Disable SPF DKIM and DMRAC: Difference between revisions

Line 5: Line 5:
__FORCETOC__
__FORCETOC__
====Problem====
====Problem====
Disable SPF, DKIM, and DMARC validation of incoming messages.
Disable SPF, DKIM, and DMARC validation of incoming messages.
'''Note:''' Disabling SPF, DKIM, and DMARC validation is not best practice because these records helps to identify spam messages.
'''Note:''' Disabling SPF, DKIM, and DMARC validation is not best practice because these records helps to identify spam messages.


====Solution====
====Solution====

Revision as of 08:17, 10 November 2022

Disable SPF, DKIM, and DMARC validation


   KB 24484        Last updated on 2022-11-10  




0.00
(0 votes)

Problem

Disable SPF, DKIM, and DMARC validation of incoming messages. Note: Disabling SPF, DKIM, and DMARC validation is not best practice because these records helps to identify spam messages.

Solution

Step 1:

  • Disable SPF records validation.
A. Disable SPF validation at CBPolicyd level, if CBPolicyd enabled.
zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled FALSE
Note: To get existing value run zmprov -l gs `zmhostname` zimbraCBPolicydCheckSPFEnabled
B. Disable SPF checking at SpamAssassin level by modifying /opt/zimbra/data/spamassassin/localrules/init.pre, open this file and comment loadplugin Mail::SpamAssassin::Plugin::SPF.
# loadplugin Mail::SpamAssassin::Plugin::SPF

Step 2:

  • Disable DKIM records validation.
A. Disable DKIM validation at Amavis level.
zmprov ms `zmhostname` zimbraAmavisEnableDKIMVerification  FALSE
Note: To get existing value run zmprov -l gs `zmhostname` zimbraAmavisEnableDKIMVerification
B. Disable DKIM validation at SpamAssassin level by modifying /opt/zimbra/data/spamassassin/localrules/v312.pre, open this file and comment loadplugin Mail::SpamAssassin::Plugin::DKIM
# loadplugin Mail::SpamAssassin::Plugin::DKIM

Step 3:

  • Disable DMARC validation. Nothing to do for DMRAC, it will not function when SPF, DKIM disabled.


Step 4:

  • Restart MTA services.
zmamavisdctl restart
zmmtactl restart

Step 5:

  • Verification, to confirm the same, check "X-Spam-Status:" in the show original of received emails. Must not display any tags related to SPF, DKIM, and DMARC.
  • Header when SPF, DKIM validation done.
X-Spam-Status: No, score=1.467 required=6.6 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RDNS_NONE=1.274, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01]
  • Header when SPF, DKIM validation not done.
X-Spam-Status: No, score=1.265 required=6.6 tests=[HTML_MESSAGE=0.001, RDNS_NONE=1.274, T_SCC_BODY_TEXT_LINE=-0.01]
Note:
  • Customizations may not forward with updates/upgrades, so document these changes, and validate post update/upgrade ptache/zcs.
Submitted by: Raghu Noti
Verified Against: ZCS 8.8.15, ZCS 9.0 Date Created: 2022-11-10
Article ID: https://wiki.zimbra.com/index.php?title=Disable_SPF_DKIM_and_DMRAC Date Modified: 2022-11-10



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search