English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
DMARC Problem
-
Hello,
I always get the result "Delivery failed" in the message log for the following mail
I cannot find an error in the DMARC processing in the average.
The sender is also on the whitelist.....
Wed 2025-05-21 08:01:58: # Sender is on approval list (Mail From user)
......
Wed 2025-05-21 08:01:58: DMARC processing is in progress
Wed 2025-05-21 08:01:58: * MessageID: <20250521060157.C287DA60BF1@xxxx.com>
Wed 2025-05-21 08:01:58: * Author domain: xxxx.com
Wed 2025-05-21 08:01:58: * Organizational domain: xxxx.com
Wed 2025-05-21 08:01:58: DMARC query is in progress
Wed 2025-05-21 08:01:58: * Query domain: _dmarc.xxxx.com
Wed 2025-05-21 08:01:58: * DMARC policy record found
Wed 2025-05-21 08:01:58: * Policy record: v=DMARC1; p=reject; pct=100; rua=mailto:xxxx@xxxx.com,mailto:xxxx@xxxx.com
Wed 2025-05-21 08:01:58: * Verifying report recipient: xxxx@xxxx.com
Wed 2025-05-21 08:01:58: * Query domain: xxxx.com.xxxx.xxxx. com
Wed 2025-05-21 08:01:58: * Policy record: v=DMARC1;
Wed 2025-05-21 08:01:58: * Recipient xxxx@xxxx.com is verified
Wed 2025-05-21 08:01:58: * Checking authentication mechanisms for DMARC alignment
Wed 2025-05-21 08:01:58: * SPF: domain "xxxx. com" passed SPF check; and domain is DMARC aligned
Wed 2025-05-21 08:01:58: * DKIM: no DKIM signatures found
Wed 2025-05-21 08:01:58: * DMARC result pass
Wed 2025-05-21 08:01:58: -- End: DMARC (0.029061 seconds) --
Wed 2025-05-21 08:01:58: -- Execute from: URI Blocklists (URIBL) --
Wed 2025-05-21 08:01:58: -- End: URI Blocklists (URIBL) (0.000002 seconds) --
Wed 2025-05-21 08:01:58: -- Run from: SpamAssassin --
Wed 2025-05-21 08:01:58: -- End: SpamAssassin (0.000001 seconds) --
Wed 2025-05-21 08:01:58: -- Executing: Attachment Filtering --
Wed 2025-05-21 08:01:58: -- End: Attachment Filtering (0.003172 seconds) --
Wed 2025-05-21 08:01:58: -- Executing: QR Code Detection --
Wed 2025-05-21 08:01:58: -- End: QR Code Detection (0.000001 seconds) --
Wed 2025-05-21 08:01:58: -- Execute from: Message Score --
Wed 2025-05-21 08:01:58: -- End: Message Score (0.000001 seconds) --
Wed 2025-05-21 08:01:58: * Final Score: 0.00
......
Wed 2025-05-21 08:02:00: <-- 550 Message rejected due to senders DMARC policy
-
Hello Oliver,
Check ANTI-SPOOFING and DMARC VERIFICATION. Send screenshoot please.
-
Check this :
The DMARC reject policy instructs the email-receiving servers to refuse to accept email that fails DMARC verification. This behavior is a great way to combat the sending of unauthorized emails including spoofing attempts.
There are some known implementations:
- Refuse to accept non-compliant emails at an SMTP connection level.
- Initially accept email via SMTP and then prevent the final delivery of the non-compliant email.
When delivery fails, the message silently drops or generates a bounce message. A bounce message informs the sender about not accepting the message due to the domain owner’s DMARC policy. With p=reject, you protect your domain against spoofing, but beware: make sure you made all legitimate sending mail flows DMARC compliant before switching to this policy.
Cause in the end of ther transcription you got : Wed 2025-05-21 08:02:00: <-- 550 Message rejected due to senders DMARC policy
-
Is the "550 Message rejected due to senders DMARC policy" error being returned by SecurityGateway or by the server SecurityGateway is trying to send the message to? The message transcript includes both the inbound and outbound session so its easy to miss it.
Is the server SecurityGateway is trying to send to running MDaemon?
Is the address the message is being sent to a mailing list?
Does the mailing list have the "Refuse messages from members who pulbish restrictive DMARC policy" option enabled?
-
Many thanks for the quick answers!
Sorry, it was actually the mail server behind it.
I deactivated DMARC there and the message went through.
-
@Arron does SecurityGateway support the ARC function?
Can't find anything about this in the help.
-
Yes it does. https://help.mdaemon.com/SecurityGateway/en/dmarc_verification.html
We have fixed a number of issues in our ARC implementation for SG 11.0.0, which is currently in beta. There is a chance the issues won't affect you. But if you enable it and are having issues, my first suggestion will be to try the beta.
