Attachment blocking with spoofed addresses and DMARC
Benny Pedersen
me at junc.eu
Fri Apr 15 13:59:13 CEST 2016
On 2016-04-15 01:27, Quanah Gibson-Mount wrote:
> A customer who has set up DKIM + SPF notes a spammer tactic where they
> set the TO and FROM to be the same value. I.e.,:
>
> To: user at domain.com
> From: user at domain.com
>
> With an attachment type that has been set up to be blocked. Even
> though the message clearly fails DMARC and thus will be flagged as
> Junk in our setup (SA scores DMARC failure with a large negative
> score), the user ends up getting a notification for every one of these
> emails. Is there any way to get Amavis to NOT send a notice to the
> user if the SA score is above the SPAM threshold?
why accept dmarc fail ?
i just reject it in opendmarc
but since you use amavisd it could possible be solved by create a new
policybank for dkim fails, and set policy in that back for dkim fails,
its long time since i used amavisd here so dont know much about it
if you want to make it with dmarc then amavisd need dmarc handling with
it does not currently, but dkim is handled in amavisd
More information about the amavis-users
mailing list