Logout

Alt-N Discussion Groups > Discussions > dmarc rejected email problem

[F] Alt-N Discussion Groups / Discussions /

dmarc rejected email problem

[Comandi, Marco]
Marco Comandi
Newbie
Newbie
Posts: 6
Marco Comandi - 06:06am, Mar 11 2019

Hi all

I have a problem with a sender failing DMARC auth. It's failing because DMARC cannot validate neither SPF nor DKIM.
But the sender domain does actually have a SPF record. The sender is gest.si-cloud.it (for whom there's no SPF) on behalf of wildix.com (here I have the SPF).

I will post the transcript of the SMTP session:
thanks

Mon 2019-03-11 09:45:43.824: 02: (-- EHLO gest.si-cloud.it
//
Mon 2019-03-11 09:45:43.875: 02: (-- MAIL FROM:(---@wildix.com) SIZE=684
//
Mon 2019-03-11 09:45:43.938: 05: Performing IP lookup (wildix.com)
Mon 2019-03-11 09:45:43.963: 05: * D=wildix.com TTL=(9) A=[34.247.0.122]
Mon 2019-03-11 09:45:44.272: 05: * P=001 S=000 D=wildix.com TTL=(8) MX=[aspmx.l.google.com] {173.194.76.26}
Mon 2019-03-11 09:45:44.272: 05: * P=005 S=003 D=wildix.com TTL=(8) MX=[alt1.aspmx.l.google.com] {74.125.131.26}
Mon 2019-03-11 09:45:44.272: 05: * P=005 S=004 D=wildix.com TTL=(8) MX=[alt2.aspmx.l.google.com] {74.125.68.26}
Mon 2019-03-11 09:45:44.272: 05: * P=010 S=001 D=wildix.com TTL=(8) MX=[alt3.aspmx.l.google.com] {64.233.188.26}
Mon 2019-03-11 09:45:44.272: 05: * P=010 S=002 D=wildix.com TTL=(8) MX=[alt4.aspmx.l.google.com] {74.125.195.26}
Mon 2019-03-11 09:45:44.272: 05: ---- End IP lookup results
Mon 2019-03-11 09:45:44.286: 09: Performing SPF lookup (gest.si-cloud.it / 185.60.140.23)
Mon 2019-03-11 09:45:44.321: 09: * Result: none, no SPF record in DNS
Mon 2019-03-11 09:45:44.321: 09: ---- End SPF results

Here it's performing SPF check against wildix.com, it should return a valid list of domains and includes, I tested it myself on mxtoolbox.
----
Mon 2019-03-11 09:45:44.324: 09: Performing SPF lookup (wildix.com / 185.60.140.23)
Mon 2019-03-11 09:45:44.368: 09: * Result: none, no SPF record in DNS -----------Wrong, there is a SPF record tor this domain!
----

Mon 2019-03-11 09:45:44.368: 09: ---- End SPF results
Mon 2019-03-11 09:45:44.368: 03: --) 250 2.1.0 Sender OK
//
Mon 2019-03-11 09:45:44.891: 10: Performing DKIM lookup
//
Mon 2019-03-11 09:45:44.892: 10: * Result: neutral
//
Mon 2019-03-11 09:45:44.897: 19: * Message-ID: (18e5c42d49de478@---)
Mon 2019-03-11 09:45:44.897: 19: * Author domain: wildix.com
Mon 2019-03-11 09:45:44.897: 19: * Organizational domain: wildix.com
Mon 2019-03-11 09:45:44.897: 19: * Query domain: _dmarc.wildix.com
Mon 2019-03-11 09:45:44.942: 19: * Policy record: v=DMARC1, p=reject, sp=none, rua=mailto:monitoring@wildix.com, ruf=mailto:monitoring@wildix.com, fo=1,
Mon 2019-03-11 09:45:44.950: 19: * Checking authentication mechanisms for DMARC alignment
Mon 2019-03-11 09:45:44.950: 19: * SPF: no SPF policy found
Mon 2019-03-11 09:45:44.950: 19: * DKIM: no DKIM signatures found
Mon 2019-03-11 09:45:44.951: 19: * Action taken: reject
Mon 2019-03-11 09:45:44.951: 19: * Result: fail
Mon 2019-03-11 09:45:44.951: 19: ---- End DMARC results

  (older msg: 6)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron.Caruth@mdaemon.com - Mar 22, 2019 12:24 pm (#7 Total: 7)  

Guest User  

Photo of Author
Posts: 1
Here is what I think is happening...

Typically, DNS responses are received via UDP are limited to 512 bytes. There is an extension to DNS that can be used to switch to using TCP when this happens. Unfortunately MDaemon does not support making this switch yet. As a work around you should be able to configure your firewalls, routers, or anything else that might be limiting UDP packet sizes and it should work. I checked with our network administration and he has allowed larger udp packets on our network, which is why it worked here.

Updating MDaemon to switch to TCP in these cases is on our wish list.

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: arron.caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

-----Original Message-----
From: discuss@mdaemon.com [mailto:discuss@mdaemon.com] On Behalf Of Rob Deal (rob@orion.com.au)
Sent: Thursday, March 21, 2019 12:51 AM
To: discuss List Member <discuss@mdaemon.com>
Subject: [discuss] dmarc rejected email problem

We have seen that same issues here with officeworks.com.au with a client's MDaemon.

Our MDaemon doesn’t have the issue, we have tried both internal windows DNS and external DNS servers which produce the same error.

Wed 2019-03-20 16:13:14.677: Session 821498; child 0003 Wed 2019-03-20 16:13:14.677: Accepting SMTP connection from 13.55.52.35:52684 to 10.0.0.1:25 Wed 2019-03-20 16:13:14.695: --> 220 mail.wastech.com.au ESMTP MDaemon 18.5.3; Wed, 20 Mar 2019 16:13:14 +1100 Wed 2019-03-20 16:13:14.709: <-- EHLO mg-aaus-iota.mailguard.com.au Wed 2019-03-20 16:13:14.710: Performing IP lookup (mg-aaus-iota.mailguard.com.au) Wed 2019-03-20 16:13:14.715: * D=mg-aaus-iota.mailguard.com.au TTL=(43) A=[13.55.52.35] Wed 2019-03-20 16:13:14.715: ---- End IP lookup results Wed 2019-03-20 16:13:14.716: EHLO/HELO response delayed 5 seconds Wed 2019-03-20 16:13:19.717: --> 250-mail.wastech.com.au Hello mg-aaus-iota.mailguard.com.au [13.55.52.35], pleased to meet you Wed 2019-03-20 16:13:19.717: --> 250-ETRN Wed 2019-03-20 16:13:19.717: --> 250-AUTH LOGIN PLAIN Wed 2019-03-20 16:13:19.717: --> 250-8BITMIME Wed 2019-03-20 16:13:19.717: --> 250-ENHANCEDSTATUSCODES Wed 2019-03-20 16:13:19.717: --> 250-STARTTLS Wed 2019-03-20 16:13:19.717: --> 250 SIZE Wed 2019-03-20 16:13:19.731: <-- STARTTLS Wed 2019-03-20 16:13:19.732: --> 220 2.7.0 Ready to start TLS Wed 2019-03-20 16:13:20.773: SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption) Wed 2019-03-20 16:13:20.793: <-- EHLO mg-aaus-iota.mailguard.com.au Wed 2019-03-20 16:13:20.793: Performing IP lookup (mg-aaus-iota.mailguard.com.au) Wed 2019-03-20 16:13:20.798: * D=mg-aaus-iota.mailguard.com.au TTL=(43) A=[13.55.52.35] Wed 2019-03-20 16:13:20.798: ---- End IP lookup results Wed 2019-03-20 16:13:20.798: --> 250-mail.wastech.com.au Hello mg-aaus-iota.mailguard.com.au [13.55.52.35], pleased to meet you Wed 2019-03-20 16:13:20.798: --> 250-ETRN Wed 2019-03-20 16:13:20.798: --> 250-AUTH LOGIN PLAIN Wed 2019-03-20 16:13:20.798: --> 250-8BITMIME Wed 2019-03-20 16:13:20.798: --> 250-ENHANCEDSTATUSCODES Wed 2019-03-20 16:13:20.798: --> 250 SIZE Wed 2019-03-20 16:13:20.812: <-- MAIL FROM:<officeworksaccountsp@officeworks.com.au> SIZE=18658 Wed 2019-03-20 16:13:20.812: Performing PTR lookup (35.52.55.13.IN-ADDR.ARPA) Wed 2019-03-20 16:13:20.841: * D=35.52.55.13.IN-ADDR.ARPA TTL=(5) PTR=[mg-aaus-iota.mailguard.com.au]
Wed 2019-03-20 16:13:20.846: * D=mg-aaus-iota.mailguard.com.au TTL=(43) A=[13.55.52.35] Wed 2019-03-20 16:13:20.846: ---- End PTR results Wed 2019-03-20 16:13:20.846: Performing IP lookup (officeworks.com.au) Wed 2019-03-20 16:13:20.851: * D=officeworks.com.au TTL=(0) A=[3.104.26.194] Wed 2019-03-20 16:13:20.851: * D=officeworks.com.au TTL=(0) A=[13.211.65.153] Wed 2019-03-20 16:13:20.855: * P=010 S=000 D=officeworks.com.au TTL=(19) MX=[filter1.office-4.mailguard.com.au]
Wed 2019-03-20 16:13:20.855: * P=020 S=001 D=officeworks.com.au TTL=(19) MX=[filter2.office-4.mailguard.com.au]
Wed 2019-03-20 16:13:20.855: * P=030 S=002 D=officeworks.com.au TTL=(19) MX=[filter3.office-4.mailguard.com.au]
Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[13.55.209.247] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[13.210.103.163] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[13.210.175.152] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[13.210.188.175] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[34.193.97.194] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[34.210.162.117] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[34.215.223.119] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[34.237.181.146] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[54.79.41.83] Wed 2019-03-20 16:13:21.224: * D=filter1.office-4.mailguard.com.au TTL=(0) A=[13.54.220.210] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.210.162.117] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.215.136.158] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.215.211.69] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.215.223.119] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.237.162.207] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.237.180.102] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.237.181.146] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[54.79.41.83] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.54.220.210] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.55.52.35] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.55.209.247] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.103.163] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.137.250] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.145.47] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.160.215] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.175.152] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[13.210.188.175] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.202.243.228] Wed 2019-03-20 16:13:21.594: * D=filter2.office-4.mailguard.com.au TTL=(0) A=[34.208.153.28] Wed 2019-03-20 16:13:21.595: ---- End IP lookup results Wed 2019-03-20 16:13:21.595: Performing SPF lookup (mg-aaus-iota.mailguard.com.au / 13.55.52.35) Wed 2019-03-20 16:13:22.170: * Result: none; no SPF record in DNS Wed 2019-03-20 16:13:22.170: ---- End SPF results Wed 2019-03-20 16:13:22.170: Performing SPF lookup (officeworks.com.au / 13.55.52.35) Wed 2019-03-20 16:13:22.305: * Result: none; no SPF record in DNS Wed 2019-03-20 16:13:22.305: ---- End SPF results Wed 2019-03-20 16:13:22.305: --> 250 2.1.0 Sender OK Wed 2019-03-20 16:13:22.320: <-- RCPT TO:<accounts@wastech.com.au> Wed 2019-03-20 16:13:22.339: Performing DNS-BL lookup (13.55.52.35 - connecting IP) Wed 2019-03-20 16:13:22.828: * bl.spamcop.net - passed Wed 2019-03-20 16:13:22.859: * zen.spamhaus.org - passed Wed 2019-03-20 16:13:22.860: ---- End DNS-BL results Wed 2019-03-20 16:13:22.860: --> 250 2.1.5 Recipient OK Wed 2019-03-20 16:13:22.874: <-- DATA Wed 2019-03-20 16:13:22.876: Creating temp file (SMTP): d:\mdaemon\temp\65\md50000000100.tmp
Wed 2019-03-20 16:13:22.876: --> 354 Enter mail, end with <CRLF>.<CRLF> Wed 2019-03-20 16:13:22.913: Message size: 18658 bytes Wed 2019-03-20 16:13:22.914: Performing DKIM lookup Wed 2019-03-20 16:13:22.914: * File: d:\mdaemon\temp\65\md50000000100.tmp
Wed 2019-03-20 16:13:22.914: * Message-ID: <ADR44000001307440011B2B5AB935E031ED992D9DB76EDC942DC@officeworks.com.au>
Wed 2019-03-20 16:13:22.934: * DKIM-Signature 1: v=1; a=rsa-sha256; d=officeworks.com.au; s=mail1; c=relaxed/relaxed; t=1553058792; <some tags are not logged>
Wed 2019-03-20 16:13:22.934: * Verification result: DKIM_BODY_HASH_MISMATCH
Wed 2019-03-20 16:13:22.934: * Result: neutral Wed 2019-03-20 16:13:22.934: ---- End DKIM results Wed 2019-03-20 16:13:22.940: Performing DMARC processing Wed 2019-03-20 16:13:22.940: * File: d:\mdaemon\temp\65\md50000000100.tmp
Wed 2019-03-20 16:13:22.940: * Message-ID: <ADR44000001307440011B2B5AB935E031ED992D9DB76EDC942DC@officeworks.com.au>
Wed 2019-03-20 16:13:22.940: * Author domain: officeworks.com.au Wed 2019-03-20 16:13:22.940: * Organizational domain: officeworks.com.au Wed 2019-03-20 16:13:22.940: * Query domain: _dmarc.officeworks.com.au
Wed 2019-03-20 16:13:22.947: * Policy record: v=DMARC1; p=reject; pct=100; rua=mailto:jpzsm3la@ag.dmarcian-ap.com; ruf=mailto:jpzsm3la@fr.dmarcian-ap.com;
Wed 2019-03-20 16:13:22.952: * Verifying report recipient: jpzsm3la@ag.dmarcian-ap.com Wed 2019-03-20 16:13:22.953: * Query domain: officeworks.com.au._report._dmarc.ag.dmarcian-ap.com
Wed 2019-03-20 16:13:23.551: * Policy record: v=DMARC1;
Wed 2019-03-20 16:13:23.551: * Recipient jpzsm3la@ag.dmarcian-ap.com is verified
Wed 2019-03-20 16:13:23.556: * Verifying report recipient: jpzsm3la@fr.dmarcian-ap.com Wed 2019-03-20 16:13:23.556: * Query domain: officeworks.com.au._report._dmarc.fr.dmarcian-ap.com
Wed 2019-03-20 16:13:23.929: * Policy record: v=DMARC1;
Wed 2019-03-20 16:13:23.929: * Recipient jpzsm3la@fr.dmarcian-ap.com is verified
Wed 2019-03-20 16:13:23.929: * Checking authentication mechanisms for DMARC alignment
Wed 2019-03-20 16:13:23.929: * SPF: no SPF policy found
Wed 2019-03-20 16:13:23.930: * DKIM: domain "officeworks.com.au" (from d= of signature #1) failed verification
Wed 2019-03-20 16:13:23.930: * Action taken: reject Wed 2019-03-20 16:13:23.930: * Result: fail Wed 2019-03-20 16:13:23.930: ---- End DMARC results Wed 2019-03-20 16:13:23.932: --> 550 5.7.0 Message rejected per DMARC policy for officeworks.com.au Wed 2019-03-20 16:13:23.935: SMTP session terminated (Bytes in/out: 20054/4617) Wed 2019-03-20 16:13:23.935: ----------


Regards,

Rob Deal
Technical Director
Orion Computers Pty Ltd
Ph: 03 9645 2224
Fax: 03 9645-1112
Mob: 0417 316 117

This email is powered by the MDaemon Messaging Server

-----Original Message-----
From: discuss@mdaemon.com <discuss@mdaemon.com> On Behalf Of Dave Warren
Sent: Thursday, 21 March 2019 12:31 PM
To: discuss List Member <discuss@mdaemon.com>
Subject: [discuss] dmarc rejected email problem

I suspect the problem is due to the fact that the SPF record is invalid.

https://tools.wordtothewise.com/spf/check/wildix.com can help you understand and adjust your record.


--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N products. To unsubscribe from this mailing list send an email to discuss-unsubscribe@mdaemon.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user support and discussion. MDaemon staff members may participate in the forums periodically but please recognize that this is not the official method of receiving technical support. To receive personal technical support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
-----------------------------------------------------------------------




--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N products. To unsubscribe from this mailing list send an email to discuss-unsubscribe@mdaemon.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user support and discussion. MDaemon staff members may participate in the forums periodically but please recognize that this is not the official method of receiving technical support. To receive personal technical support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
-----------------------------------------------------------------------

--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products. To unsubscribe from this mailing list send an email to
discuss-unsubscribe@mdaemon.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion. MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
-----------------------------------------------------------------------






  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


 Content:

Read New | Search

 Guest:

Email to Admin

You are visiting as a Guest user.