This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM not signing NDR from internal servers

Hi,

I have recently configured DMARC and DKIM on our XG450 Units (18.0.1 MR-1-Build396), currently no policy is being applied while I monitor results.

I have noticed most, if not all, of the responses to failure reports are NDR's generated by our internal exchange servers. It appears that the XG is passing these emails without applying the DKIM signature.

Exchange has a rule configured to "reject the message and include the explanation 'User Account is disabled' with the status code: '5.7.1'"

Examining the header information of the copy of the email returned in the failure report shows other Sophos header information but no sign of DKIM, normal email sent are working as expected.

Please let me know if you require examples or any log content to identify the cause.

This thread was automatically locked due to age.

Parents

0 André Kufner over 4 years ago

I have the same problem. I think the reason is that NDR and OOF are delivered by exchange without a sender so that sophos xg (exim) is not able to apply the DKIM-Signing.

However, I does not know how to solve it...

We already are listed to the backscatter blacklist because of that issue.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 André Kufner over 4 years ago

I have the same problem. I think the reason is that NDR and OOF are delivered by exchange without a sender so that sophos xg (exim) is not able to apply the DKIM-Signing.

However, I does not know how to solve it...

We already are listed to the backscatter blacklist because of that issue.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 IT Services17 over 4 years ago in reply to André Kufner

Having a blank sender on a NDR is a requirement of RFC 2821, section 3.7, so I don't think this should be "fixed", I am still waiting on a response to my Support Case.
Cancel
Vote Up 0 Vote Down

Cancel