extra debugging into opendmarc), I was seeing the following issue:
In this case, item type=9 is PARM_HELO_DOM in libspf2. In opendmarc_spf2_test, the HELO domain is only provided to libspf2 if opendmarc_spf2_test fails to find an mfrom domain. This seems to be incorrect, and that it should always provide the HELO domain to libspf2 if available.
Without the HELO domain, libspf2 can't create the proper DNS record for this sort of macro, which means opendmarc can't be used to receive mail from anyone using this service.
related to #176 (probably)
(Note: I'm not affiliated with valimail in any way, we're not even a customer)
The text was updated successfully, but these errors were encountered: