Antw: Re: amavis-dkim: How to discard mail with no or invalid signature

Gerhard Rappenecker G.Rappenecker at
Thu Jan 14 16:25:04 CET 2016

Hello Matthias,

that works! Thanks a lot!

In my  SuSE Linux I put the rules MY_FROM and  MY_FROM_WITHOUT_DKIM in /etc/mail/spamassassin/

To avoid to check the originating mails which don't have a DKIM Signature at this point I bypass spam check in amavisd.conf with:
$policy_bank{'MYNETS'} = {
  bypass_spam_checks_maps => [1]
$policy_bank{'ORIGINATING'} = {
  bypass_spam_checks_maps => [1]
I think this could be done better.
Is it possible to bypass DKIM-checking for originating mails in spamassassin instead of bypassing the spam check at all for such mails?

Now amavis-new quaratine positive mails to /var/spool/amavis/virusmails and also delivers them.
How can I manage to discard them instead or to do somthing else? (I'm a beginner with amavis ;)

Is there any notification-/cleaning-tool in amavis to manage the quaratine files?

Best regards

>>> Matthias Weigel <matthias.weigel at> schrieb am Mittwoch, 13. Januar
2016 um 18:47 in Nachricht <56968DA6.2050203 at>:
> Hello Gerhard,
> you could try a custom spamassassin rule.
> These rules go into ~amavis/.spamassassin/user_prefs
> There are already some SPF/DKIM rules in spamassassin. See file
> or of spamassassin.
> # Then you create a rule to identify your domain:
> header      MY_FROM          From =~ /
> describe    MY_FROM   Sender is from
> # Now you create a rule to combine them:
> describe MY_FROM_WITHOUT_SPF  Sender is from my domain, but has no SPF
> score    MY_FROM_WITHOUT_SPF  9
> # or:
> describe MY_FROM_WITHOUT_DKIM  Sender is from my domain, but has no DKIM
> score    MY_FROM_WITHOUT_DKIM  9
> The high score tells amavis to quarantine such mails.
> Please check, if the above criteria are really useful for you. Have a
> look in /usr/share/spamassassin/ . Maybe some other criteria is more
> apropriate?
> Test before using this in production. See "debug-sa" parameter to amavis.
> Best Regards
> Matthias
> Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
>> Hello all,
>> thanks a lot for all answers.
>> It seems I have to use SPF or DMARC to get what I want. Unfortunately these 
> components are not integrated in the SuSE Linux software distribution. I'd 
> like to use only the onboard resources postfix, amavis-new with DCIM, 
> spamassassin because of automatic updating.
>> Is there actually no way in amavis (or spamassassin) to reject/quaratine 
> mails from a specific sender with no or an invalid DKIM signatur?
>> Is there any way to reject those mails in postfix after amavis DKIM 
> verifying?
>> I've allready tried to check the headers in postfix for DKIMs 
> "Authentication-Results", but "header_checks" take place before the DKIM 
> verification and "smtp_header_checks" do not allow to cutoff the mail 
> delivery.
>> Hope anyone can help me
>> best regards
>> Gerhard
>>>>> Maurizio Marini <maumar at> schrieb am Mittwoch, 13. Januar 2016 
> um
>> 12:27 in Nachricht <20160113122726.221e5099.maumar at>:
>>> On Wed, 13 Jan 2016 12:01:52 +0100
>>> "Gerhard Rappenecker" <G.Rappenecker at> wrote:
>>>> My intention is, to reject mail from outside with a faked sender adress
>>>> of our own domain. In the past we were attacked by such mails to our
>>>> mailinglists.
>>> Hello Gerhard
>>> I use spf with -all instead of ~all to do exactly what you want.
>>> I do not received anymore spam with my domain in from address
>>> I mean:
>>> -m

More information about the amavis-users mailing list