amavis-dkim: How to discard mail with no or invalid signature

Matthias Weigel matthias.weigel at maweos.de
Wed Jan 13 18:47:18 CET 2016 

Hello Gerhard,

you could try a custom spamassassin rule.

These rules go into ~amavis/.spamassassin/user_prefs

There are already some SPF/DKIM rules in spamassassin. See file
25_spf.cf or 25_dkim.cf of spamassassin.

# Then you create a rule to identify your domain:
header      MY_FROM          From =~ /example.com/i
describe    MY_FROM   Sender is from example.com

# Now you create a rule to combine them:
meta     MY_FROM_WITHOUT_SPF    MY_FROM && (SPF_NONE || SPF_FAIL)
describe MY_FROM_WITHOUT_SPF  Sender is from my domain, but has no SPF
score    MY_FROM_WITHOUT_SPF  9

# or:
meta     MY_FROM_WITHOUT_DKIM   MY_FROM && !DKIM_VALID
describe MY_FROM_WITHOUT_DKIM  Sender is from my domain, but has no DKIM
score    MY_FROM_WITHOUT_DKIM  9

The high score tells amavis to quarantine such mails.

Please check, if the above criteria are really useful for you. Have a
look in /usr/share/spamassassin/ . Maybe some other criteria is more
apropriate?

Test before using this in production. See "debug-sa" parameter to amavis.

Best Regards

Matthias



Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
> Hello all,
> 
> thanks a lot for all answers.
> 
> It seems I have to use SPF or DMARC to get what I want. Unfortunately these components are not integrated in the SuSE Linux software distribution. I'd like to use only the onboard resources postfix, amavis-new with DCIM, spamassassin because of automatic updating.
> 
> Is there actually no way in amavis (or spamassassin) to reject/quaratine mails from a specific sender with no or an invalid DKIM signatur?
> Is there any way to reject those mails in postfix after amavis DKIM verifying?
> 
> I've allready tried to check the headers in postfix for DKIMs "Authentication-Results", but "header_checks" take place before the DKIM verification and "smtp_header_checks" do not allow to cutoff the mail delivery.
> 
> Hope anyone can help me
> 
> best regards
> Gerhard
> 
> 
>>>> Maurizio Marini <maumar at datalogica.com> schrieb am Mittwoch, 13. Januar 2016 um
> 12:27 in Nachricht <20160113122726.221e5099.maumar at datalogica.com>:
>> On Wed, 13 Jan 2016 12:01:52 +0100
>> "Gerhard Rappenecker" <G.Rappenecker at hs-offenburg.de> wrote:
>>
>>> My intention is, to reject mail from outside with a faked sender adress
>>> of our own domain. In the past we were attacked by such mails to our
>>> mailinglists.
>> Hello Gerhard
>> I use spf with -all instead of ~all to do exactly what you want.
>> I do not received anymore spam with my domain in from address
>> I mean: @datalogica.com
>> -m
> 
> 
>

More information about the amavis-users mailing list