Hello,
i have investigated today a weird issue of one of our clients, that did not received messages sent from another user from Office 365.
In the log i have found that messages was blocked by ESF:
2018-03-21 10:19:01 1eyZtd-0009DX-PY H=dev.xxxx.com (web1.xxxx.com) [xxx.xxx.xxx.201] Warning: DKIM: Failed. reason='bodyhash_mismatch'
2018-03-21 10:19:02 1eyZtd-0009DX-PY H=dev.xxxx.com (web1.xxxx.com) [xxx.xxx.xxx.201] F=<[email protected]> rejected after DATA: Your message to <[email protected]> was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF, DKIM, and is not on any black lists. Your score: 120
In the latest default ESF config the related scores are configured in this way:
EASY_HIGH_SCORE_DROP = 100
EASY_DKIM_PASS = -20
EASY_DKIM_FAIL = 100
As you see, if the DKIM check fails then the message will be most likely dropped.
The DKIM RFC in section 6.1 (https://tools.ietf.org/html/rfc6376#section-6) states, that:
"Survivability of signatures after transit is not guaranteed, and
signatures can fail to verify through no fault of the Signer.
Therefore, a Verifier SHOULD NOT treat a message that has one or more
bad signatures and no good signatures differently from a message with
no signature at all."
Based on RFC, if the DKIM check fails, than it should be treated as a message without a DKIM signature, so it seems to me, that the value of EASY_DKIM_FAIL in ESF config is too high.
I have found few references regarding this issue:
https://blogs.msdn.microsoft.com/tzink/2015/10/08/manually-hooking-up-dkim-signing-in-office-365/
What dou you think? What should be the reasonable value of the EASY_DKIM_FAIL field?
Thanks,
T.
i have investigated today a weird issue of one of our clients, that did not received messages sent from another user from Office 365.
In the log i have found that messages was blocked by ESF:
2018-03-21 10:19:01 1eyZtd-0009DX-PY H=dev.xxxx.com (web1.xxxx.com) [xxx.xxx.xxx.201] Warning: DKIM: Failed. reason='bodyhash_mismatch'
2018-03-21 10:19:02 1eyZtd-0009DX-PY H=dev.xxxx.com (web1.xxxx.com) [xxx.xxx.xxx.201] F=<[email protected]> rejected after DATA: Your message to <[email protected]> was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF, DKIM, and is not on any black lists. Your score: 120
In the latest default ESF config the related scores are configured in this way:
EASY_HIGH_SCORE_DROP = 100
EASY_DKIM_PASS = -20
EASY_DKIM_FAIL = 100
As you see, if the DKIM check fails then the message will be most likely dropped.
The DKIM RFC in section 6.1 (https://tools.ietf.org/html/rfc6376#section-6) states, that:
"Survivability of signatures after transit is not guaranteed, and
signatures can fail to verify through no fault of the Signer.
Therefore, a Verifier SHOULD NOT treat a message that has one or more
bad signatures and no good signatures differently from a message with
no signature at all."
Based on RFC, if the DKIM check fails, than it should be treated as a message without a DKIM signature, so it seems to me, that the value of EASY_DKIM_FAIL in ESF config is too high.
I have found few references regarding this issue:
https://blogs.msdn.microsoft.com/tzink/2015/10/08/manually-hooking-up-dkim-signing-in-office-365/
What dou you think? What should be the reasonable value of the EASY_DKIM_FAIL field?
Thanks,
T.