Whitelisting mail servers
Benny Pedersen
me at junc.eu
Sun Nov 27 23:03:22 CET 2022
Nikolaos Milas skrev den 2022-11-27 19:35:
> On 24/11/2022 8:23 π.μ., Patrick Ben Koetter wrote:
>
>> I suggest to use valid DKIM signatures, if your bank sends DKIM
>> signed
>> messages and use one or a list of policy banks to overrule (here:
>> disable)
>> specific content classifications:
>
> Hi Patrick and everyone who replied,
>
> Thanks for your valuable feedback. No, unfortunately the Banks we are
> having issues with do not use DKIM signatures.
>
> However, they are using *dedicated* mail servers, so I assume I can
> use @mynetworks to safely whitelist these. Isn't that right?
>
> Regarding DMARC, I don't see amavis / spamassassin to be adjusting
> scoring using DMARC validation. Should such behavior be enabled
> somehow?
>
> Patrick, for other cases with mails with DKIM signatures, please
> clarify: using @author_to_policy_bank_maps applies ONLY to valid
> DKIM-signed mails?
>
> Would you suggest to also increase negative scoring of SPF_PASS
> (currently -0.1)?
>
> Matus, you suggested to make an exception at the MTA level. I guess
> you mean something like (in Postfix):
>
>> smtpd_recipient_restrictions = reject_invalid_hostname,
>> reject_unauth_pipelining,
>> permit_mynetworks,
>> permit_sasl_authenticated,
>> reject_unauth_destination,
>> check_client_access
>> hash:/etc/postfix/rbl_override,
alternative is
smtpd_milter_maps=
this will work if amavisd is used as milter
>> ...
>
> where /etc/postfix/rbl_override is:
>
>> 1.2.3.4 OK
>> 1.2.3.5 OK
>> mail.freemailer.tld OK
>
> Right?
ips is fine in that map, lost how secure hostname is
for the smtpd_milter_maps change content in rbl_override
1.2.3.4 DISABLE
1.2.3.5 DISABLE
if you used fuglu life would be more easy
More information about the amavis-users
mailing list