DKIM/SPF failure with sender_bcc

M

michabbs

Active Member
May 5, 2020
138
20
38
I use postfix feature sender_bcc. Basically it means that all mails sent by a chosen user are automatically cc'd to someone else (to be archived, for supervision, etc...)

Problem: The auto-generated copies do not pass DKIM/SPF test and I have no idea why. I get such messages:
Code: 
Proxmox Notification:

Sender:   x
Receiver: x
Targets:  x

Subject: x


Matching Rule: Notify outgoing Spam

Rule: Notify outgoing Spam
  Receiver: x
  Action: notify __ADMIN__



Spam detection results:  3
ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
AWL                    -1.471 Adjusted score from AWL reputation of From: address
HTML_IMAGE_ONLY_24      1.282 HTML: images with 2000-2400 bytes of words
HTML_MESSAGE            0.001 Wiadomo¶æ zawiera kod HTML
HTML_SHORT_LINK_IMG_3   0.328 HTML is very short with a linked image
KAM_DMARC_REJECT            3 DKIM has Failed or SPF has failed on the message and the domain has a DMARC reject policy
KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_NUMSUBJECT            0.5 Subject ends in numbers excluding current years
TVD_FW_GRAPHIC_NAME_LONG  0.648 Long image attachment name

The original mails are delivered correctly and pass validation at target. Problem is only with "my" carbon copies.
Any ideas?

I suppose maybe copies have some headers changed, so effectively validation does wrong, but... I do not see any difference in headers. :-(
 
michabbs said:
I use postfix feature sender_bcc
Click to expand...
Have not looked into sender_bcc - but on a hunch - could it be that postfix sends the bcc directly - and that the mails do not pass through pmg-smtp-filter (I assume here that the issue is with outbound mails and that PMG is doing the DKIM signing)?

Possible fixes:
* use a BCC action object (these mails should get signed)

if this does not work - please:
* show the changes to the postfix config
* explain how the mails get send
* share the logs of such a mail, which does not pass validation

I hope this helps!
 
I completely missed BCC action! Thank you!

...but no success. :-(
* I removed my extra postfix config.
* I created rule with From condition and BCC action.
* Nothing changed: the original mail is delivered correctly to its recipient and pass verification without problems. The BBC copy triggers "Notify outgoing Spam" rule:

Code: 
Proxmox Notification:

Sender:   *
Receiver: *
Targets:  *

Subject: *


Matching Rule: Notify outgoing Spam

Rule: SklepOut
  Receiver: *
  Action: send bcc to: * (original)
Rule: Notify outgoing Spam
  Receiver: *
  Action: *



Spam detection results:  4
ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
HTML_IMAGE_ONLY_24      1.282 HTML: images with 2000-2400 bytes of words
HTML_MESSAGE            0.001 Wiadomo¶æ zawiera kod HTML
HTML_SHORT_LINK_IMG_3   0.328 HTML is very short with a linked image
KAM_DMARC_REJECT            3 DKIM has Failed or SPF has failed on the message and the domain has a DMARC reject policy
KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_NUMSUBJECT            0.5 Subject ends in numbers excluding current years
TVD_FW_GRAPHIC_NAME_LONG  0.648 Long image attachment name

In order to minimize interference from another software - I sent mail directly from Thunderbird to port 26, so it should be considered "safe". Here is log:

Code: 
Nov 4 17:20:23 garibaldi postfix/smtpd[212564]: connect from unknown[192.168.2.250]
Nov 4 17:20:23 garibaldi postfix/smtpd[212564]: NOQUEUE: client=unknown[192.168.2.250]
Nov 4 17:20:24 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: new mail message-id=<4802549d-5ab8-2924-91f4-52afeb011c6b@*>#012
Nov 4 17:20:25 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: SA score=4/5 time=0.913 bayes=undefined autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),HTML_IMAGE_ONLY_24(1.282),HTML_MESSAGE(0.001),HTML_SHORT_LINK_IMG_3(0.328),KAM_DMARC_REJECT(3),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),TVD_FW_GRAPHIC_NAME_LONG(0.648)
Nov 4 17:20:25 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: notify <*> (rule: Notify outgoing Spam, 10D40265A3)
Nov 4 17:20:25 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: bcc to <*> (rule: SklepOut, 18EAD265A5)
Nov 4 17:20:25 garibaldi postfix/smtpd[212571]: connect from *[127.0.0.1]
Nov 4 17:20:25 garibaldi postfix/smtpd[212571]: 1F645265AA: client=*[127.0.0.1], orig_client=unknown[192.168.2.250]
Nov 4 17:20:25 garibaldi postfix/cleanup[212572]: 1F645265AA: message-id=<4802549d-5ab8-2924-91f4-52afeb011c6b@*>
Nov 4 17:20:25 garibaldi postfix/qmgr[207757]: 1F645265AA: from=<*>, size=9973, nrcpt=1 (queue active)
Nov 4 17:20:25 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: accept mail to <*@dkimvalidator.com> (1F645265AA) (rule: default-accept)
Nov 4 17:20:25 garibaldi postfix/smtpd[212571]: disconnect from *[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Nov 4 17:20:25 garibaldi pmg-smtp-filter[142936]: 1C66E618408480FFD6: processing time: 1.069 seconds (0.913, 0.046, 0)
Nov 4 17:20:25 garibaldi postfix/smtpd[212564]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (1C66E618408480FFD6); from=<*> to=<*@dkimvalidator.com> proto=ESMTP helo=<[192.168.2.250]>
Nov 4 17:20:25 garibaldi postfix/smtpd[212564]: disconnect from unknown[192.168.2.250] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 4 17:20:27 garibaldi postfix/smtp[212575]: 1F645265AA: to=<*@dkimvalidator.com>, relay=31045262.in1.mandrillapp.com[54.245.105.162]:25, delay=2.2, delays=0.01/0.05/1.6/0.61, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CB0DA20E20)
Nov 4 17:20:27 garibaldi postfix/qmgr[207757]: 1F645265AA: removed

The original message was delivered to dkimvalidator.com and passed:

Code: 
Message is NOT marked as spam
Points breakdown:
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.3 HTML_IMAGE_ONLY_24     BODY: HTML: images with 2000-2400 bytes of
                            words
 0.6 TVD_FW_GRAPHIC_NAME_LONG BODY: Long image attachment name
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                            author's domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.3 HTML_SHORT_LINK_IMG_3  HTML is very short with a linked image
 
You must log in or register to reply here.
Top Bottom