Disable SPF DKIM and DMRAC

Revision as of 07:22, 10 November 2022 by Rnoti (talk | contribs) (→‎Solution)

Disable SPF, DKIM, and DMARC validation


   KB 24484        Last updated on 2022-11-10  




0.00
(0 votes)

Problem

Disable SPF, DKIM, and DMARC validation of incoming messages.

Note: Disabling SPF, DKIM, and DMARC validation is not best practice because these records helps to identify spam messages.

Solution

Step 1: Disable SPF records validation. A. Disable SPF validation at CBPolicyd level, if CBPolicyd enabled. zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled FALSE

Note: To get existing value run "zmprov -l gs `zmhostname` zimbraCBPolicydCheckSPFEnabled"

B. Disable SPF checking at SpamAssassin level by modifying "/opt/zimbra/data/spamassassin/localrules/init.pre", open this file and comment "loadplugin Mail::SpamAssassin::Plugin::SPF". # loadplugin Mail::SpamAssassin::Plugin::SPF


Step 2: Disable DKIM records validation. A. Disable DKIM validation at Amavis level. zmprov ms `zmhostname` zimbraAmavisEnableDKIMVerification FALSE

Note: To get existing value run "zmprov -l gs `zmhostname` zimbraAmavisEnableDKIMVerification"

B. Disable DKIM validation at SpamAssassin level by modifying "/opt/zimbra/data/spamassassin/localrules/v312.pre", open this file and comment "loadplugin Mail::SpamAssassin::Plugin::DKIM" # loadplugin Mail::SpamAssassin::Plugin::DKIM


Step 3: Disable DMARC validation. Nothing to do for DMRAC, it will not function when SPF, DKIM disabled.

Step 4: Restart MTA services. zmamavisdctl restart zmmtactl restart

Step 5: Verification, to confirm the same, check "X-Spam-Status:" in the show original of received emails. Must not display any tags related to SPF, DKIM, and DMARC.

Header when SPF, DKIM validation done. X-Spam-Status: No, score=1.467 required=6.6 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RDNS_NONE=1.274, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01]

Header when SPF, DKIM validation not done. X-Spam-Status: No, score=1.265 required=6.6 tests=[HTML_MESSAGE=0.001, RDNS_NONE=1.274, T_SCC_BODY_TEXT_LINE=-0.01]

Note:

Customizations may not forward with updates/upgrades, so document these changes, and validate post update/upgrade ptache/zcs.

Submitted by: Raghu Noti
Verified Against: ZCS 8.8.15, ZCS 9.0 Date Created: 2022-11-10
Article ID: https://wiki.zimbra.com/index.php?title=Disable_SPF_DKIM_and_DMRAC Date Modified: 2022-11-10



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search