Whitelisting mail servers
Nikolaos Milas
nmilas at noa.gr
Sun Nov 27 19:35:07 CET 2022
On 24/11/2022 8:23 π.μ., Patrick Ben Koetter wrote:
> I suggest to use valid DKIM signatures, if your bank sends DKIM signed
> messages and use one or a list of policy banks to overrule (here: disable)
> specific content classifications:
Hi Patrick and everyone who replied,
Thanks for your valuable feedback. No, unfortunately the Banks we are
having issues with do not use DKIM signatures.
However, they are using *dedicated* mail servers, so I assume I can use
@mynetworks to safely whitelist these. Isn't that right?
Regarding DMARC, I don't see amavis / spamassassin to be adjusting
scoring using DMARC validation. Should such behavior be enabled somehow?
Patrick, for other cases with mails with DKIM signatures, please
clarify: using @author_to_policy_bank_maps applies ONLY to valid
DKIM-signed mails?
Would you suggest to also increase negative scoring of SPF_PASS
(currently -0.1)?
Matus, you suggested to make an exception at the MTA level. I guess you
mean something like (in Postfix):
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_override,
...
where /etc/postfix/rbl_override is:
1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK
Right?
Thank you all,
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20221127/7218357b/attachment.htm>
More information about the amavis-users
mailing list