I have sent a test message to check-auth@verifier.port25.com in order to validate my DMARC setup.
What puzzles me is that in the report receibed i see
DKIM check: pass
but also
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
in the checks performed by SpamAssassin.
Could be an issue on SpamAssassin at the receiver side, but how can I be sure?
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: ***.com
Source IP: ***
mail-from: ***.com
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mailfrom= ***.com
RE5TIHJlY29yZChzKToKICAgIGNoZW1jaGFydGVyLmNvbS4gU1BGIChubyByZWNvcmRzKQ ogICAgY2hlbWNoYXJ0ZXIuY29tLiA5MDAgSU4gVFhUICJ2PXNwZjEgbXggYSAtYWxsIgogICAgY2h lbWNoYXJ0ZXIuY29tLiA5MDAgSU4gTVggMTAgd2ludGVybXV0ZS5jaGVtY2hhcnRlci5jb20uCiAg ICBjaGVtY2hhcnRlci5jb20uIDkwMCBJTiBNWCAyMCBteDEuZXUubWFpbGhvcC5vcmcuCiAgICB3a W50ZXJtdXRlLmNoZW1jaGFydGVyLmNvbS4gOTAwIElOIEEgODAuMTUyLjE0MC4yMjMK
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From= ***.com
RE5TIHJlY29yZChzKToK
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: ***.com)
ID(s) verified: header.d= ***.com
Q2Fub25pY2FsaXplZCBIZWFkZXJzOgogICAgdG86Y2hlY2stYXV0aEB2ZXJpZmllci5wb3 J0MjUuY29tJzBEJycwQScKICAgIGZyb206TWF1cm8nMjAnRGUnMjAnQ2Fyb2xpcycyMCc8TWF1cm8 uRGVfQ2Fyb2xpc0BjaGVtY2hhcnRlci5jb20+JzBEJycwQScKICAgIHN1YmplY3Q6cHJvdmEnMEQn JzBBJwogICAgbWVzc2FnZS1pZDo8Y2ZhMzg5OTEtZTZmYy1kYjk3LWU2OTctMWYyMTY2MWFiOTZkQ GNoZW1jaGFydGVyLmNvbT4nMEQnJzBBJwogICAgZGF0ZTpNb24sJzIwJzUnMjAnSnVuJzIwJzIwMT cnMjAnMTE6MjY6NDknMjAnKzAyMDAnMEQnJzBBJwogICAgbWltZS12ZXJzaW9uOjEuMCcwRCcnMEE nCiAgICBjb250ZW50LXR5cGU6dGV4dC9wbGFpbjsnMjAnY2hhcnNldD11dGYtODsnMjAnZm9ybWF0 PWZsb3dlZCcwRCcnMEEnCiAgICBjb250ZW50LXRyYW5zZmVyLWVuY29kaW5nOjdiaXQnMEQnJzBBJ wogICAgZGtpbS1zaWduYXR1cmU6dj0xOycyMCdhPXJzYS1zaGEyNTY7JzIwJ2M9cmVsYXhlZDsnMj AnZD1jaGVtY2hhcnRlci5jb207JzIwJ2g9dG86ZnJvbTpzdWJqZWN0Om1lc3NhZ2UtaWQ6ZGF0ZTp taW1lLXZlcnNpb246Y29udGVudC10eXBlOmNvbnRlbnQtdHJhbnNmZXItZW5jb2Rpbmc7JzIwJ3M9 ZGVmYXVsdDsnMjAnYmg9bzVUUGR1WjJvTENUM1lqeEhCQ0dZbDZjaEM0anFTa0JBblo1eWVGTHJsV T07JzIwJ2I9CgpDYW5vbmljYWxpemVkIEJvZHk6CiAgICAnMEQnJzBBJwogICAgLS0nMjAnJzBEJy cwQScKICAgICcwRCcnMEEnCiAgICAnMjAnJzIwJycyMCcnMjAnJzIwJycyMCdNYXVybycyMCdEZSc yMCdDYXJvbGlzJzBEJycwQScKICAgICcyMCcnMjAnJzIwJycyMCcnMjAnJzIwJ0NoZW1DaGFydGVy JzIwJ0dtYkgnMEQnJzBBJwogICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLScwRCcnMEEnC iAgICB3ZWI6JzIwJycyMCcnMjAnd3d3LmNoZW1jaGFydGVyLmNvbScwRCcnMEEnCiAgICBwaDonMj AnJzIwJycyMCcnMjAnKzQ5JzIwJygwKTQwJzIwJzM4MDgnMjAnOTY1JzIwJzExJzBEJycwQScKICA gIG1vYjonMjAnJzIwJycyMCcrNDknMjAnKDApMTUxJzIwJzE3MjUnMjAnNDAwMycwRCcnMEEnCiAg ICBJQ0U6JzIwJycyMCcnMjAnbWRlY2Fyb2xpcycwRCcnMEEnCiAgICAKCkROUyByZWNvcmQocyk6C iAgICBkZWZhdWx0Ll9kb21haW5rZXkuY2hlbWNoYXJ0ZXIuY29tLiA5MDAgSU4gVFhUICJ2PURLSU 0xO3A9TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFtMUxlRnNDZmR Gd2hnUFRhaXZYSGVUcVlMNlkrUnladU0ySGRCZEVXQ2VIWHFWQWFvbW10WVFFODNCdXNhdHpQaGJz UFJ6eU82Z1BZcEIzcXYycGdBTHhEMXhhYnplSGtNZ3JiYTZTMzByLzBPYTJvcDZmWnBPSUZ2NnZob lN2Umxtcjk4TzFqMUV1M2E5MTZXQkdJakpZc09TUk9ERjZpRlRicjZMNjd1SW1KcmhEcUZnSU85dn c0eC9lK0tpVnpVdkg4YkpYb0k5N3JtdkIrYXNMM0F6VzhuazRDZFcyVUpVVVFXUDFaTWFuOE51eHo rVGcxVklhM3AyaEVUd3RtN2RQYksyWmM2OVJjYWJyUlhiZHk0NWJYdjFnMTRucVFrdk1OR2hQMDhY bzkxV0lWOEhvMTMvZGJMUnBtMEwwQlRnVWd2RW1LK3hraENkM0o5bXd1dHdJREFRQUIiCgpQdWJsa WMga2V5IHVzZWQgZm9yIHZlcmlmaWNhdGlvbjogZGVmYXVsdC5fZG9tYWlua2V5LmNoZW1jaGFydG VyLmNvbSAoMjA0OCBiaXRzKQo=
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)
Result: ham (-1.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: ***.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: < ***com>
Received: from ***.com ( ***) by verifier.port25.com id h6khtq2bkd05 for <check-auth@verifier.port25.com>; Mon, 5 Jun 2017 05:26:53 -0400 (envelope-from < ***.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom= ***.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From= ***.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: ***.com) header.d= ***.com
Received: (qmail 26803 invoked by uid 453); 5 Jun 2017 09:26:50 -0000
X-Virus-Checked: by ClamAV 0.99.2 on ***.com
X-Virus-Found: No
Authentication-Results: ***.com; auth=pass (plain) smtp.auth=zzzzzz
Received: from pc-00020. ***.com (HELO [192.168.246.20]) (192.168.246.20)
by ***.com (qpsmtpd/0.96) with ESMTPSA (ECDHE-RSA-AES256-GCM-SHA384 encrypted); Mon, 05 Jun 2017 11:26:50 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d= ***.com; h=to:from:subject:message-id:date:mime-version:content-type:content-transfer-encoding; s=default; bh=o5TPduZ2oLCT3YjxHBCGYl6chC4jqSkBAnZ5yeFLrlU=; b=NwW+WCqI36DK88IubMywdSeYEM96lQrSsnbgxL3uVhYNQr1Eo1P9hBpiCkc2fjjoMM9N3kqyWRYItgo3DKZMlGKcCbF87YxdPAG0XNc4Jw1cca2tzziKgTE6CQ8oMPKw5QiW/yaUdFG0RlwlK4IN2sk+dxsVQsbri5mqURxttkFWKPiXmgiS/M3fONfMvDMHaRS8INBSbsBUDwFlfi4pbq9M+T3ekjf+XlNNRGfcUlHRL5EixJcr8KQqWKgELsuTRuzv64PpaMcgxqmbi/X/byP/LkxWO/lqsXD/wkDUDzFUvOyiodLaeaxmHCINIJ4Pbj2mJAc7514ZRh9vF/0d4Q==
To: check-auth@verifier.port25.com
From: Mauro De Carolis <***.com>
Subject: prova
Message-ID: <cfa38991-e6fc-db97-e697-1f21661ab96d@ ***.com>
Date: Mon, 5 Jun 2017 11:26:49 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
EDIT 9.6.17: obfuscated email address and server details