Re: [dmarc-ietf] ESC for Failed DMARC Validation

Alessandro Vesely <vesely@tana.it> Sat, 03 August 2019 16:27 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 618E21200EC for <dmarc@ietfa.amsl.com>; Sat, 3 Aug 2019 09:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3NwlS8pY6V92 for <dmarc@ietfa.amsl.com>; Sat, 3 Aug 2019 09:27:04 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDD01200E6 for <dmarc@ietf.org>; Sat, 3 Aug 2019 09:27:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1564849621; bh=3oAylQ7T+0L3bmZ0t1QJwWKj27xV8PJlGjW0xAB3beE=; l=982; h=To:References:From:Date:In-Reply-To; b=Avpvq8l+FIbyVLtwZ/d51y8sGr/DzUE3pgWnLszbIJpQt9Krf2kZznerCePKmCeQj XSZRdgTbp9eKe2h1Xk1tWwXdOaqEKtXa8mjEQWoYJOlfs0yN9igIGjfxo107x2Ls/S +TxvEurKg0X9B4q7gA+/mvk3bdsKIA6X1oJTfqcBZLRGb9tMaq90fETiBa9jS
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC02F.000000005D45B5D5.00000D01; Sat, 03 Aug 2019 18:27:01 +0200
To: dmarc@ietf.org
References: <c676b42745c2c8114ec26eb1f405c9eb2e68c364.camel@aegee.org> <22f0d022-57f7-8b8f-0d88-18d1c77e990e@tana.it> <505750d4fb9c03050508255594c55f4517da3e6d.camel@aegee.org> <CAL0qLwaDdfq6nkKubh2B=7PTZDt9E271z8tnq2bF-9KbwQQg3g@mail.gmail.com> <e2011ab9c66e9559caba22d7fd6d01bbd34345b7.camel@aegee.org> <CAL0qLwZ-gzfD3drxqRHzLChZagMvocUN_ijrMVg_H65AMpHPvA@mail.gmail.com> <9ffdbe9e-7720-0a39-876e-7bfbdd0b9366@sonnection.nl> <f5a7aa1ada8cc49150c31834569825f5433ed6f5.camel@aegee.org>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <e3530b4c-3374-a0f3-ede7-eaa6de32387c@tana.it>
Date: Sat, 3 Aug 2019 18:27:01 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <f5a7aa1ada8cc49150c31834569825f5433ed6f5.camel@aegee.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kiyBI3bqX7CQtOT5A1Aq_Dg8MZM>
Subject: Re: [dmarc-ietf] ESC for Failed DMARC Validation
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 16:27:06 -0000

Hi,

On Fri 02/Aug/2019 23:27:48 +0200 Дилян Палаузов wrote:
> 
> these are already now two ESC: 2.7.30 and 5.7.30.  X.7.30 means in both cases, that DMARC validation failed.
> 
> For a domain with policy p=reject; pct=0 the mail is delivered (250 2.7.30), despite failed DMARCр and for a domain with
> p=reject; pct=100 when DMARC failed and the mail is rejected (550 5.7.30).


A message can be rejected as soon as a reason to do so it is found.  That
principle uniquely defines the reject response.  The accept response cannot
collect what every filter thought about the message.  To act as you propose,
the DMARC filter should be granted the special privilege to set the text of the
response in any case.

On Courier-MTA there's no API to support that.  Do Postfix or Sendmail provide
one?  I doubt, since SMTP doesn't attach a special significance to the text of
the response, except for the 220, 221, 251, 421, and 551 reply codes.


Best
Ale
--