A customer recently migrated their email security solution to LibraESVA. Since when I upgraded the Zimbra server I noticed our mails to the customer were wrongly reported as spam messages, but I was pretty sure our servers were well configured for being trusted.
A quick search showed SpamAssassin was failing DMARC test, this probably (I don’t know exactly how it works, unfortunately) LibraESVA is tampering with the email header.
To solve create (or update) file /opt/zimbra/data/spamassassin/localrules/sauser.cf and add the following lines:
score DMARC_FAIL_QUAR 0.1
score DMARC_FAIL_REJECT 0.1
score DMARC_FAIL_NONE 0.1
This will downvote failed DMARC checks and let your mails pass in (after you restart Zimbra’s amavisdctl).
I don’t know if there’s a setting in LE to avoid this… In the meantime you can enjoy this workaround.