<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix"><font face="monospace">On 24/11/2022
8:23 π.μ., Patrick Ben Koetter wrote:<br>
</font></div>
<blockquote type="cite"
cite="mid:20221124062309.cgi2he563sl33uio@sys4.de">
<pre class="moz-quote-pre" wrap="">I suggest to use valid DKIM signatures, if your bank sends DKIM signed
messages and use one or a list of policy banks to overrule (here: disable)
specific content classifications:</pre>
</blockquote>
<p><font face="monospace">Hi Patrick and everyone who replied,</font></p>
<p><font face="monospace">Thanks for your valuable feedback. No,
unfortunately the Banks we are having issues with do not use
DKIM signatures. <br>
</font></p>
<p><font face="monospace">However, they are using *dedicated* mail
servers, so I assume I can use @mynetworks to safely whitelist
these. Isn't that right?<br>
</font></p>
<p><font face="monospace">Regarding DMARC, I don't see amavis /
spamassassin to be adjusting scoring using DMARC validation.
Should such behavior be enabled somehow? <br>
</font></p>
<p><font face="monospace">Patrick, for other cases with mails with
DKIM signatures, please clarify: using
@author_to_policy_bank_maps applies ONLY to valid DKIM-signed
mails? <br>
</font></p>
<p><font face="monospace"></font></p>
<p><font face="monospace">Would you suggest to also increase
negative scoring of SPF_PASS (currently -0.1)?<br>
</font></p>
<p><font face="monospace">Matus, you suggested to make an exception
at the MTA level. I guess you mean something like (in Postfix):
<br>
</font></p>
<blockquote>
<pre>smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_override,
...
</pre>
</blockquote>
<pre>where /etc/postfix/rbl_override is:
</pre>
<blockquote>
<pre>1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK
</pre>
</blockquote>
<p><font face="monospace">Right?</font></p>
<font face="monospace">Thank you all,</font><font face="monospace"><br>
Nick<br>
</font>
<pre>
</pre>
<blockquote>
<pre>
</pre>
</blockquote>
<p>
</p>
</body>
</html>