Hallo zusammen,
wir haben seit einigen Tagen das Problem, dass ein Kunde keine Mails zu uns senden kann, da der NoSpamProxy diese permanent ablehnt. In den Details steht, dass die DMARC prüfung fehlgeschlagen ist, obwohl die SPF und DKIM Prüfungen bestanden wurden, weiter steht aber im Text dass die DKIM Prüfung fehlgeschlagen ist.. Das ganze ist ein wenig verwirrend.
Warum genau werden denn nun diese Mails abgelehnt? Ich glaube es liegt an den Settings vom Kunden oder?
Hier 2 Bilder
https://abload.de/img/1raf0q.png
https://abload.de/img/2kmfxb.png
MessageTrack:
wir haben seit einigen Tagen das Problem, dass ein Kunde keine Mails zu uns senden kann, da der NoSpamProxy diese permanent ablehnt. In den Details steht, dass die DMARC prüfung fehlgeschlagen ist, obwohl die SPF und DKIM Prüfungen bestanden wurden, weiter steht aber im Text dass die DKIM Prüfung fehlgeschlagen ist.. Das ganze ist ein wenig verwirrend.
Warum genau werden denn nun diese Mails abgelehnt? Ich glaube es liegt an den Settings vom Kunden oder?
Hier 2 Bilder
https://abload.de/img/1raf0q.png
https://abload.de/img/2kmfxb.png
MessageTrack:
Code:
{
"sender": {
"localPart": "XXXXX",
"domain": "Halliburton.com"
},
"headerFrom": {
"localPart": "XXXXX",
"domain": "Halliburton.com"
},
"mailId": "95b957ed-3e02-4cb7-8a6a-166054b66ccb",
"messageId": "<DM6PR12MB4058627D988AC02E26C955459F6B9@DM6PR12MB4058.namprd12.prod.outlook.com>",
"size": 40736,
"subject": "XXXXXXXXX",
"signed": "None",
"encrypted": "None",
"sent": "2022-08-16T18:57:36.597+02:00",
"processingTime": "00:00:23.3400000",
"status": "PermanentlyBlocked",
"ruleName": "All inbound mails",
"scl": 4,
"validationStatus": "RejectPermanent",
"rejectReason": "SpamOrVirus",
"cyrenReferenceId": "str=0001.0A682F1F.62FBCC85.0029:SCFSTAT93300248,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0",
"processingGatewayRole": "DMZ-INFRA01",
"receiveConnectorName": "SMTP on all address",
"clientIPAddress": "40.107.212.73",
"wasReceivedFromRelayServer": false,
"detailsWereDeleted": false,
"urlSafeguardInfoWasDeleted": false,
"senderCertificate": {
"thumbprint": "0OLF60pwX1VgA2vSU6y7Vn+hX7A=",
"subject": "CN=mail.protection.outlook.com, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
"issuer": "CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US",
"serialNumber": "09116131001D329680E3FE28F437212C",
"validFrom": "2021-11-01T00:00:00+01:00",
"validTo": "2022-10-31T23:59:59+01:00"
},
"senderConnectionSecurity": {
"tlsProtocol": "Tls12",
"hashAlgorithm": "Sha384",
"keyExchangeAlgorithm": "DiffieHellmanEllipticKey",
"keyExchangeAlgorithmStrength": 384,
"cipherAlgorithm": "Aes256"
},
"deliveryAttempts": [
{
"recipient": "XXXXXXX",
"deliveryDate": "2022-08-16T18:57:36.597+02:00",
"status": "PermanentlyBlocked",
"dane": "None",
"statusMessage": "5.7.1 This email was rejected because it violates our security policy\r\n5.7.1 DMARC validation failed: Rfc5322FromDomain: Halliburton.com, ValidationResult: DkimAndSpfAlignmentFailed, OrganizationalDomain: Halliburton.com, DkimAlignment: False, SpfAlignment: False, ApplicablePolicy: Reject, EffectivePolicy: Reject",
"sendConnector": ""
}
],
"levelOfTrust": {
"domainBonus": 0,
"addressPairingBonus": 0,
"messageIdBonus": 0,
"subjectBonus": 0,
"dsnPoints": 0,
"mailIsTrusted": false,
"scl": 0,
"senderDomainIsFreeMailer": false,
"isSenderAuthenticated": false,
"addressPairingIsWildcardEntry": false,
"wasHeaderFromAddressUsedForValidation": false
},
"actions": [
{
"name": "URL Safeguard",
"time": "00:00:00",
"decision": "Pass"
},
{
"name": "CSA-Whitelist",
"time": "00:00:00",
"decision": "Pass"
},
{
"name": "Malware-Scanner",
"time": "00:00:02.0900000",
"decision": "Pass"
}
],
"filters": [
{
"name": "Reputationsfilter",
"time": "00:00:16.4100000",
"scl": 4,
"message": "DMARC validation failed: Rfc5322FromDomain: Halliburton.com, ValidationResult: DkimAndSpfAlignmentFailed, OrganizationalDomain: Halliburton.com, DkimAlignment: False, SpfAlignment: False, ApplicablePolicy: Reject, EffectivePolicy: Reject"
},
{
"name": "Cyren AntiSpam",
"time": "00:00:00",
"scl": 0
},
{
"name": "Realtime Blocklists",
"time": "00:00:04.1500000",
"scl": 0
},
{
"name": "Spam URI Realtime Blocklists",
"time": "00:00:00.0700000",
"scl": 0
}
],
"operations": [
{
"created": "2022-08-16T18:58:04.797+02:00",
"operation": {
"type": "ConnectionValidation",
"data": "{\"$type\":\"ConnectionValidationEntry\",\"isConnectionSecured\":true,\"childValidationEntries\":[],\"typeName\":\"ConnectionValidation\"}"
}
},
{
"created": "2022-08-16T18:58:04.797+02:00",
"operation": {
"type": "DmarcValidationEntry",
"data": "{\"$type\":\"DmarcValidationEntry\",\"effectivePolicy\":\"Reject\",\"rfc5322FromDomain\":\"Halliburton.com\",\"validationResult\":\"DkimAndSpfAlignmentFailed\",\"organizationalDomain\":\"Halliburton.com\",\"dkimResult\":[{\"failures\":\"SigningKeyLookupFailed\",\"authenticatedDomain\":\"halliburton.com\"}],\"spfResult\":[{\"result\":\"Pass\",\"domain\":\"NAM02-BN1-obe.outbound.protection.outlook.com\"},{\"result\":\"None\",\"domain\":\"Halliburton.com\"}],\"spfValidationStatus\":\"Validated\",\"dkimAlignment\":false,\"spfAlignment\":false,\"applicablePolicy\":\"Reject\",\"childValidationEntries\":[],\"typeName\":\"DmarcValidationEntry\"}"
}
},
{
"created": "2022-08-16T18:58:04.797+02:00",
"operation": {
"type": "MalwareScan",
"data": "{\"$type\":\"MalwareScanValidationEntry\",\"cyrenZeroHourClassification\":{\"spamClassification\":\"Unknown\",\"virusClassification\":\"Unknown\",\"threatCount\":0,\"detectedThreatType\":\"None\",\"detectedThreatAccuracy\":\"None\",\"threatName\":\"\"},\"action\":\"Pass\",\"infectedMailParts\":[],\"availableScanners\":\"Cyren, Filebased, CyrenZeroHour\",\"hasAdministrativeNotificationBeenSent\":false,\"childValidationEntries\":[],\"typeName\":\"MalwareScan\"}"
}
},
{
"created": "2022-08-16T18:58:04.797+02:00",
"operation": {
"type": "SenderRecipientValidationEntry",
"data": "{\"$type\":\"SenderRecipientValidationEntry\",\"localAddresses\":[],\"ownedDomainsInHeaderFromDisplayName\":[],\"dnsValidationResultWithAddress\":{\"result\":\"Success\"},\"headerFromContainsAngleBracketsWithInvalidEmailAddress\":false,\"headerFromIsInvalidWithEmptyMailFrom\":false,\"headerFromContainsMultipleAddresses\":false,\"headerFromDisplayNameContainsDomainDifferentFromEmailAddress\":false,\"headerToContainsAtSignOutsideOfEmailAddress\":false,\"headerToContainsAngleBracketsWithInvalidEmailAddress\":false,\"headerToIsEmpty\":false,\"headerFromOrToContainMultipleUnicodeLanguagePlanes\":false,\"headerToDoesNotContainLocalUser\":false,\"childValidationEntries\":[],\"typeName\":\"SenderRecipientValidationEntry\"}"
}
},
{
"created": "2022-08-16T18:58:04.797+02:00",
"operation": {
"type": "DnsValidationEntry",
"data": "{\"$type\":\"DnsValidationEntry\",\"senderAddress\":\"40.107.212.73\",\"hasMailFromDomainARecord\":true,\"mailFromDomainARecordValue\":\"halliburton-com.mail.protection.outlook.com (104.47.58.110, 104.47.70.110)\",\"hasPtrRecord\":true,\"isPtrRecordValid\":true,\"ptrRecordValue\":\"mail-bn1nam07on2073.outbound.protection.outlook.com\",\"isPtrRecordForwardLookupValid\":true,\"ptrRecordForwardLookupValue\":\"40.93.25.73, 40.107.212.73\",\"childValidationEntries\":[],\"typeName\":\"DnsValidationEntry\"}"
}
}
]
}