2
DMARC failures show exceptions in the SMTP log
Problem reported by Fred Needham - 11/26/2018 at 8:24 AM
Submitted
I installed 15.7.6885 recently and notice some new exception in the SMTP logs.  After an email is rejected for failing DMARC, Smartermail logs several exceptions.  I do use Declude, so the .hdr file is in the proc directory.
The first line in the .hdr file is 'Failed'.  Smartermail works as expected, so this issue does not affect production; however, it does look odd.  An example follows:

[2018.11.25] 03:09:53 [194.186.20.62][59577554] rsp: 220 mail.netsential.com Sun, 25 Nov 2018 09:09:53 +0000 UTC
[2018.11.25] 03:09:53 [194.186.20.62][59577554] connected at 11/25/2018 3:09:53 AM
[2018.11.25] 03:09:54 [194.186.20.62][59577554] cmd: EHLO 1stnationalbank.com
[2018.11.25] 03:09:54 [194.186.20.62][59577554] rsp: 250-mail.netsential.com Hello [194.186.20.62]250-SIZE 178257920250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2018.11.25] 03:09:54 [194.186.20.62][59577554] cmd: MAIL FROM:
[2018.11.25] 03:09:54 [194.186.20.62][59577554] rsp: 250 OK Sender ok
[2018.11.25] 03:09:54 [194.186.20.62][59577554] cmd: RCPT TO:
[2018.11.25] 03:09:54 [194.186.20.62][59577554] rsp: 250 OK Recipient ok
[2018.11.25] 03:09:55 [194.186.20.62][59577554] cmd: DATA
[2018.11.25] 03:09:55 [194.186.20.62][59577554] Performing PTR host name lookup for 194.186.20.62
[2018.11.25] 03:09:55 [194.186.20.62][59577554] PTR host name for 194.186.20.62 resolved as UnknownHost
[2018.11.25] 03:09:55 [194.186.20.62][59577554] rsp: 354 Start mail input; end with .
[2018.11.25] 03:09:58 [194.186.20.62][59577554] rsp: 550 Message rejected due to senders DMARC policy
[2018.11.25] 03:09:58 [194.186.20.62][59577554] A trace of the DMARC processing follows.
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Beginning DMARC check for LarsForddibzh@1stnationalbank.com from IP 194.186.20.62...
[2018.11.25] 03:09:58 [194.186.20.62][59577554] The from field for the message is ""Alma" ".  Will look for DMARC policy record at _dmarc.1stnationalbank.com
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Retrieved the following DMARC policy record for "1stnationalbank.com": v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
[2018.11.25] 03:09:58 [194.186.20.62][59577554] DMARC: SPF failure.
[2018.11.25] 03:09:58 [194.186.20.62][59577554] DMARC: Bad DKIM signature.
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Received message size: 1956 bytes
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Could not write HDR file, trying again in 250ms. Exception: The HDR file did not have 'Written' contained in the first line
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Could not write HDR file, trying again in 250ms. Exception: The HDR file did not have 'Written' contained in the first line
[2018.11.25] 03:09:58 [194.186.20.62][59577554] Could not write HDR file, trying again in 250ms. Exception: The HDR file did not have 'Written' contained in the first line
[2018.11.25] 03:09:59 [194.186.20.62][59577554] Could not write HDR file, trying again in 250ms. Exception: The HDR file did not have 'Written' contained in the first line
[2018.11.25] 03:09:59 [194.186.20.62][59577554] Could not write HDR file, trying again in 250ms. Exception: The HDR file did not have 'Written' contained in the first line
[2018.11.25] 03:09:59 [194.186.20.62][59577554] Exception: The HDR file did not have 'Written' contained in the first line

[2018.11.25] 03:09:59 [194.186.20.62][59577554] disconnected at 11/25/2018 3:09:59 AM



Reply to Thread