amavis-dkim: How to discard mail with no or invalid signature
matthias.weigel at maweos.de
Wed Jan 13 18:47:18 CET 2016
you could try a custom spamassassin rule.
These rules go into ~amavis/.spamassassin/user_prefs
There are already some SPF/DKIM rules in spamassassin. See file
25_spf.cf or 25_dkim.cf of spamassassin.
# Then you create a rule to identify your domain:
header MY_FROM From =~ /example.com/i
describe MY_FROM Sender is from example.com
# Now you create a rule to combine them:
meta MY_FROM_WITHOUT_SPF MY_FROM && (SPF_NONE || SPF_FAIL)
describe MY_FROM_WITHOUT_SPF Sender is from my domain, but has no SPF
score MY_FROM_WITHOUT_SPF 9
meta MY_FROM_WITHOUT_DKIM MY_FROM && !DKIM_VALID
describe MY_FROM_WITHOUT_DKIM Sender is from my domain, but has no DKIM
score MY_FROM_WITHOUT_DKIM 9
The high score tells amavis to quarantine such mails.
Please check, if the above criteria are really useful for you. Have a
look in /usr/share/spamassassin/ . Maybe some other criteria is more
Test before using this in production. See "debug-sa" parameter to amavis.
Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
> Hello all,
> thanks a lot for all answers.
> It seems I have to use SPF or DMARC to get what I want. Unfortunately these components are not integrated in the SuSE Linux software distribution. I'd like to use only the onboard resources postfix, amavis-new with DCIM, spamassassin because of automatic updating.
> Is there actually no way in amavis (or spamassassin) to reject/quaratine mails from a specific sender with no or an invalid DKIM signatur?
> Is there any way to reject those mails in postfix after amavis DKIM verifying?
> I've allready tried to check the headers in postfix for DKIMs "Authentication-Results", but "header_checks" take place before the DKIM verification and "smtp_header_checks" do not allow to cutoff the mail delivery.
> Hope anyone can help me
> best regards
>>>> Maurizio Marini <maumar at datalogica.com> schrieb am Mittwoch, 13. Januar 2016 um
> 12:27 in Nachricht <20160113122726.221e5099.maumar at datalogica.com>:
>> On Wed, 13 Jan 2016 12:01:52 +0100
>> "Gerhard Rappenecker" <G.Rappenecker at hs-offenburg.de> wrote:
>>> My intention is, to reject mail from outside with a faked sender adress
>>> of our own domain. In the past we were attacked by such mails to our
>> Hello Gerhard
>> I use spf with -all instead of ~all to do exactly what you want.
>> I do not received anymore spam with my domain in from address
>> I mean: @datalogica.com
More information about the amavis-users