Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
875
Views
0
Helpful
1
Replies

Can't figure out how to configure dmarc for my cisco esa lab

Joehard
Level 1
Level 1

‎01-11-2024 08:22 PM

Hi everyone!

I've been struggled with configuring DMARC on my cisco esa lab, it always tell me that my DKIM aligned false! I have configure the SPF and DKIM before configuring the DMARC. And make sure that both SPF and DKIM is pass and working.

For your information, I configured all the dns record DNS Server with BIND9

I create my SPF record like this: @ IN TXT "v=spf1 mx ip4:192.168.189.221 -all"

Below this is my DKIM configuration:

Joehard_0-1705032708469.png

And for the DKIM record: site-a-first-gateway._domainkey.site-a.com. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChmDPaeTfIqUsoinS3sa/GKVhTpxFe1cpZPuvIQ0u4UorToHbrYY8yEKusAfAgw3wcvl5BxiI4L75ZOQZVKmpXquV536KCmObDUUYhJwmp2nEszSE0vwd9/8fqGgEMxQ5IvPVmz/4NlcY3IiCdSqXsyy79jMRy3l/0y0BbN17HEQIDAQAB;"

With those configuration, I manage to get pass the SPF and DKIM verification.

The last one is DMARC, my DMARC record look like this: _dmarc IN TXT "v=DMARC1; p=none; rua=mailto:dmarc.rua@site-a.com"

When I test sending email I got mail log like this:

Fri Jan 12 11:15:57 2024 Info: New SMTP ICID 92 interface Data 1 (192.168.189.222) address 192.168.189.221 reverse dns host mail.site-a.com verified yes
Fri Jan 12 11:15:57 2024 Info: ICID 92 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS rfc1918 country not applicable
Fri Jan 12 11:15:57 2024 Info: Start MID 101 ICID 92
Fri Jan 12 11:15:57 2024 Info: MID 101 ICID 92 From: <tehar@site-a.com>
Fri Jan 12 11:15:57 2024 Info: MID 101 SDR: Domains for which SDR is requested: reverse DNS host: mail.site-a.com, helo: ironport-ext.site-a.com, env-from: site-a.com, header-from: Not Present, reply-to: Not Present
Fri Jan 12 11:15:57 2024 Info: MID 101 SDR: Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other reasons for verdict). Sender Maturity: 30 days (or greater) for domain: ironport-ext.site-a.com
Fri Jan 12 11:15:57 2024 Info: MID 101 ICID 92 RID 0 To: <tejo@site-b.com>
Fri Jan 12 11:15:57 2024 Info: MID 101 using engine: SPF Verdict Cache using cached verdict
Fri Jan 12 11:15:57 2024 Info: SPF Verdict Cache cache status: hits = 13, misses = 20, expires = 0, adds = 19, seconds saved = 0.22, total seconds = 0.45
Fri Jan 12 11:15:57 2024 Info: MID 101 SPF: mailfrom identity tehar@site-a.com Pass (v=spf1)
Fri Jan 12 11:15:57 2024 Info: MID 101 DKIM: pass signature verified (d=site-a.com s=site-a-first-gateway i=@site-a.com)
Fri Jan 12 11:15:57 2024 Info: MID 101 DMARC: Message from domain site-a.com, DMARC pass (SPF aligned True, DKIM aligned False)
Fri Jan 12 11:15:57 2024 Info: MID 101 DMARC: Verification passed
Fri Jan 12 11:15:57 2024 Info: MID 101 Message-ID '<202234867.104.1705032956821.JavaMail.zimbra@site-a.com>'
Fri Jan 12 11:15:57 2024 Info: MID 101 Subject "tes dmarc 26"
Fri Jan 12 11:15:57 2024 Info: MID 101 SDR: Domains for which SDR is requested: reverse DNS host: mail.site-a.com, helo: ironport-ext.site-a.com, env-from: site-a.com, header-from: site-a.com, reply-to: Not Present
Fri Jan 12 11:15:57 2024 Info: MID 101 SDR: Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other reasons for verdict). Sender Maturity: 30 days (or greater) for domain: ironport-ext.site-a.com
Fri Jan 12 11:15:57 2024 Info: MID 101 SDR: Tracker Header : 65a0bcfd_6+PfxSrZ3aFkKQCPWfkLPMT8jjQR9KeQlz4XKRQmN2KEmkWHgFDwZtB44yETSu3J1Tsj5hUC7bBSQMPBeR7tmw==
Fri Jan 12 11:15:57 2024 Info: MID 101 ready 4092 bytes from <tehar@site-a.com>
Fri Jan 12 11:15:57 2024 Info: MID 101 matched all recipients for per-recipient policy DEFAULT in the inbound table
Fri Jan 12 11:15:58 2024 Info: MID 101 interim verdict using engine: CASE spam negative
Fri Jan 12 11:15:58 2024 Info: MID 101 using engine: CASE spam negative
Fri Jan 12 11:15:58 2024 Info: MID 101 interim AV verdict using Sophos CLEAN
Fri Jan 12 11:15:58 2024 Info: MID 101 antivirus negative
Fri Jan 12 11:15:58 2024 Info: MID 101 Outbreak Filters: verdict negative
Fri Jan 12 11:15:58 2024 Info: MID 101 queued for delivery
Fri Jan 12 11:15:58 2024 Info: New SMTP DCID 66 interface 192.168.20.101 address 192.168.20.11 port 25
Fri Jan 12 11:15:58 2024 Info: Delivery start DCID 66 MID 101 to RID [0]
Fri Jan 12 11:15:58 2024 Info: Message done DCID 66 MID 101 to RID [0]
Fri Jan 12 11:15:58 2024 Info: MID 101 RID [0] Response '2.0.0 Ok: queued as 3EA4E87606'
Fri Jan 12 11:15:58 2024 Info: Message finished MID 101 done
Fri Jan 12 11:16:02 2024 Info: ICID 92 close
Fri Jan 12 11:16:03 2024 Info: DCID 66 close

I'm stuck solving this error, your help is really appreciated

Labels:
0 Helpful
1 Reply 1

rschlayer
Level 4
Level 4

‎03-28-2025 12:00 AM

Hi,

 

check this out, I believe you are hitting this bug: CSCvn65193 : Bug Search Tool

0 Helpful
Customers Also Viewed These Support Documents