IETF Logo Mail Archive

Re: [dmarc-ietf] Why does DKIM fail when SPF succeeds (was: DMARC2 & SPF Dependency Removal)

"Murray S. Kucherawy" <superuser@gmail.com> Sun, 23 July 2023 22:10 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACB4DC14CF1A for <dmarc@ietfa.amsl.com>; Sun, 23 Jul 2023 15:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZKHIVIGBGO4 for <dmarc@ietfa.amsl.com>; Sun, 23 Jul 2023 15:10:35 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38A19C14CE39 for <dmarc@ietf.org>; Sun, 23 Jul 2023 15:10:35 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-94ea38c90ccso117104466b.1 for <dmarc@ietf.org>; Sun, 23 Jul 2023 15:10:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690150233; x=1690755033; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/9+yx1VCLH1hq2DKp90FmWHCMdkIgyfs1bm4nYYs3MA=; b=NpRVC7GQdOD6zlbbrYOcLlWRuPIbXFSODtgoVdDDbzQj2RM4IvN9PRioaeR6XNsF6U P02uoEafkZj6LFoOIivNy/4O5XlwdaPVddnoKZ0utGZSE+913kdpViLSKCgVlEIjlvMI VEYTJTwmOPNjDXiZ9x7GEtgzWKeQfCuBsqKdZdq3ZllEzKABJagGX6U7RPzPr69aPTuw SH4UxZXvehbGkTbpvd19rhZnxdFCRBpbqOpzHvyaHXFKCEMab6/vaRz2BWt1giNecoR2 +sRBMK+X/38lzfwmNOXdHAX/+w8c08RJnsNeGXjBPGLCvWpYFDXJ0BHBFsRZWersajcu 3O2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690150233; x=1690755033; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/9+yx1VCLH1hq2DKp90FmWHCMdkIgyfs1bm4nYYs3MA=; b=MMJBz1GvtUXRYTD+nuWI2jVHuxa3JgqM7LME3FCTkOn/RmgKopWZwx3aAhW6S8rPVe 9QlLKsC61ZhrjfGtJ+T1+SA4+xmfY07yyQXifi/DhVGcBoSY3J7jd8QWkb/wm+XSwsSZ fwFEU6oWLQanY6u/yagoZKeDQaXGRdbXMaL+MumR6RvyazshKZO95iLFKBC1F1faWNVY swK9lzmRZcijlu23KIktz1zq5Oi1tH6q6fGKOh6ktegNoyc5tMHtdJqyELIt86dc80LI a7ZXol/yujpAZJpKHN+m8JwNou3zvGHvy2nEEQ6CjJwUw37ppq1BnWsstmfXX27AyCA0 giJA==
X-Gm-Message-State: ABy/qLY3RUUjZjJXSuMoE/+izP7khT7mIi6kcVORSJpWo2TGx/xarV8H kSii09RBvrcJ2ck5EqKmmNHSrnB2USel9Jk78IbWo0szoJg=
X-Google-Smtp-Source: APBJJlEFAM5a1q0Z4LVTat+H8tgsRJpBVYDivkWvQ8VUyWTbKCjBVsEjO0avCUF4swUESu9MSr6hD8BgdNCIRGJwmbk=
X-Received: by 2002:a17:906:778f:b0:994:539d:f98b with SMTP id s15-20020a170906778f00b00994539df98bmr7289033ejm.6.1690150233429; Sun, 23 Jul 2023 15:10:33 -0700 (PDT)
MIME-Version: 1.0
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <dd0661c0-e476-62b4-fe7a-8ec4d1a62818@wander.science>
In-Reply-To: <dd0661c0-e476-62b4-fe7a-8ec4d1a62818@wander.science>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sun, 23 Jul 2023 15:10:21 -0700
Message-ID: <CAL0qLwYh1fTY9b5rWz+p8=+zO3YNivFUZs3o3bvNvxT1aU3aRQ@mail.gmail.com>
To: Matthäus Wander <mail=40wander.science@dmarc.ietf.org>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000047d86a06012ec461"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tYtaFlBMt7IEJfVTPrgZICWhrnc>
Subject: Re: [dmarc-ietf] Why does DKIM fail when SPF succeeds (was: DMARC2 & SPF Dependency Removal)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2023 22:10:39 -0000

On Sun, Jul 23, 2023 at 1:06 PM Matthäus Wander <mail=
40wander.science@dmarc.ietf.org> wrote:

> b) Messages are generated by an automated system without a Date header
> and signed by a central MTA. An outgoing mail gateway then adds the
> missing Date header (Postfix option 'always_add_missing_headers'), thus
> invalidating the DKIM signature.
>

Why is the signer claiming to sign a header field ("Date", in this case)
that isn't there?  This seems like a bug.

-MSK

v2.23.0 | Report a Bug | By Email