Page 1 of 1

10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 07 Nov 2019 13:14
by bikertrash
Yeah... something has gone wrong all of a sudden and I do not seem to be able to find the cause.

My mail filter has been running on Microsoft Hyper-Visor rather well for almost a year now. It sits in front of an hMail server and filters all inbound and outbound mail. Usual morning routine is to make sure all hosts inside the network are up to date including the mail filter. Saturday morning (11/2/2019) there were some OS updates to to the filter but before applying them I naturally created a checkpoint of the filter on the Hyper-Visor. Unfortunately these updates ended up breaking networking on the filter which in turn caused a few cascading issues. So.. I rolled back to the checkpoint to get the filter back up and running again. Incoming mail was still working perfectly, being analyzed and then sent on into the hMail server without issue. Outbound mail however is now being tagged as Spam and completely blocked due to DMARC_REJECT and I've been unable to figure out why.

I've checked all of the original configurations and everything seems to be in order. Internal domains and networks are correctly configured as they had been but any and all outbound mail is being blocked. If all else fails, I'll simply resort redeploying a fresh new EFA Project appliance on my VSphere server rather than the Hyper-Visor as it's easier to roll back without issue when something goes wrong (unlike Microsoft's Hyper-Visor).

Any suggestions on where to start looking to fix this before taking the above approach would be deeply appreciated.

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 09 Nov 2019 18:34
by shawniverson
Does your domain have a DMARC policy? If so, can you share it please?

(If you have a DMARC policy, and both your SPF and DKIM has a problem, you may start rejecting yourself! :o :o :o )

(Edit)

If DNS is having a problem on your box, this could also be firing off. Is Unbound working properly?

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 14:12
by bikertrash
This poor thing is so banged up now it would probably be best if I just blow it out and start from scratch. Unfortunately I don't see any vm appliances downloads available anymore.

However, yes I had set up SPF and DMARC records quite some time ago. Took a little doing to get them setup properly though (using MX Toolbox for testing). Internal network is defined correctly to prevent blocking myself and it was all working perfectly for a very long time.

That being said, these are the DNS records:

v=spf1 a:mail.davesdigitaldevices.com ip4:74.62.191.92 -all
v=DMARC1; p=reject; rua=mailto:administrator@davesdigitaldevices.com; ruf=mailto:administrator@davesdigitaldevices.com; fo=1

I attempted to do a recovery from last month's full backup but because this is a Centos 6 based appliance running on a Microsoft Hyper-Visor, it does not like the backup method (Macrium Reflect) that does a volume shadow copy disk image snapshot of the Windows 2012 server, Centos 6 doesn't support that. So after the restore, it was effectively a brand new deployment that ended up with all the bugs that had to be fixed just to get it going again. I still don't see the Mailwatch user listed and can no longer connect to the MySQL server in Webmin.

So... perhaps I should just get a Centos 7 virtual server up and running on the Hyper-Visor and install EFA4 instead of messing with this one...

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 14:16
by bikertrash
P.S.

It does not appear to be using DNS at all... it's configured to use an internal BIND DNS server but cannot ping anything inside the network by it's FQDN. This is likely the root cause of why it's blocking outgoing mail...

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 14:46
by shawniverson
"It's always DNS" :D

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 14:49
by shawniverson
Your records look fine.

I recommend you move forward to v4 and follow this guide. Keep your v3 handy despite its woes for the migration steps.

https://wiki.efa-project.org/doku.php?i ... m_v3_to_v4

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 15:21
by shawniverson
Do me a favor, would you? I need a tester.

Try out the installation ISO. :dance:

https://mirrors.efa-project.org/images/ ... 0/eFa4.iso

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 10 Nov 2019 17:16
by bikertrash
Indeed... it's always DNS... :lol: But remember... "Computers... are our FRIENDS.".. (I keep telling myself that every day... sooner or later I'll believe it. :D )

I'm SO upset now... Hahahaha! I'm just only just now completing the re-deployment of the appliance... only to check back in here see you offering me the test ISO... well... POOH... I really want to run that too! So I guess I'll start all over again but likely not today. I've already been working this issue since around 4:00 AM and it's now 9:15 AM here. I would LOVE to run the latest version and see how it goes!!! :D :D :D

Right now mail is just coming directly into the mail server so of course I've got Spam coming in like crazy but I'll let you know just as SOON as I can get to working in deploying your newest version for SURE!!!!! BLESS YOU!!! :clap:

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 11 Nov 2019 12:48
by bikertrash
Began deployment this morning. Will let you know how it goes. :clap:

Re: 10.00 DMARC_REJECT for outging mail all of a sudden..

Posted: 15 Nov 2019 12:06
by bikertrash
Got that bad boy up and running the other day... WOW! Lot's of cool changes. :)