. They show me the helo string and timestamp of the culprit email triggering it (of course, thats it). The helo is my efa box. Exchange is behind it but not using EFA for outbound, and has a different helo configured.Thats my best guess, in mailwatch I see dmarc fired off 3:27a sent a bunch of reports until about 3:31a. I also checked exchange logs, nothing went out in that hour except an auto responder to a junk mail.
I disabled opendmarc using this snippet i found in another post. Will request removal and keep an eye out. Probably will turn it back on after a week or two if its quite.
Code: Select all
sudo systemctl stop opendmarc
sudo systemctl disable opendmarc
sudo mv /etc/cron.daily/eFa-Daily-DMARC ~
sudo mv /etc/cron.weekly/eFa-Weekly-DMARC ~