Is smartermails DMARC check faulty or is yahoo really failing DMARC on their CFL emails??
Problem reported by David Maggard - July 11, 2015 at 6:20 PM
Submitted
I am currently jumping thru the hoops of setting up feedback loops because we just moved our servers and have new IP's.  As part of the process I am trying to join yahoos version they call CFL, as part of the enrollment they send an email with a verification code you put in a form to proceed, after waiting a long time assuming the email was delayed due to grey listing I checked the SM logs and found this:
rsp: 220 mail.MYDOMAIN.com
connected at 7/11/2015 3:29:04 PM
cmd: EHLO n1-vm10.bullet.mail.gq1.yahoo.com
rsp: 250-mail.MYDOMAIN.com Hello [216.39.62.188]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
cmd: STARTTLS
rsp: 220 Start TLS negotiation
cmd: EHLO n1-vm10.bullet.mail.gq1.yahoo.com
rsp: 250-mail.MYDOMAIN.com Hello [216.39.62.188]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
cmd: MAIL FROM:<abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwgy2tamjugm-postmaster=MYDOMAIN.com@returns.bulk.yahoo.com>
rsp: 250 OK <abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwgy2tamjugm-postmaster=MYDOMAIN.com@returns.bulk.yahoo.com> Sender ok
cmd: RCPT TO:<postmaster@MYDOMAIN.com>
rsp: 250 OK <postmaster@MYDOMAIN.com> Recipient ok
cmd: DATA
rsp: 354 Start mail input; end with <CRLF>.<CRLF>
rsp: 550 Message rejected due to senders DMARC policy
A trace of the DMARC processing follows.
Beginning DMARC check for abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwgy2tamjugm-postmaster=MYDOMAIN.com@returns.bulk.yahoo.com from IP 216.39.62.188...
The from field for the message is "yahoo-account-services-us@cc.yahoo-inc.com".  Will look for DMARC policy record at _dmarc.cc.yahoo-inc.com
Retrieved the following DMARC policy record for "cc.yahoo-inc.com": v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-rua@yahoo-inc.com;
DMARC policy violated due a bad DKIM signature.
Data transfer succeeded but message rejected by DMARC
cmd: RSET
rsp: 250 OK
cmd: QUIT
rsp: 221 Service closing transmission channel
disconnected at 7/11/2015 3:29:07 PM
 
 
I disabled dmarc temporarily to allow the message in and had it resent and got a message with the following headers:
Return-Path: <abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwgy2tanzqgm-postmaster=MYDOMAIN.com@returns.bulk.yahoo.com>
Received: from n10-vm7.bullet.mail.gq1.yahoo.com (n10-vm7.bullet.mail.gq1.yahoo.com [216.39.62.81]) by mail.MYDOMAIN.com with SMTP
    (version=TLS\Tls
    cipher=Aes256 bits=256);
   Sat, 11 Jul 2015 15:38:25 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cc.yahoo-inc.com; s=fz10; t=1436650703; bh=sfDmFAY4P+K9B9D+c2/NRencijVhzkblp31EEye/bis=; h=To:From:Reply-To:Date:Subject:From:Subject; b=fg3aDvd5cR5IO3ygJ8vH239cWFBDEWCpRfJthcTKRXeut+N32c+SYGlBRgimo4c5eOXP68P2tPn+beOo2aYFDJPOKNSClt4pWFciy41b2cdkhltucJ2beETm9se0voh39jtS4mDJePrSYj4ScDR6ZPxBldcdVSZo6D9ThnPMD88=
Received: from [216.39.60.189] by n10.bullet.mail.gq1.yahoo.com with NNFMP; 11 Jul 2015 21:38:23 -0000
Received: from [10.210.195.112] by t5.bullet.mail.gq1.yahoo.com with NNFMP; 11 Jul 2015 21:38:23 -0000
Received: from [127.0.0.1] by c61.ah.gq1.yahoo.com with NNFMP; 11 Jul 2015 21:38:23 -0000
To: postmaster@MYDOMAIN.com
From: yahoo-account-services-us@cc.yahoo-inc.com
Reply-To: yahoo-account-services-us@cc.yahoo-inc.com
Date: 11 Jul 2015 21:38:23
Sender: yahoo-account-services-us@cc.yahoo-inc.com
X-Yahoo-Newman-Property: abuse
X-Yahoo-Newman-Id: c5.ah.yahoo.com-1436650703
Content-Type: multipart/alternative;     boundary="==MULTIPART_BOUNDARY_6e7a10ecf1b90f41e6bc932e27085ed4"
Subject: Yahoo email verification code
Message-ID: <a58bc7e2077a4d06ae628bda039dd03c@com>
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 0 [value: Unknown], ISpamAssassin 6 [raw: 3], DK_None, DKIM_Pass, Custom Rules []
X-CTCH-RefId: str=0001.0A090205.55A18CD4.008F,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=512
X-SmarterMail-TotalSpamWeight: 16



According to that SPF and DKIM both passed, so I am a bit confused but have a hard time believing that yahoo is failing dmarc on emails the postmaster system is sending out.

 
 

10 Replies

Reply to Thread
1
Setup an account at unlocktheinbox.com and then send an e-mail from the failing domain to mailtest@unlocktheinbox.com
 
Unlocktheinbox.com will run tests on everything and send your results back, giving you a detailed analysis of your configuration and telling you exactly what you need to do to become compliant.
 
Remember to setup FEEDBACK LOOPS for all of your hosted domains, too.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Yes, Yahoo!'s SPF Record is broken, and since they have a restrictive "Reject" DMARC Policy your SmarterMail server is doing precisely what Yahoo! is telling Mail Servers to do.
 
The problem is that their SPF Record is non-compliant. The SPF Record for yahoo.com is a redirect to _spf.mail.yahoo.com. The SPF Record for _spf.mail.yahoo.com is "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all". According to IETF RFC 7208 Section 5.5 PTR mechanisms SHOULD NOT be used in SPF Records. (see http://tools.ietf.org/html/rfc7208#section-5.5). This SPF record results in 0 authorized netblocks and 0 authorized individual IPv4 addresses that could produce a SPF "pass" result.
 
The only way around this would be to either disable DMARC checking or whitelist Yahoo! (either way would result in a significant amount of collateral spam).
 
POST-SCRIPT: As of April 2014 the use of a PTR in a SPF Record is considered deprecated and strongly discouraged for public SPF records, but compliant SPF check_host() implementations are still supposed to support it which apparently SmarterMail (and many others that do SPF Record checks) either no longer do, or timeout before the PTR check is resolved by root DNS servers, resulting in a SPF "soft-fail". (As PTR lookups are slow and produce a heavy burden on root DNS servers this is the reason their use in SPF Records was deprecated in the first place.)
0
Hello,
 
The problem is not just with Yahoo. I have hundreds of rejections per day. Some customers complain about not receiving notifications of transport agencies. 
 
With "DMARC policy violated due a bad DKIM signature.":
dhl.com
yahoo.com
fedex.com
news.decathlon.es
 
Others:
"DMARC policy violated due to DKIM domain ("amazonses.com") not belonging to the same parent domain as the from address field domain ("dropboxmail.com")."
 
 
I'll have to disable DMARC if I find a solution.
What do the rest of SmarterMail customers?
Do not activate DMARC?
Do not listen to user complaints?
 
1
I turned on dmarc months ago based on the recommendation of Bruce Barnes( If you don't know, he is The Man when it comes to SM ), this is the first time I have had an issue with dmarc, the one nice thing is that with the weighting of blacklists, and DKIM failures, etc is on you, but dmarc is TOTALLY on them, they publish a dmarc policy telling you to reject the mail, that provides a lot of cover. I just find it odd that big names would publish dmarc then not follow it.
0
With regard to the question, "Is smartermails DMARC check faulty or is yahoo really failing DMARC on their CFL emails?"   I just checked this issue by sending two e-mail messages:
 
 - one from a YAHOO! test account at chicagonettech@yahoo.com, and 
 - the other from FedEX - for a package delivery.
 
to our ChicagoNetTech.com SmarterMail Enterprise Edition: Version 14.0.5661.20114 server.
 
 
Both were properly received.  Here are the delivery logs and headers:
 
from: chicagonettech@yahoo.com
to: bbarnes@chicagonettech.com
 
Before posting the results, these are my security settings:
 
SRS ENABLED / DMARC CHECKING ENABLED
 
SRS ENABLED / DMARC CHECKING ENABLED
SRS ENABLED / DMARC CHECKING ENABLED
 
Here is the YAHOO.COM! SMTP IN transaction log:
 
[2015.07.14] 12:58:04 [98.138.90.63][45863490] rsp: 220 securemail.chicagonettech.com  Tue, 14 Jul 2015 17:58:04 +0000 UTC | SmarterMail Enterprise 14.0.5661.20114
[2015.07.14] 12:58:04 [98.138.90.63][45863490] connected at 7/14/2015 12:58:04 PM
[2015.07.14] 12:58:04 [98.138.90.63][45863490] cmd: EHLO nm29-vm1.bullet.mail.ne1.yahoo.com
[2015.07.14] 12:58:04 [98.138.90.63][45863490] rsp: 250-securemail.chicagonettech.com Hello [98.138.90.63]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.07.14] 12:58:04 [98.138.90.63][45863490] cmd: STARTTLS
[2015.07.14] 12:58:04 [98.138.90.63][45863490] rsp: 220 Start TLS negotiation[2015.07.14] 12:58:05 [98.138.90.63][45863490] cmd: EHLO nm29-vm1.bullet.mail.ne1.yahoo.com
[2015.07.14] 12:58:05 [98.138.90.63][45863490] rsp: 250-securemail.chicagonettech.com Hello [98.138.90.63]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2015.07.14] 12:58:05 [98.138.90.63][45863490] cmd: MAIL FROM:<chicagonettech@yahoo.com>[2015.07.14] 12:58:06 [98.138.90.63][45863490] rsp: 250 OK <chicagonettech@yahoo.com> Sender ok
[2015.07.14] 12:58:06 [98.138.90.63][45863490] cmd: RCPT TO:<bbarnes@chicagonettech.com>[2015.07.14] 12:58:06 [98.138.90.63][45863490] rsp: 250 OK <bbarnes@chicagonettech.com> Recipient ok
[2015.07.14] 12:58:06 [98.138.90.63][45863490] cmd: DATA
[2015.07.14] 12:58:06 [98.138.90.63][45863490] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2015.07.14] 12:58:07 [98.138.90.63][45863490] rsp: 250 OK
[2015.07.14] 12:58:07 [98.138.90.63][45863490] Data transfer succeeded, writing mail to 98274177.eml
[2015.07.14] 12:58:07 [98.138.90.63][45863490] cmd: QUIT[2015.07.14] 12:58:07 [98.138.90.63][45863490] rsp: 221 Service closing transmission channel
[2015.07.14] 12:58:07 [98.138.90.63][45863490] disconnected at 7/14/2015 12:58:07 PM
 
Here is the YAHOO.COM! DELIVERY transaction log:
[2015.07.14] 12:58:08 [74177] Delivery started for chicagonettech@yahoo.com at 12:58:08 PM
[2015.07.14] 12:58:15 [74177] Spam check results: 
                (formatting added to make readability easier)
 - [_SPF: Pass], 
 - [BARRACUDA - BRBL: passed], 
 - [CBL - ABUSE SEAT - DO NOT USE FOR OUTGOING!: passed], 
 - [HOSTKARMA - BLACKLIST: passed], 
 - [MAILSPIKE Z: passed], 
 - [RFC2 REALTIME LIST: passed], 
 - [SORBS 02 - HTTP: passed], 
 - [SORBS 03 - SOCKS: passed], 
 - [SORBS 05 - SMTP: passed], 
 - [SORBS 08 - BLOCK: passed], 
 - [SORBS 09 - ZOMBIE: passed], 
 - [SORBS 11 - BAD CONFIG: passed], 
 - [SORBS 12 - NOMAIL: passed], 
 - [SORBS 13 - NO SERVER: passed], 
 - [SPAMCOP: passed], 
 - [SPAMHAUS - PBL 1: passed], 
 - [SPAMHAUS - PBL 2: passed], 
 - [SPAMHAUS - SBL 1: passed], 
 - [SPAMHAUS - SBL 2: passed], 
 - [SPAMHAUS - XBL 1: passed], 
 - [SPAMHAUS - XBL 2: passed], 
 - [SPAMHAUS - XBL 3: passed], 
 - [SPAMHAUS - XBL 4: passed], 
 - [SPAMHAUS ZEN: passed], 
 - [SPAMRATS: passed], 
 - [SURRIEL: passed], 
 - [VIRUS RBL - MSRBL: passed], 
 - [_REVERSEDNSLOOKUP: passed], 
 - [_BAYESIANFILTERING: passed], 
 - [_DK: None], 
 - [_DKIM: Pass], 
 - [NOABUSE: passed], 
 - [NOPOSTMASTER: passed], 
 - [SEM-URIBL: passed], 
 - [SORBS 04 - MISC: passed], 
 - [SORBS 06 - RECENT: passed], 
 - [SORBS 07 - WEB: passed], 
 - [SORBS 10 - DYNAMIC IP: passed], 
 - [SURBL - ABUSE BUSTER: passed], 
 - [SURBL - JWSPAMSPY: passed], 
 - [SURBL - MALWARE: passed], 
 - [SURBL - PHISHING: passed], 
 - [SURBL - SA BLACKLIST: passed], 
 - [SURBL - SPAMCOP WEB: passed], 
 - [UCEPROTECT LEVEL 1: passed], 
 - [UCEPROTECT LEVEL 2: passed], 
 - [UCEPROTECT LEVEL 3: passed], 
 - [URIBL - BLACK: passed], 
 - [URIBL - GREY: passed], 
 - [URIBL - MULTI: passed], 
 - [URIBL - RED: passed]

[2015.07.14] 12:58:17 [74177] Starting local delivery to bbarnes@chicagonettech.com
[2015.07.14] 12:58:17 [74177] Delivery for chicagonettech@yahoo.com to bbarnes@chicagonettech.com has completed (Delivered) Filter: None
[2015.07.14] 12:58:17 [74177] End delivery to bbarnes@chicagonettech.com
[2015.07.14] 12:58:17 [74177] Delivery finished for chicagonettech@yahoo.com at 12:58:17 PM    [id:98274177]
 
Here is the YAHOO.COM! | MESSAGE HEADER: from YAHOO.COM to CHICAGONETTECH.COM:
Return-Path: <chicagonettech@yahoo.com>
Received: from nm29-vm1.bullet.mail.ne1.yahoo.com (nm29-vm1.bullet.mail.ne1.yahoo.com [98.138.90.63]) by securemail.chicagonettech.com with SMTP
	(version=TLS\Tls
	cipher=Aes256 bits=256);
   Tue, 14 Jul 2015 12:58:06 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1436896519; bh=rBpgUqIcIaT549ApaHm/0y7mRbHprn4/pNzCcVeZdjY=; h=Date:From:Reply-To:To:Subject:From:Subject; b=X9xxunV/WWHkjj1xffTv3zh+XJRdLCg8ph8iaGUXYVuKiG1Bc3Di1e2vwDUeJSzeuOs0W6sgNcq9o1CCdjh+CjaNIF/dYXEj+XZ8XZcwxYorWaeYVCrHStrrt7AsTHuTL6Nrop+p4bQmGAhv9B43wz8fQXiFJ5xtlt5aTYmfOiDlQrjcbq0NSoWF4yhAhThuF1e+F8hMxEcPZyBj2hQgi5nU8OXJHU+7J7xXweZSaAcmjlqIR8I+vzS357sv+ofOle5w9vpAs1UAOQ1Yh0phzDGtrldBMnfYBfjIUzvuik1dnSLB8v/d0N5FBWStqS9OLgwrsFaU+yNmQaJ4PQ9SmQ==
Received: from [98.138.100.112] by nm29.bullet.mail.ne1.yahoo.com with NNFMP; 14 Jul 2015 17:55:19 -0000
Received: from [98.138.89.195] by tm103.bullet.mail.ne1.yahoo.com with NNFMP; 14 Jul 2015 17:55:19 -0000
Received: from [127.0.0.1] by omp1053.mail.ne1.yahoo.com with NNFMP; 14 Jul 2015 17:55:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 766527.71428.bm@omp1053.mail.ne1.yahoo.com
X-YMail-OSG: VagMG7gVM1mwPt8RB9Ly18QSSU2D0HpZN0DKY0nLkBuvVvkCkK22Z.E_uAlFxLW
 j6iDAyqK63dML_h1HIRyTgP7H60.36uhq2EM4tP3qj81CRo1RasKLr_0ypSg9ebgLNiwgEV7OkiQ
 KnHDGCF6fYBTvFkWzP6yIN.cesIjTM73ENRVQPbWuNdznrVbrFYAn7tz0MRM_STGLMzmb4QVYZjD
 dzy1oN0_ucS302D3q0FlP41IpJK4Hzh3R7zl.BqlHhrnc.MvILqnhitO8NtryHdcAMQYqLQ2q5tO
 gBW4gnYBtCQI4xWsFUsnz62CU8LaRVb3t7HP.4SueVFIuh.XlVa4luSPQib1WtmgXTKps3NkrPbp
 sypv8Ux3_Ex8_to5cUXsSbiRWYBll994ffhhSOMsmu7d2E.bGZYIC_Dxa.9UPdZTc_5t0Oor4YRg
 UmIhuSPP_rS0QgmNH.QCd01jcUOgLu_ohH1C2UX27pTqNQ_IpyBBF45O_Tk5KtmNUGTA-
Received: by 98.138.105.215; Tue, 14 Jul 2015 17:55:19 +0000
Date: Tue, 14 Jul 2015 17:55:18 +0000 (UTC)
From: Bruce Barnes <chicagonettech@yahoo.com>
Reply-To: Bruce Barnes <chicagonettech@yahoo.com>
To: "bbarnes@chicagonettech.com" <bbarnes@chicagonettech.com>
Message-ID: <1243587522.2016926.1436896518730.JavaMail.yahoo@mail.yahoo.com>
Subject: test
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_2016925_708836690.1436896518728"
Content-Length: 2640
X-SmarterMail-Spam: SPF_Pass, DK_None, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0
Message from YAHOO.COM successfully delivered to CHICAGONETTECH.COM with DMARC filtering ENABLED.
 
 
Here is the FEDEX.COM SMTP delivery transaction log:
[2015.07.14] 13:55:36 [204.135.8.93][465358] rsp: 220 securemail.chicagonettech.com  Tue, 14 Jul 2015 18:55:36 +0000 UTC | SmarterMail Enterprise 14.0.5661.20114
[2015.07.14] 13:55:36 [204.135.8.93][465358] connected at 7/14/2015 1:55:36 PM
[2015.07.14] 13:55:36 [204.135.8.93][465358] cmd: EHLO mx23.infosec.fedex.com
[2015.07.14] 13:55:36 [204.135.8.93][465358] rsp: 250-securemail.chicagonettech.com Hello [204.135.8.93]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.07.14] 13:55:36 [204.135.8.93][465358] cmd: STARTTLS
[2015.07.14] 13:55:36 [204.135.8.93][465358] rsp: 220 Start TLS negotiation
[2015.07.14] 13:55:36 [204.135.8.93][465358] cmd: EHLO mx23.infosec.fedex.com
[2015.07.14] 13:55:36 [204.135.8.93][465358] rsp: 250-securemail.chicagonettech.com Hello [204.135.8.93]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2015.07.14] 13:55:36 [204.135.8.93][465358] cmd: MAIL FROM:<prvs=0637f96f9c=bounce@nds.fedex.com> SIZE=4897
[2015.07.14] 13:55:39 [204.135.8.93][465358] rsp: 250 OK <prvs=0637f96f9c=bounce@nds.fedex.com> Sender ok
[2015.07.14] 13:55:39 [204.135.8.93][465358] cmd: RCPT TO:<bbarnes@chicagonettech.com>
[2015.07.14] 13:55:39 [204.135.8.93][465358] rsp: 250 OK <bbarnes@chicagonettech.com> Recipient ok
[2015.07.14] 13:55:39 [204.135.8.93][465358] cmd: DATA
[2015.07.14] 13:55:39 [204.135.8.93][465358] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2015.07.14] 13:55:39 [204.135.8.93][465358] rsp: 250 OK
[2015.07.14] 13:55:39 [204.135.8.93][465358] Data transfer succeeded, writing mail to 98274242.eml
[2015.07.14] 13:55:44 [204.135.8.93][465358] cmd: QUIT
[2015.07.14] 13:55:44 [204.135.8.93][465358] rsp: 221 Service closing transmission channel
[2015.07.14] 13:55:44 [204.135.8.93][465358] disconnected at 7/14/2015 1:55:44 PM
 
Here is the FedEX.com DELIVERY transaction log
[2015.07.14] 13:55:38 [74241] Delivery started for prvs=76379a565b=bounce@nds.fedex.com at 1:55:38 PM
[2015.07.14] 13:55:41 [74242] Delivery started for prvs=0637f96f9c=bounce@nds.fedex.com at 1:55:41 PM
[2015.07.14] 13:55:43 [74241] Spam check results: 
                   {formatting added to readability easier}
 - [_SPF: None], 
 - [BARRACUDA - BRBL: passed], 
 - [CBL - ABUSE SEAT - DO NOT USE FOR OUTGOING!: passed], 
 - [HOSTKARMA - BLACKLIST: passed], 
 - [MAILSPIKE Z: passed], 
 - [RFC2 REALTIME LIST: passed], 
 - [SORBS 02 - HTTP: passed], 
 - [SORBS 03 - SOCKS: passed], 
 - [SORBS 05 - SMTP: passed], 
 - [SORBS 08 - BLOCK: passed], 
 - [SORBS 09 - ZOMBIE: passed], 
 - [SORBS 11 - BAD CONFIG: passed], 
 - [SORBS 12 - NOMAIL: passed], 
 - [SORBS 13 - NO SERVER: passed], 
 - [SPAMCOP: passed], 
 - [SPAMHAUS - PBL 1: passed], 
 - [SPAMHAUS - PBL 2: passed], 
 - [SPAMHAUS - SBL 1: passed], 
 - [SPAMHAUS - SBL 2: passed], 
 - [SPAMHAUS - XBL 1: passed], 
 - [SPAMHAUS - XBL 2: passed], 
 - [SPAMHAUS - XBL 3: passed], 
 - [SPAMHAUS - XBL 4: passed], 
 - [SPAMHAUS ZEN: passed], 
 - [SPAMRATS: passed], 
 - [SURRIEL: passed], 
 - [VIRUS RBL - MSRBL: passed], 
 - [_REVERSEDNSLOOKUP: passed], 
 - [_BAYESIANFILTERING: passed], 
 - [_DK: None], [_DKIM: Pass], 
 - [NOABUSE: passed], 
 - [NOPOSTMASTER: passed], 
 - [SEM-URIBL: passed], 
 - [SORBS 04 - MISC: passed], 
 - [SORBS 06 - RECENT: passed], 
 - [SORBS 07 - WEB: passed], 
 - [SORBS 10 - DYNAMIC IP: passed], 
 - [SURBL - ABUSE BUSTER: passed], 
 - [SURBL - JWSPAMSPY: passed], 
 - [SURBL - MALWARE: passed], 
 - [SURBL - PHISHING: passed], 
 - [SURBL - SA BLACKLIST: passed], 
 - [SURBL - SPAMCOP WEB: passed], 
 - [UCEPROTECT LEVEL 1: passed], 
 - [UCEPROTECT LEVEL 2: passed], 
 - [UCEPROTECT LEVEL 3: passed], 
 - [URIBL - BLACK: passed], 
 - [URIBL - GREY: passed], 
 - [URIBL - MULTI: passed], 
 - [URIBL - RED: passed]

[2015.07.14] 13:55:44 [74243] Delivery started for prvs=16373cf35a=bounce@nds.fedex.com at 1:55:44 PM
[2015.07.14] 13:55:44 [74241] Starting local delivery to bbarnes@chicagonettech.com
[2015.07.14] 13:55:44 [74241] Delivery for prvs=76379a565b=bounce@nds.fedex.com to bbarnes@chicagonettech.com has completed (Delivered) Filter: None
[2015.07.14] 13:55:44 [74241] End delivery to bbarnes@chicagonettech.com
[2015.07.14] 13:55:44 [74241] Delivery finished for prvs=76379a565b=bounce@nds.fedex.com at 1:55:44 PM	[id:98274241]
 
Here is the FEDEX.COM | MESSAGE HEADER: from FEDEX.COM to CHICAGONETTECH.COM:
 
Return-Path: <prvs=76379a565b=bounce@nds.fedex.com>
Received: from mx34.infosec.fedex.com (pvma00050.prod.fedex.com [199.81.212.190]) by securemail.chicagonettech.com with SMTP
	(version=TLS\Tls
	cipher=Aes256 bits=256);
   Tue, 14 Jul 2015 13:55:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; d=fedex.com; s=wtc; c=relaxed/relaxed;
	q=dns/txt; i=@fedex.com; t=1436899227; x=1437504027;
	h=From:Sender:Reply-To:Subject:Date:Message-ID:To;
	bh=nLVC+O6fjiApRRDsSZsGaDNNZ8JjR4VqgSJW8jzNdVg=;
	b=s2tameQ/R3Mz7wHxiJA81En87Cw2Z2KLYQKeEIrqHpMoWvOQhVUbNtKfQmaB7rmf
	bCAT/TPkyKAeAs4OVEngauYAE7Y1ky7xxhJtzTLqkgxLXxBeePVgfVHSzD5DV2cT
	R/FYbrGgEFPoLogKZOq4uywBT8m5eFtyGqt8fN3HsOk=;
X-AuditID: c751d4be-f791a6d00000072f-b6-55a5579a5318
Received: from prh00393.prod.fedex.com (prh00393.prod.fedex.com [199.81.10.49])
	(using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx34.infosec.fedex.com (FedEx MX) with SMTP id 09.98.01839.A9755A55; Tue, 14 Jul 2015 13:40:27 -0500 (CDT)
To: undisclosed-recipients:;
Received: from pje33304.sac.fedex.com (pje33304.sac.fedex.com [204.135.237.140])
	by prh00393.prod.fedex.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.2.0) with ESMTP id t6EIePxn000499
	for <bbarnes@chicagonettech.com>; Tue, 14 Jul 2015 13:40:26 -0500
Received: from pje33304.sac.fedex.com (localhost.localdomain [127.0.0.1])
	by pje33304.sac.fedex.com (8.13.8/8.13.8) with ESMTP id t6EIeD2F027016
	for <bbarnes@chicagonettech.com>; Tue, 14 Jul 2015 18:40:25 GMT
Date: Tue, 14 Jul 2015 13:40:25 -0500 (CDT)
From: trackingupdates@fedex.com
Reply-To: donotreply@fedex.com
Message-ID: <307283675.214221436899225658.JavaMail.nds@pje33304.sac.fedex.com>
Subject: Online FedEx Tracking - 780975723992
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_21422_307280971.1436899225658"
X-Priority: 3
X-FX-NDS-ID: ZPfeiBb8zMnJMsPyh/kxn3f1LR0MgYReepHiy737AsTQemQ1QcXj4A==
X-FX-NDS-MSG-POS: t3PMvj8ykslkGim8WXulpOv5sWAYVehoKxhq//IGqrsGSAcf/tayIaZtRJKBSaaQ0HpkNUHF4+A=
X-FX-NDS-MSG-ID: B5nLas0Y53gqSjP1TgzlpQ==
X-FX-NDS-ORIGIN: uQ5cfBbuF7k=
X-FX-NDS-RG-LG-ENV: UzL99LvXCAM=
X-FX-NDS-LEVEL-ENV: Da/9DNNUC/0=
X-Brightmail-Tracker: H4sIAAAAAAAAA11TbUxbZRTmbW/hUvrKpRR66MYg1Ul0gblBHHELbvEjwDLHRsoSVPACl7ah
	H6S3ILAfAqJM8AOB6AZjbEIJ4gZThIFGhM45hhuWQGZgrEEYC5KMYRxENyXe29tC2b+T53nP
	c57z8ZJi+U9SFak3WRmLiTaofaXE1SPSXdGNx2ya52bWUHxz7WViP0r8z9Hkm4LSA/Zl0dbC
	VL3WtDPhrQDd9K1xv/xR/6Iy55ioFC34VSF/Eqg4uDz1LSHEoeBwdvlWISkpp1pFUHP7GuIJ
	BbUVmhrnJAKxiqCnpcqVIacmEPRNF1YhkiSoHdDU8wYP+1IR8NmVs77Ck23w4ciEiI8x9Rqc
	W+iT8HEwFQ0dvV8iAQ+Ca6fuuCTFlAZOXep0m8NwsnLebe4VGPj0c4kQZ8DoQIv7zTPQMnYC
	CXE4tF08JxLiSJicbJJ44kerD/xqkKLBq1yDV7kGrgMxFQVdZ+QCHAGX7p0Wn0VEBwo1FsXG
	xehNuWaWyY7JZXKYophss/Eb5Br/xEAf6q4+YEcUidQy/Ochm0YuoQvZYqMdaUmRWoWjtuk0
	8uAsc06xjmZ1mWxBllHPsnqzSR2C30nlnj+xzlkKDAyrVuDkZA7G63BWgSGPEzKm2byFTMzb
	rIGxcrdgR0CKuTRHIp+WQxeXMBazIGZHW0hCrcQ/hHMUpaWtTB7D5DMWD8uSpDocIx8fH3mo
	hdEyRbl6A6fo7RLw/H4uOcibFowqcQbPUN6My2s4bsts1WxW9LYrIv15z1KVgmVMOYyFLrBy
	XXLHmsly12pH2aRMHSa4krP5tJFDvR0p8HF+FNhDCW6CcUgSh8o8qMtJGG7UcOC6yoaLEVSJ
	yJnmyQsisn3IeUEkJ0xmE6Paiu/zww/hE3QFps2zUCmx8iDfsRfrKq4KxborXMeBXgRfn5Mb
	rG3dLLdhwfOBF1GliLsewBV86SDufz/WcDD257uQuRmhXzmW8tMPcIOudgG/m+QlsVFqtw2R
	iJojwH63mYAvPlqVwMnvuiiYuF+vhIm65TCYe1QRCd1rDjWc7rv3FLT/27Mdhj7+OQraRxaj
	YPi3P+Jg7eb7e+BEeUU8rIwsxcP52ea98OOy8yU4M9X9MiwvfpUEDX91J8PUrzPJ4BwcOAJ/
	l/YehfLeulSuxsU0aLd9fwz636tPh4WZ4Tfh+q2aTPhnrDMTVqb7aN4GvcjtXrSxeyv9+CgU
	+GvXlXsoz+5vJ7p270bdu/890bV7N7gxDVUpOrCU8rB4p/LFvI6lLWVwNbBldt+NtNqFBzfK
	/Tv3ZuxJCBudDbnbP+N4+GS98bD26UOyT3ZI05eznPMHK6vGh4Zl5YG7b26P/qUVH24jnq+W
	1/WXhcaWJMQaiRQ4H1v2qiM9orrEt7FksGz8dVv80eOGhQ+0153ylrnOOy+EFK1ERqsJVkfv
	elZsYen/AcCP8J7XBQAA
X-Rcpt-To: <bbarnes@chicagonettech.com>
X-SmarterMail-Spam: SPF_None, DK_None, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0
 
Message from FEDEX.COM successfully delivered to CHICAGONETTECH.COM with DMARC filtering ENABLED.
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce, could you try the yahoo CFL application? 
I think it may be specific to that system and failing dmarc domain alignment and not the generall yahoo.com domain.
0
In as much as I was already setup with Yahoo's CFL, I had not tried this until suggested by David Marggard.
 
Based on the failure, in the logs below, this appears specific to YAHOO CFL, caused by an issue with how they have FORWARDERS setup for YAHOO's CFL, and not a SmarterMail issue:
 
IE: they are sending from POSTMASTER@CHICAGONETTECH.COM via YAHOO.COM and using
 
"abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwheydqnjxha-postmaster=chicagonettech.com@returns.bulk.yahoo.com" as a return address for the forwarder.
[2015.07.14] 16:16:22 [216.39.62.81][4007995] rsp: 220 securemail.chicagonettech.com  Tue, 14 Jul 2015 21:16:22 +0000 UTC | SmarterMail Enterprise 14.0.5661.20114
[2015.07.14] 16:16:22 [216.39.62.81][4007995] connected at 7/14/2015 4:16:22 PM
[2015.07.14] 16:16:22 [216.39.62.81][4007995] cmd: EHLO n10-vm7.bullet.mail.gq1.yahoo.com
[2015.07.14] 16:16:22 [216.39.62.81][4007995] rsp: 250-securemail.chicagonettech.com Hello [216.39.62.81]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.07.14] 16:16:22 [216.39.62.81][4007995] cmd: STARTTLS
[2015.07.14] 16:16:22 [216.39.62.81][4007995] rsp: 220 Start TLS negotiation
[2015.07.14] 16:16:22 [216.39.62.81][4007995] cmd: EHLO n10-vm7.bullet.mail.gq1.yahoo.com
[2015.07.14] 16:16:22 [216.39.62.81][4007995] rsp: 250-securemail.chicagonettech.com Hello [216.39.62.81]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2015.07.14] 16:16:22 [216.39.62.81][4007995] cmd: MAIL FROM:<abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwheydqnjxha-postmaster=chicagonettech.com@returns.bulk.yahoo.com>
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 250 OK <abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwheydqnjxha-postmaster=chicagonettech.com@returns.bulk.yahoo.com> Sender ok
[2015.07.14] 16:16:31 [216.39.62.81][4007995] cmd: RCPT TO:<postmaster@chicagonettech.com>
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 250 OK <postmaster@chicagonettech.com> Recipient ok
[2015.07.14] 16:16:31 [216.39.62.81][4007995] cmd: DATA
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 550 Message rejected due to senders DMARC policy
[2015.07.14] 16:16:31 [216.39.62.81][4007995] A trace of the DMARC processing follows.
[2015.07.14] 16:16:31 [216.39.62.81][4007995] Beginning DMARC check for abuse.mm2s4ylifz4wc2dpn4xgg33nfuytimzwheydqnjxha-postmaster=chicagonettech.com@returns.bulk.yahoo.com from IP 216.39.62.81...
[2015.07.14] 16:16:31 [216.39.62.81][4007995] The from field for the message is "yahoo-account-services-us@cc.yahoo-inc.com".  Will look for DMARC policy record at _dmarc.cc.yahoo-inc.com
[2015.07.14] 16:16:31 [216.39.62.81][4007995] Retrieved the following DMARC policy record for "cc.yahoo-inc.com": v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-rua@yahoo-inc.com;
[2015.07.14] 16:16:31 [216.39.62.81][4007995] DMARC policy violated due a bad DKIM signature.
[2015.07.14] 16:16:31 [216.39.62.81][4007995] Data transfer succeeded but message rejected by DMARC
[2015.07.14] 16:16:31 [216.39.62.81][4007995] cmd: RSET
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 250 OK
[2015.07.14] 16:16:31 [216.39.62.81][4007995] cmd: QUIT
[2015.07.14] 16:16:31 [216.39.62.81][4007995] rsp: 221 Service closing transmission channel
[2015.07.14] 16:16:31 [216.39.62.81][4007995] disconnected at 7/14/2015 4:16:31 PM
Here's YAHOO's DMARC record:
 
	v=DMARC1; p=reject; sp=none; pct=100; rua=mailto:dmarc-yahoo-rua@yahoo-inc.com, mailto:dmarc_y_rua@yahoo.com;
 
Looks like a screwup on YAHOO'S end and I'm not about to change, or disable, my DMARC settings for the fact that their CLF application fails when their regular e-mail works just fine [per my previous posting]
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks Bruce, excellent as always, glad I'm not crazy.

Miguel:  If your don't have this issues with other mail servers then likely dmarc isn't being used/enforced on those servers
1
 
 
Interesting to read, dropbox's response to the issue is to tell people to simply whitelist all mail purporting to come from those 2 domains.  They opt to publish a dmarc policy record, they then choose to violate their own policy, and instead of fixing their stuff to be dmarc compliant, or removing their dmarc record, they simply demand mail admins to whitelist around the problem they made.
0
Sadly as an update I have to report Yahoos FBL system is still severely broken in regards to DMARC, I am having to temporarily disable DMARC which is highly ironic since FBLs are supposed to help prevent/detect spam and it requires disabling DMARC which also is supposed to help prevent/detect spam 

Reply to Thread