Please explain kam_dmarc_quarantine(1.5)
- Thread starter daolt
- Start date
the rule is quite well describen in KAM.cf (see [0] or /usr/share/spamassassin-extra/KAM.cf on your installation):
* is this an internal e-mail you sent out through PMG?
* Do you have a configured DMARC policy for the domain the mail is coming from?
In any case the problem is that DKIM_INVALID is hitting - thus making the DMARC-policy fail.
how large is the mail where this fails? - make sure to configure the Spam Detector 'Max Spam Size' to a value which is large enough ( GUI->Configuration->Spam Detector -> Options)
I hope this helps!
Code:
describe KAM_DMARC_QUARANTINE DKIM has Failed or SPF has failed on the message and the domain has a DMARC quarantine policy* is this an internal e-mail you sent out through PMG?
* Do you have a configured DMARC policy for the domain the mail is coming from?
In any case the problem is that DKIM_INVALID is hitting - thus making the DMARC-policy fail.
how large is the mail where this fails? - make sure to configure the Spam Detector 'Max Spam Size' to a value which is large enough ( GUI->Configuration->Spam Detector -> Options)
I hope this helps!
Hi Stoiko Ivanov
Thanks form replying
is this an internal e-mail you sent out through PMG? -> Yes, I config to send out through PMG
Do you have a configured DMARC policy for the domain the mail is coming from? -> Yes I do
On zimbra serrver I was remove DKIM, i do not use dkim on zimbra and dns dkim record
how large is the mail where this fails? -> Very small size
what must i do to fix it?
Best regards,
this explains the problem - you have a DMARC policy set, but when the mails arrive at PMG they violate it (because they are not yet DKIM signed):
* either sign them on the zimbra
* or just lower the score of the rule KAM_DMARC_QUARANTINE to 0 in the GUI (see 4.6.3 at https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector)
* or configure your internal DNS to not answer with the public DMARC policy for your domain
* either sign them on the zimbra
* or just lower the score of the rule KAM_DMARC_QUARANTINE to 0 in the GUI (see 4.6.3 at https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector)
* or configure your internal DNS to not answer with the public DMARC policy for your domain
Stoiko Ivanov
Thank you for replying
You mean set Hueristic Score = 0
I have just adjusted Score but It still does not work
Hi Stoiko Ivanov
I monitor on server mail to see that the email out of RCVD_IN_SORBS_WEB is very high, but there are other emails with low or no RCVD_IN_SORBS_WEB? What's happened with my server?
I monitor on server mail to see that the email out of RCVD_IN_SORBS_WEB is very high, but there are other emails with low or no RCVD_IN_SORBS_WEB? What's happened with my server?
just google for the rule:
- then check the IP listed in the headers as sender - and see if it's listed in sorbs (e.g. at http://www.anti-abuse.org/multi-rbl-check/)
then see whether this is an actual problem on the server
Code:
describe RCVD_IN_SORBS_WEB SORBS: sender is an abusable web server- then check the IP listed in the headers as sender - and see if it's listed in sorbs (e.g. at http://www.anti-abuse.org/multi-rbl-check/)
then see whether this is an actual problem on the server
Stoiko Ivanov
Thank you for responding
Before posting, I also checked the IP address on https://mxtoolbox.com/blacklists.aspx, resulting in the IP not being blacklisted. I have also checked the ip address on http://www.anti-abuse.org and the ip address is not blacklisted either.
which ip address?
if PMG has a hit with RCVD_IN_SORBS_WEB that means that the server that sent the e-mail to PMG is listed
Stoiko Ivanov
I have also checked the IP address (203.128.246.77) on the mail server is not blacklisted
Stoiko Ivanov
The strange thing is that there are some emails sent out not to be blacklisted, while there are some emails that get blacklisted?