Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 7089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EMAIL DKIM issue QUARANTINE with policy allowed

philbert

We use Sophos Firewall as EMail Protection for incoming Mails.

Firmware: SFOS 19.5.3 MR-3-Build652

SMTP deployment mode: Device acts as a Mail Transfer Agent (MTA)

DKIM Settings:

DKIM is set to accept, some mails will be quarantined by DKIM verification action:

Total of 6x Mails for today and yesterday.

Log (/log/smtpd_main.log) Example:

2023-10-16 07:50:51.595Z [23528] SMTP connection from [85.215.255.82]:42599 I=[10.10.10.254]:25 (TCP/IP connection count = 1)
2023-10-16 07:50:51.691Z [15087] H=mo4-p02-ob.smtp.rzone.de [85.215.255.82]:42599 I=[10.10.10.254]:25 Warning: receiver.de profile greylisting: Doing greylisting for this message
2023-10-16 07:50:51.691Z [15087] [85.215.255.82] F=<xxx@sender.de> R=<x@receiver.de> DKIM: dkim_verfy
2023-10-16 07:50:51.691Z [15087] [85.215.255.82] F=<xxx@sender.de> R=<x@receiver.de> Accepted: upstream host
2023-10-16 07:50:51.886Z [15087] 1qsINH-0003vL-2G DKIM action set to QUARANTINE
2023-10-16 07:50:51.886Z [15087] 1qsINH-0003vL-2G DKIM: d=sender.de s=strato-dkim-0003 c=relaxed/relaxed a=ed25519-sha256 b=512 t=1697442287 [fail - ]
2023-10-16 07:50:51.886Z [15087] 1qsINH-0003vL-2G DKIM: d=sender.de s=strato-dkim-0002 c=relaxed/relaxed a=rsa-sha256 b=2048 t=1697442287 [verification succeeded]
2023-10-16 07:50:51.935Z [15087] 1qsINH-0003vL-2G Greylisting: Successful greylist retry from 85.215.255.82 (original host was 85.215.255.82)
2023-10-16 07:50:51.938Z [15087] 1qsINH-0003vL-2G <= xxx@sender.de H=mo4-p02-ob.smtp.rzone.de [85.215.255.82]:42599 I=[10.10.10.254]:25 P=esmtps L.- X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no S=10834 M8S=0 DKIM=sender.de RT=0.025s id=018501da0004$a2d3ce30$e87b6a90$@sender.de T="example" from <xxx@sender.de> for x@receiver.de
2023-10-16 07:50:51.961Z [15087] SMTP connection from mo4-p02-ob.smtp.rzone.de [85.215.255.82]:42599 I=[10.10.10.254]:25 closed by QUIT
MSG   Oct 16 07:50:52Z [ T_SMTPD-W]: Mail assigned to 'MS-25816' for scanning '1qsINH-0003vL-2G-D'
MSG   Oct 16 07:50:52Z [  MS-25816]: scan request 1qsINH-0003vL-2G-D
MSG   Oct 16 07:50:52Z [  MS-25816]: S='xxx@sender.de' R='x@receiver.de' Subject='example' Size='10834' Status='Mail has been queued for delivery.' src_ip='85.215.255.82' src_port=42599 user_id=0 us
er_grp_id=0 fw_id=98 src_zone_id=2
MSG   Oct 16 07:50:52Z [1qsINH-0003vL-2G]: SF DKIM Verification Policy Action: QUARANTINE
MSG   Oct 16 07:50:52Z [  MS-25816]: move '7E08rh-h8G3F2-CG' to quarantine
MSG   Oct 16 07:50:52Z [  MS-25816]: do_post_policy_stuff: q_path = /sdisk/spool//quarantine/0/G/
MSG   Oct 16 07:50:52Z [1qsINH-0003vL-2G]: 7E08rh-h8G3F2-CG <= xxx@sender.de R=1qsINH-0003vL-2G
MSG   Oct 16 07:50:52Z [  MS-25816]: processing for 1qsINH-0003vL-2G completed
MSG   Oct 16 07:50:52Z [ T_SMTPD-W]: [SMTPD] read returned 8 bytes
MSG   Oct 16 07:50:52Z [ T_SMTPD-W]: [SMTPD] mail '1qsINH-0003vL-2G-D' processed sucessfully
MSG   Oct 16 07:50:52Z [ T_SMTPD-W]: [SMTPD] smtpd read blocked
Log contains: "DKIM action set to QUARANTINE" and "SF DKIM Verification Policy Action: QUARANTINE"

There is no policy & exception configured.

Why are only some mails to be quarantined? Maybe a bug?


This thread was automatically locked due to age.
Unfiltered HTML