amavis-dkim: How to discard mail with no or invalid signature
A. Schulze
sca at andreasschulze.de
Tue Jan 12 17:59:07 CET 2016
Am 12.01.2016 um 15:03 schrieb Gerhard Rappenecker:
> I'd like to discard, reject or quarantine mails from a specific domain, but only if they have no or no valid DKIM signature.
it's your policy but usually it's wrong to reject on no or no valid DKIM signature ¹)
You want DMARC but DMARC validation is not implemented in amavisd-new
we run a pipeline of milters here:
- smf-spf milter for SPF validation
- opendkim for DKIM validation
- opendmarc to inspect SPF+DKIM result and apply a policy
- amavisd-milter for content inspection
Andreas
¹) https://tools.ietf.org/html/rfc6376#section-6.1:
... a Verifier SHOULD NOT treat a message that has one or more
bad signatures and no good signatures differently from a message with
no signature at all.
More information about the amavis-users
mailing list