DKIM issue when marking email as spam [SOLVED]

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
chris_60
Posts: 25
Joined: Wed Mar 10, 2021 3:35 pm
Location: Ubuntu 18.04.5 LTS
ZCS/ZD Version: 9.0.0.ZEXTRAS.202007114.UBUNTU18.64

DKIM issue when marking email as spam [SOLVED]

Post by chris_60 »

OS: Ubuntu 18.04.5 LTS
Zimbra: Release 9.0.0.ZEXTRAS.202007114.UBUNTU18.64 UBUNTU18_64 FOSS edition, Patch 9.0.0_P13.

I have DKIM configured and working fine for both on and off domain emails. However, when a user marks an email as spam, zimbra.log says:

Code: Select all

Apr 15 08:46:18 litterae-unus postfix/cleanup[23149]: A2C12221AE2: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.0 no DKIM signature data; from=<> to=<spam.1fhs44vaa@foundations.edu> proto=ESMTP helo=<localhost>
Apr 15 08:46:18 litterae-unus amavis[14792]: (14792-03) Negative SMTP response to data-dot (<spam.1fhs44vaa@foundations.edu>): 550 5.7.0 no DKIM signature data, dt: 91.2 ms
Apr 15 08:46:18 litterae-unus amavis[14792]: (14792-03) (!)I0m8TNz9boiB FWD from <> -> <spam.1fhs44vaa@foundations.edu>, BODY=7BIT 550 5.7.0 from MTA(smtp:[127.0.0.1]:10030): 550 5.7.0 no DKIM signature data
Apr 15 08:46:18 litterae-unus postfix/smtp[23159]: 77E31221A8A: to=<spam.1fhs44vaa@foundations.edu>, relay=127.0.0.1[127.0.0.1]:10026, delay=2.3, delays=2/0/0/0.23, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.7.0 id=14792-03 - Rejected by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10030): 550 5.7.0 no DKIM signature data (in reply to end of DATA command))
I cannot seem to find any help searching on this variation of DKIM issue.

I have verified that the local dnscache is able to resolve addresses and the DKIM key for this domain:

Code: Select all

$ host -t txt mail._domainkey.foundations.edu. 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

mail._domainkey.foundations.edu descriptive text "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/g/6o3LGI9zayKVnPGbEtoW31GEjIDz+x2ioYZD/C2g7pVzzBM1WhrU13yMrW3tbJqG4IFncmVFy7q8bRWuUv0reSfZLKxzigZjB6l1GERepmmwB2OQtrPLW8gPYXKZ7tu2GhB5P1io4lXgIRv/omph5GJ68i63NZVd1bZKQepcigS9MP6qgl8JoC8A7trZR" "z0MB9VmjxoH3DAzobFXpNzdYGL7QYdweq7+NC2g3+hEq3+tehrLUyFSgomm7TaZ/WE7EO4ZQotmb1mWOCrMbKnZ8xvP8Ai0EUqZZwKTVwEvDwHbzrlVbHVQlwpzsabFsFQhHigtU+qm2ZPA4HVk3wIDAQAB"
localhost is noted in /opt/zimbra/conf/opendkim-localnets.conf

Code: Select all

$ cat /opt/zimbra/conf/opendkim-localnets.conf
127.0.0.0/8
[::1]/128
204.131.191.80/28
127.0.0.1
Is there somewhere else I should be looking?

Kind regards,
Chris
Last edited by chris_60 on Thu Apr 15, 2021 6:29 pm, edited 1 time in total.
chris_60
Posts: 25
Joined: Wed Mar 10, 2021 3:35 pm
Location: Ubuntu 18.04.5 LTS
ZCS/ZD Version: 9.0.0.ZEXTRAS.202007114.UBUNTU18.64

Re: DKIM issue when marking email as spam

Post by chris_60 »

Looking at this line:

Code: Select all

Apr 15 08:46:18 litterae-unus postfix/cleanup[23149]: A2C12221AE2: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.0 no DKIM signature data; from=<> to=<spam.1fhs44vaa@foundations.edu> proto=ESMTP helo=<localhost>
It appears that Zimbra is not providing a "from" address. I wonder if that is causing dkim signing to fail since there is no domain indicated?
chris_60
Posts: 25
Joined: Wed Mar 10, 2021 3:35 pm
Location: Ubuntu 18.04.5 LTS
ZCS/ZD Version: 9.0.0.ZEXTRAS.202007114.UBUNTU18.64

Re: DKIM issue when marking email as spam [SOLVED]

Post by chris_60 »

My previous post was on track. Here is the fix for this problem as it existed on my system. Hopefully someone else can benefit by it.

The problem was that zimbraSpamReportEnvelopeFrom defaults to <>.

Code: Select all

$ zmprov gacf | grep zimbraSpamReportEnvelopeFrom
zimbraSpamReportEnvelopeFrom: <>
Doing:

Code: Select all

$ zmprov mcf zimbraSpamReportEnvelopeFrom admin@company.tld
set the "from" address on mail forwarded to the spam account:

Code: Select all

$ zmprov gacf | grep zimbraSpamReportEnvelopeFrom
zimbraSpamReportEnvelopeFrom: admin@company.tld
causing opendkim to sign the email and amavis to accept it.

Problem solved.
chris_60
Posts: 25
Joined: Wed Mar 10, 2021 3:35 pm
Location: Ubuntu 18.04.5 LTS
ZCS/ZD Version: 9.0.0.ZEXTRAS.202007114.UBUNTU18.64

Re: DKIM issue when marking email as spam [SOLVED]

Post by chris_60 »

One further followup thought:

This system is running rspamd rather than SA.

I'm not sure if this change may cause the domain 'company.tld' to be factored into the spam learning process resulting in false positives or not.

Maybe someone else does. If I find it does, I will post back to this thread.
Post Reply