10-20-2020 07:06 AM
Hello, I am trying to implement dmarc check in Ironport AsyncOS.
After enabling DMARC check, Non-Delivery Report does not pass DMARC check, because nor NDR sender is (empty). All normal e-mails can pass DMARC verification.
Is there any way to allow NDR emails to bypass DMARC check ?
I have spent already a lot of time in this problem, there is almost no information about this problem available in internet.
Here is log records for one NDR that was quarantined to DMARC.
20 Oct 2020 16:44:11 (GMT +01:00) | Incoming connection (ICID 12353948) has sender_group: RELAYLIST, sender_ip: 87.245.245.180 and sbrs: 2.7 |
20 Oct 2020 16:44:11 (GMT +01:00) | Protocol SMTP interface Data (IP 87.245.245.188) on incoming connection (ICID 12353948) from sender IP 87.245.245.180. Reverse DNS host None verified no. |
20 Oct 2020 16:44:11 (GMT +01:00) | (ICID 12353948) RELAY sender group RELAYLIST match 87.245.245.180 SBRS 2.7 sender IP 87.245.245.180 country Lithuania |
20 Oct 2020 16:44:11 (GMT +01:00) | Incoming connection (ICID 12353948) successfully accepted TLS protocol TLSv1.2 cipher ECDHE-RSA-AES128-SHA256. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 Sender Domain: |
20 Oct 2020 16:44:11 (GMT +01:00) | Start message 13228767 on incoming connection (ICID 12353948). |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 enqueued on incoming connection (ICID 12353948) from . |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 direction: outgoing |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 on incoming connection (ICID 12353948) added recipient (shoffmann@news.era.int). |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 scanned by engine SPF Verdict Cache using cached verdict. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 SPF: mailfrom identity None |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767: DMARC Message from domain enterprise.lt, DMARC fail, (SPF aligned False, DKIM aligned False) DMARC policy is reject, applied policy is quarantine |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767: DMARC verification failed. Message sent to quarantine. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 contains message ID header '<4fb3f5e5-3f4a-45de-aa9e-c1f779a75fe7@TS.GOV.LV>'. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 original subject on injection: Undeliverable: [SUSPECTED SPAM] Artificial Intelligence (AI) and the Criminal Justice System |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 (59375 bytes) from ready. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 has sender_group: RELAYLIST, sender_ip: 87.245.245.180 and sbrs: 2.7 |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 matched per-recipient policy Data domains for outbound mail policies. |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 scanned by Anti-Virus engine. Final verdict: Negative |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 scanned by Outbreak Filters. Verdict: Negative |
20 Oct 2020 16:44:11 (GMT +01:00) | Message 13228767 quarantined to DMARC. DMARC verification failure |
11-01-2020 11:03 PM
DMARC check can be bypassed based on either an address list or for specific headers that you can try out.
Regards,
Libin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide