Sometimes mail from outlook servers is dropped and not delivered/discarded by MIAB/DKIM “lmtp … discard action”, but I can’t find out why. How can I let these mails be delivered instead of them being discarded?
Search on internet suggest MS is doing something non standard with their headers, resulting in DKIM errors. I have a standard MIAB installation. I happens after DKIM says it “failed to parse …”, followed by “verification succesful” see error log below (anonymised).
It is hard to reproduce. I just have to wait for a mail that is discarded, which I will only notice after verbal complaints about me not reacting…
Oct 6 13:36:08 box postfix/smtpd[226907]: 062253F11B: client=mail-norwayeastazon11023087.outbound.protection.outlook.com[40.107.159.87]
Oct 6 13:36:08 box postfix/cleanup[226911]: 062253F11B: message-id=<GV1PR02MB840134EE5D6824FE2D80EA2FD9E3A@GV1PR02MB8401.eurprd02.prod.outlook.com>
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: failed to parse authentication-results: header field
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: DKIM verification successful
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: s=selector1 d=mpf.nl a=rsa-sha256 SSL
Oct 6 13:36:08 box opendmarc[986]: 062253F11B: SPF(mailfrom): mpf.nl pass
Oct 6 13:36:08 box opendmarc[986]: 062253F11B: mpf.nl pass
Oct 6 13:36:08 box postfix/qmgr[148606]: 062253F11B: from=<sendername@mpf.nl>, size=113442, nrcpt=1 (queue active)
Oct 6 13:36:12 box postfix/lmtp[226912]: 062253F11B: to=<my@emaildom.nl>, relay=127.0.0.1[127.0.0.1]:10025, delay=4.8, delays=0.53/0.02/0.04/4.2, dsn=2.0.0, status=sent (250 2.0.0 <my@emaildom.nl> xAM0G6ip42hhdgMAL0PUYw Saved)
Oct 06 13:36:12 lmtp(my@emaildom.nl)<226913><xAM0G6ip42hhdgMAL0PUYw>: Info: sieve: msgid=<GV1PR02MB840134EE5D6824FE2D80EA2FD9E3A@GV1PR02MB8401.eurprd02.prod.outlook.com>: discard action: Marked message to be discarded if not explicitly delivered (discard action)
Oct 6 13:36:12 box postfix/qmgr[148606]: 062253F11B: removed
Is this a MIAB error or too sensitive configuration from MIAB, or on the contrary an error that should be reported to outlook.com?
Can/should the MIAB/DKIM configuration be changed to allow all mail from outlook.com servers?
Even if DKIM does not validate, this would be reason for the mail to be delivered in the spam folder, not to be discarded.
Do you have custom sieve filters?
My MIAB server is working fine (startstop.nl) and MX toolbox report everything OK.
No custom sieve filters. I would not know how to do that. In fact, my first reaction was to do something about sieve filters in order to pass through all mail from outlook.com, but I could not figure out how.
I do have some spamassassin modifications, that produce mail in the spam folder exactly as I want. However, my DKIM problem just discards and does not use the spam folder.
Looking into this a bit further, it looks like postfix delivers the mail to the spam filter, and the output of the spam filter is “action discard”. From this log it is not clear which spam action is applied. Perhaps sudo journalctl -u spampd has info.
Otherwise, look at this post to enable some spampd logging. It might provide additional info the next time such a mail arrives.
Ah, which modifications are these?
The senders server has an error according to MXtoolbox (the question about MX toolbox inspired me to check mpf.nl also):
“MX Lookup” of mpf.nl : DMARC Policy Not Enabled It is recommended to use a quarantine or reject policy. To enable BIMI, it is required to have one of these at 100%.
I will let mpf.nl know that they have a configuration error. However, I think that error should not cause MIAB to silently discard the delivered mail.
I have an extra .cf file in /etc/spamassassin with the following contents.
I am very strict about shortcomings on the senders side (works very good for me), but I would imagine this would lead to mails ending up in my spam folder and not to silent discards. Correct?
score DMARC_NONE 2.1
score DMARC_FAIL_NONE 3.0
score SPF_NONE 2.4
score RCVD_IN_BL_SPAMCOP_NET 2.2
header DKIM_NONE Authentication-Results =~ /box\.startstop\.nl; dkim=none/
describe DKIM_NONE DKIM record not found
score DKIM_NONE 2.0
score DKIM_INVALID 3.5
score RDNS_NONE 3.5
header DKIM_PERMERROR Authentication-Results =~ /box\.startstop\.nl; dkim=permerror/
describe DKIM_PERMERROR DKIM record error
score DKIM_PERMERROR 4.0
journalctl -u spamd returns the following for the discarded mail. The “(unknown)” remark looks unusual.
Oct 06 13:36:08 box.emaildom.nl spampd[180507]: processing message (unknown) for <my@emaildom.nl>
Oct 06 13:36:12 box.emaildom.nl spampd[180507]: clean message (unknown) (-0.20/5.00) from <sendername@mpf.nl> for <my@emaildom.nl> in 4.16s, 113753 bytes.
Agreed. Sieve looks at the X-Spam-Status header, and moves mail into the spam folder based on that. You can look at the file /etc/dovecot/sieve-spam.sieve to verify that.
Also check your sieve scripts just to be sure. Files with extension sieve in /home/user-data/mail/sieve/global_before, /home/user-data/mail/sieve/global_after and /home/user-data/mail/sieve/<domain>/<user>. Just to be sure it’s not a sieve filter after all.
I have some of those in my logs as well, for messages which are delivered, so it seems strange but ok.
The log clean message indicates spamassassin does not think it is a spam email.
After that it’s up to dovecot, so I would focus on the sieve filters.