5.7.1 rejected by DMARC policy
Sep 16 14:04:03 mail postfix/cleanup[4617]: 40BCF3C156A: milter-reject: END-OF-MESSAGE from mail-eopbgr820051.outbound.protection.outlook.com[40.107.82.51]: 5.7.1 rejected by DMARC policy for clientemail.com; from=<user@clientemail.com> to=<myemail@mydomain.com> proto=ESMTP helo=<NAM01-SN1-obe.outbound.protection.outlook.com>
quick question any one else this error before not sure if its the modification i did on proxmox or itself? I have only one email that does not come in which im getting this error but i checked the client email and they do have dmarc
Code:5.7.1 rejected by DMARC policy
Sep 16 14:04:03 mail postfix/cleanup[4617]: 40BCF3C156A: milter-reject: END-OF-MESSAGE from mail-eopbgr820051.outbound.protection.outlook.com[40.107.82.51]: 5.7.1 rejected by DMARC policy for clientemail.com; from=<user@clientemail.com> to=<myemail@mydomain.com> proto=ESMTP helo=<NAM01-SN1-obe.outbound.protection.outlook.com>
just to be sure - check for a running process matching dmarc (e.g. opendmarc is a popular milter for dmarc) :I did put the dkim to go outbound but not sure why its affecting in the inbound?
ps auxwf |grep -i dmarc
thanks for the reply, so how would i disable temporary this issue? First time this is happening. I did put the dkim to go outbound but not sure why its affecting in the inbound?
Thank you
dig +short txt _dmarc.dian.gov.co
"v=DMARC1; p=reject; rua=mailto:seguridadinfo@dian.gov.co"
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;dian.gov.co. IN MX
;; ANSWER SECTION:
dian.gov.co. 71312 IN MX 10 mailgw.dian.gov.co.
;; ADDITIONAL SECTION:
mailgw.dian.gov.co. 71312 IN A 190.144.206.25
: disconnect from mail-eopbgr690079.outbound.protection.outlook.com[40.107.69.79] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7
Thanks for the reply finally figured it out after lots of reading so this is what happened. so if anyone else has this issue ONLY if they have openDMARC on PMG (which does not come by default i installed it with openDKIM to send outbound emails though PMG)
The client had a dmarc (its a goverment domain i know so sad)
Code:dig +short txt _dmarc.dian.gov.co "v=DMARC1; p=reject; rua=mailto:seguridadinfo@dian.gov.co"
so they had the p=reject meaning that if someone tries to send email which does not come from their IP and if someone else has DMARC it will reject it, here is the worst part their MX record
Code:;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;dian.gov.co. IN MX ;; ANSWER SECTION: dian.gov.co. 71312 IN MX 10 mailgw.dian.gov.co. ;; ADDITIONAL SECTION: mailgw.dian.gov.co. 71312 IN A 190.144.206.25
and this is the best part they have their email sending though exchange
Code:: disconnect from mail-eopbgr690079.outbound.protection.outlook.com[40.107.69.79] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7
i told them something is wrong and they said that this has never happened to them, the only way i fixed this is on
nano /etc/opendmarc.conf
removed
RejectFailures true
Hope this helps someone else
and reboot
Very correct so sad people dont use the correct settings which makes people who want to use it cannot. So far the first case i have ever seen this before, usually people may have the wrong dmarc but they have p=none which does not have effect but the p=reject really killed it for them and having the wrong mx record too.
cd /tmp
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cp -r clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/
chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs
cp clamav-unofficial-sigs-master/config/* /etc/clamav-unofficial-sigs/
mkdir /var/log/clamav-unofficial-sigs
cd /etc/clamav-unofficial-sigs
cat /etc/*release*
mv os.debian9.conf os.conf
/usr/local/sbin/clamav-unofficial-sigs.sh: line 2828: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db: No such file or directory
LibClamAV Error: cl_load(): No such file or directory: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db
ERROR: Can't get file status
/usr/local/sbin/clamav-unofficial-sigs.sh: line 2835: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db-tmp: No such file or directory
mv: cannot stat '/var/lib/clamav-unofficial-sigs/test/malwarepatrol.db-tmp': No such file or directory
cp clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/
hi guys...does this work on pmg 6.0 too?
Didn’t test it yet. As I would like to improve documentation as well as cleaning up my system instead of upgrading, I will test in the next days.
Not sure if anyone else has had this issue before on the version of pmg 5.2.1 with clamav-unofficial-sigs
These were the steps i took
Code:cd /tmp wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip unzip master.zip cp -r clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/ chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh mkdir /etc/clamav-unofficial-sigs cp clamav-unofficial-sigs-master/config/* /etc/clamav-unofficial-sigs/ mkdir /var/log/clamav-unofficial-sigs cd /etc/clamav-unofficial-sigs cat /etc/*release* mv os.debian9.conf os.conf
but im getting email alert of this error
Code:/usr/local/sbin/clamav-unofficial-sigs.sh: line 2828: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db: No such file or directory LibClamAV Error: cl_load(): No such file or directory: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db ERROR: Can't get file status /usr/local/sbin/clamav-unofficial-sigs.sh: line 2835: /var/lib/clamav-unofficial-sigs/test/malwarepatrol.db-tmp: No such file or directory mv: cannot stat '/var/lib/clamav-unofficial-sigs/test/malwarepatrol.db-tmp': No such file or directory
the only error when running the commands above is the last part the mv osdebian9
and on the tutorial it says
but it seems that it needed to add a cp -r not sure what could be the issueCode:cp clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/
Thank you again
I updated our Cluster yesterday. It works like a charm with the help of the update documentation. First Master and then Slave.
About DMARC:
We also do not check DMARC on our Mailserver. But I configure this for our domains to get reports about SPF/DKIM failures.
But we check and apply hard SPF rejects. Because the sender configure it in this way. Currently I only had 2 cases, where a hard reject result within a wrong reject. But this was human mistake and was fixed within minutes after mail to postmaster.
Most admins configure the ~all catch all, which only result in a bad spam rating.
We inform our clients about that, so they can decide to use another mailprovider. Most major mailinglists are listed in Whitelists and do anything against spam ratings. So this isn't a problem in combination with some major DNSBL.
When you need help/time, I can invest some time. Probably @DerDanilo can help us with a Ansible. I just started to understand this deployment way, because it looks powerfull. So we can give something more then money to improve Proxmox Mail Gateway and hopefully get a Mail Archive some day. ^^