Antw: Re: amavis-dkim: How to discard mail with no or invalid signature

Gerhard Rappenecker G.Rappenecker at hs-offenburg.de
Wed Jan 13 12:01:52 CET 2016


Hi Andreas,

thnaks for your answer. I agree with you. That's not a usual policy.

My intention is, to reject mail from outside with a faked sender adress
of our own domain. In the past we were attacked by such mails to our
mailinglists.
So if I ensure that all mails originating from our domain have a valid
DKIM signature it should be easy to identify and reject mails with our
sender domain and with no or invalid DKIM signature.

I'd like to achieve this aim without DMARC because I want to use
amavisd-new installed in our SuSE linux.
Is there any way do do this without DMARC?

Best regards
Gerhard


>>> "A. Schulze" <sca at andreasschulze.de> schrieb am Dienstag, 12.
Januar 2016 um
17:59 in Nachricht <569530DB.10606 at andreasschulze.de>:

> 
> Am 12.01.2016 um 15:03 schrieb Gerhard Rappenecker:
>> I'd like to discard, reject or quarantine mails from a specific
domain, but 
> only if they have no or no valid DKIM signature.
> 
> it's your policy but usually it's wrong to reject on no or no valid
DKIM 
> signature ¹)
> You want DMARC but DMARC validation is not implemented in
amavisd-new
> 
> we run a pipeline of milters here:
>   - smf-spf milter for SPF validation
>   - opendkim for DKIM validation
>   - opendmarc to inspect SPF+DKIM result and apply a policy
>   - amavisd-milter for content inspection
> 
> Andreas
> 
> ¹) https://tools.ietf.org/html/rfc6376#section-6.1: 
>     ... a Verifier SHOULD NOT treat a message that has one or more
>     bad signatures and no good signatures differently from a message
with
>     no signature at all.


More information about the amavis-users mailing list