Antw: Re: amavis-dkim: How to discard mail with no or invalid signature

Thu Jan 14 16:25:04 CET 2016

Hello Matthias,

that works! Thanks a lot!

In my  SuSE Linux I put the rules MY_FROM and  MY_FROM_WITHOUT_DKIM in /etc/mail/spamassassin/local.cf:

To avoid to check the originating mails which don't have a DKIM Signature at this point I bypass spam check in amavisd.conf with:
$policy_bank{'MYNETS'} = {
  ...
  bypass_spam_checks_maps => [1]
};
$policy_bank{'ORIGINATING'} = {
  ...
  bypass_spam_checks_maps => [1]
};
I think this could be done better.
Is it possible to bypass DKIM-checking for originating mails in spamassassin instead of bypassing the spam check at all for such mails?

Now amavis-new quaratine positive mails to /var/spool/amavis/virusmails and also delivers them.
How can I manage to discard them instead or to do somthing else? (I'm a beginner with amavis ;)

Is there any notification-/cleaning-tool in amavis to manage the quaratine files?

Best regards
Gerhard

>>> Matthias Weigel <matthias.weigel at maweos.de> schrieb am Mittwoch, 13. Januar
2016 um 18:47 in Nachricht <56968DA6.2050203 at maweos.de>:
> Hello Gerhard,
> 
> you could try a custom spamassassin rule.
> 
> These rules go into ~amavis/.spamassassin/user_prefs
> 
> There are already some SPF/DKIM rules in spamassassin. See file
> 25_spf.cf or 25_dkim.cf of spamassassin.
> 
> # Then you create a rule to identify your domain:
> header      MY_FROM          From =~ /example.com/i
> describe    MY_FROM   Sender is from example.com
> 
> # Now you create a rule to combine them:
> meta     MY_FROM_WITHOUT_SPF    MY_FROM && (SPF_NONE || SPF_FAIL)
> describe MY_FROM_WITHOUT_SPF  Sender is from my domain, but has no SPF
> score    MY_FROM_WITHOUT_SPF  9
> 
> # or:
> meta     MY_FROM_WITHOUT_DKIM   MY_FROM && !DKIM_VALID
> describe MY_FROM_WITHOUT_DKIM  Sender is from my domain, but has no DKIM
> score    MY_FROM_WITHOUT_DKIM  9
> 
> The high score tells amavis to quarantine such mails.
> 
> Please check, if the above criteria are really useful for you. Have a
> look in /usr/share/spamassassin/ . Maybe some other criteria is more
> apropriate?
> 
> Test before using this in production. See "debug-sa" parameter to amavis.
> 
> Best Regards
> 
> Matthias
> 
> 
> 
> Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
>> Hello all,
>> 
>> thanks a lot for all answers.
>> 
>> It seems I have to use SPF or DMARC to get what I want. Unfortunately these 
> components are not integrated in the SuSE Linux software distribution. I'd 
> like to use only the onboard resources postfix, amavis-new with DCIM, 
> spamassassin because of automatic updating.
>> 
>> Is there actually no way in amavis (or spamassassin) to reject/quaratine 
> mails from a specific sender with no or an invalid DKIM signatur?
>> Is there any way to reject those mails in postfix after amavis DKIM 
> verifying?
>> 
>> I've allready tried to check the headers in postfix for DKIMs 
> "Authentication-Results", but "header_checks" take place before the DKIM 
> verification and "smtp_header_checks" do not allow to cutoff the mail 
> delivery.
>> 
>> Hope anyone can help me
>> 
>> best regards
>> Gerhard
>> 
>> 
>>>>> Maurizio Marini <maumar at datalogica.com> schrieb am Mittwoch, 13. Januar 2016 
> um
>> 12:27 in Nachricht <20160113122726.221e5099.maumar at datalogica.com>:
>>> On Wed, 13 Jan 2016 12:01:52 +0100
>>> "Gerhard Rappenecker" <G.Rappenecker at hs-offenburg.de> wrote:
>>>
>>>> My intention is, to reject mail from outside with a faked sender adress
>>>> of our own domain. In the past we were attacked by such mails to our
>>>> mailinglists.
>>> Hello Gerhard
>>> I use spf with -all instead of ~all to do exactly what you want.
>>> I do not received anymore spam with my domain in from address
>>> I mean: @datalogica.com
>>> -m
>> 
>> 
>> 