Sometimes mail from outlook servers is dropped and not delivered/discarded by MIAB/DKIM “lmtp … discard action”, but I can’t find out why. How can I let these mails be delivered instead of them being discarded?
Search on internet suggest MS is doing something non standard with their headers, resulting in DKIM errors. I have a standard MIAB installation. I happens after DKIM says it “failed to parse …”, followed by “verification succesful” see error log below (anonymised).
It is hard to reproduce. I just have to wait for a mail that is discarded, which I will only notice after verbal complaints about me not reacting…
Oct 6 13:36:08 box postfix/smtpd[226907]: 062253F11B: client=mail-norwayeastazon11023087.outbound.protection.outlook.com[40.107.159.87]
Oct 6 13:36:08 box postfix/cleanup[226911]: 062253F11B: message-id=<GV1PR02MB840134EE5D6824FE2D80EA2FD9E3A@GV1PR02MB8401.eurprd02.prod.outlook.com>
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: failed to parse authentication-results: header field
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: DKIM verification successful
Oct 6 13:36:08 box opendkim[89665]: 062253F11B: s=selector1 d=mpf.nl a=rsa-sha256 SSL
Oct 6 13:36:08 box opendmarc[986]: 062253F11B: SPF(mailfrom): mpf.nl pass
Oct 6 13:36:08 box opendmarc[986]: 062253F11B: mpf.nl pass
Oct 6 13:36:08 box postfix/qmgr[148606]: 062253F11B: from=<sendername@mpf.nl>, size=113442, nrcpt=1 (queue active)
Oct 6 13:36:12 box postfix/lmtp[226912]: 062253F11B: to=<my@emaildom.nl>, relay=127.0.0.1[127.0.0.1]:10025, delay=4.8, delays=0.53/0.02/0.04/4.2, dsn=2.0.0, status=sent (250 2.0.0 <my@emaildom.nl> xAM0G6ip42hhdgMAL0PUYw Saved)
Oct 06 13:36:12 lmtp(my@emaildom.nl)<226913><xAM0G6ip42hhdgMAL0PUYw>: Info: sieve: msgid=<GV1PR02MB840134EE5D6824FE2D80EA2FD9E3A@GV1PR02MB8401.eurprd02.prod.outlook.com>: discard action: Marked message to be discarded if not explicitly delivered (discard action)
Oct 6 13:36:12 box postfix/qmgr[148606]: 062253F11B: removed
Is this a MIAB error or too sensitive configuration from MIAB, or on the contrary an error that should be reported to outlook.com?
Can/should the MIAB/DKIM configuration be changed to allow all mail from outlook.com servers?
Even if DKIM does not validate, this would be reason for the mail to be delivered in the spam folder, not to be discarded.
Do you have custom sieve filters?
No custom sieve filters. I would not know how to do that. In fact, my first reaction was to do something about sieve filters in order to pass through all mail from outlook.com, but I could not figure out how.
I do have some spamassassin modifications, that produce mail in the spam folder exactly as I want. However, my DKIM problem just discards and does not use the spam folder.
Looking into this a bit further, it looks like postfix delivers the mail to the spam filter, and the output of the spam filter is “action discard”. From this log it is not clear which spam action is applied. Perhaps sudo journalctl -u spampd has info.
Otherwise, look at this post to enable some spampd logging. It might provide additional info the next time such a mail arrives.
The senders server has an error according to MXtoolbox (the question about MX toolbox inspired me to check mpf.nl also):
“MX Lookup” of mpf.nl : DMARC Policy Not Enabled It is recommended to use a quarantine or reject policy. To enable BIMI, it is required to have one of these at 100%.
I will let mpf.nl know that they have a configuration error. However, I think that error should not cause MIAB to silently discard the delivered mail.
I have an extra .cf file in /etc/spamassassin with the following contents.
I am very strict about shortcomings on the senders side (works very good for me), but I would imagine this would lead to mails ending up in my spam folder and not to silent discards. Correct?
journalctl -u spamd returns the following for the discarded mail. The “(unknown)” remark looks unusual.
Oct 06 13:36:08 box.emaildom.nl spampd[180507]: processing message (unknown) for <my@emaildom.nl>
Oct 06 13:36:12 box.emaildom.nl spampd[180507]: clean message (unknown) (-0.20/5.00) from <sendername@mpf.nl> for <my@emaildom.nl> in 4.16s, 113753 bytes.
Agreed. Sieve looks at the X-Spam-Status header, and moves mail into the spam folder based on that. You can look at the file /etc/dovecot/sieve-spam.sieve to verify that.
Also check your sieve scripts just to be sure. Files with extension sieve in /home/user-data/mail/sieve/global_before, /home/user-data/mail/sieve/global_after and /home/user-data/mail/sieve/<domain>/<user>. Just to be sure it’s not a sieve filter after all.
I have some of those in my logs as well, for messages which are delivered, so it seems strange but ok.
The log clean message indicates spamassassin does not think it is a spam email.
After that it’s up to dovecot, so I would focus on the sieve filters.
I did not have sieve filters that would explain the problem that I asked about.
However, i have found that I had two unrelated (I think) roundcube filters, which - as I understand only now - is under the hood actually is a “sieve” filter, with a “discard” instruction. I changed those filters to “move to spamfolder” just to be sure that they are not the cause of my problem. Thank you for the hint!
Also, the DMARC record of the sender was corrected on my request. For what it worth, because that should not be the cause of my problem.
With these two adjustments I will now wait and see if the problem occurs again. I can only hope that it does not.
After correction of the senders DMARC record, I can now receive their mail.
Also, I suspect the senders service had more configuration errors, that were fixed before I checked them. See following paragraph.
I updated a sieve (in this case a roundcube filter) on RDNS_NONE (no dns record for sender ip) to save mail to the spamfolder in stead of “discard”. This causes more spam in my spam folder. This seems however unrelated to my reported DKIM problem, so I suspect the sender configuration had extra errors at the time of sending.
Thank you KiekerJan for helping me find this solution.