Guest

Preview Tool

Cisco Bug: CSCvv43997 - DMARC aligment can sometimes fail if more than 5 DKIM signatures exist

Last Modified

Aug 28, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

11.0.3-252

Description (partial)

Symptom:
sometimes, DMARC fails to align when more than one valid dkim signature is present.
mail log example
DMARC: Message from domain example.com, DMARC pass (SPF aligned True, DKIM aligned False)
email containing multiple signatures:  email contains two valid DKIM-Signature: d=hosting_domain.com ; and DKIM-Signature: d=example.com;  One one of the DKIM headers aligns with the from Header. The ESA evaluates both, but does always chose to use the one that aligns to the FROM header. in the instances that it does not, DMARC fails, and a policy of reject will activate.

Conditions:
receiving and performing DMARC check
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.