>It seems to me that it does that and that it later complains that the incoming e-mails from that domain do not have DKIM-Signature:
ASSP creates a DKIMCache entry, if a valid DKIM-signature is found (DKIM-signature or ARC-result) - this has primary nothing to do with DMARC. Any further mail has to be valid DKIM-signed - this is the default behavior for much more than a decade now. This behavior can be changed our $DKIMCacheStrict = 1; # (0/1) if a DKIM signature is found for a domain - all other mails from this domain will require a DKIM signature to pass the Pre-DKIM-Check by setting $DKIMCacheStrict to zero (use the commandline switch or lib/CorrectASSPcfg.pm to change this variable). Nearly 100% of sending domains are constantly using DKIM or not. A valid DKIM-signature can't be faked by spammers. So knowing a domain uses DKIM (we saw it before) and now getting a mail from this domain without a DKIM-signature, is a very good indicator for SPAM! Exceptions can be defined in the assp DKIM-check configuration and $DKIMCacheStrict. Published DMARC policies are ignored by assp for the SPF and DKIM checks itself. They are only used to check/report DMARC. So even the [p=] and/or [sp=] DMARC flags tells us to ignore mistakes - we do this for the DMARC check ---- a failed SPFcheck remains a miss and a failed DKIMcheck remains a miss! Possibly we can make assp more strict. If a domain published a DMARC record, there is no doubt that a SPF record has to be defined a valid DKIM signature has to be included. If the 'aspf' and/or 'adkim' alignment rules are not defined, they are set to the default value 'r'. Any miss or missmatch would be an SPF/DKIM error and a DMARC-alignment error. IMHO currently this would lead in to too many false detection and blocked good mails, because of bad configured DNS. >Also, I've just noticed that ASSP checks and gives negative score for IP/HELLO for authenticated e-mail clients: This is the case for ages - I can't remember a time when this was not the case! The last change was at 2015-05-10 in assp 2.4.4 build 15130 This feature was last touched in assp 2.8.2 *SPAM-Eliminator* build 24291 to fix a punicode issue - where punicode domains.were unexpected scored. The 'authenticated' flag is nowhere used in assp to make any check exception. If a client is connected to listenport2 and it is authenticated, then it is allowed to send outgoing mails (relayok) - this flag skips most checks (also IPinHeloOK). Thomas Von: "Zrin" <zrin+a...@ziborski.net> An: assp-test@lists.sourceforge.net Datum: 07.11.2024 12:45 Betreff: [Assp-test] DMARC record and DKIMcache (ASSP 2.8.2) Hi Thomas, does ASSP create DKIMcache entry for domains that have published a DMARC record (e.g. "v=DMARC1; p=none" under _dmarc.example.com) but do not have DKIM, i.e. there is no mail._domainkey.example.com? It seems to me that it does that and that it later complains that the incoming e-mails from that domain do not have DKIM-Signature: [scoring] DKIM domain mismatch - example.com found in DKIMCache, but no DKIM-Signature found in mail header (Cache) Message-Score: added 25 (dkimValencePB) for DKIM domain mismatch - example.com found in DKIMCache, but no DKIM-Signature found in mail header, total score for this message is now 35 Message-Score: added -5 (spfpValencePB) for SPF pass, total score for this message is now 30 info: domain ziborski.net has published a DMARC record Also, I've just noticed that ASSP checks and gives negative score for IP/HELLO for authenticated e-mail clients: 2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: <client externel IP>] <f...@example.com> to: recipi...@domain.eu Originating IP/HELO: <client ext IP> / [192.168.xxx.xxx] 2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158] <f...@example.com> to: recipi...@domain.eu Message-Score: added 5 (fiphValencePB) for Suspicious HELO - contains IP: '[192.168.xxx.xxx]', total score for this message is now 5 2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158] <f...@example.com> to: recipi...@domain.eu [scoring] (Suspicious HELO - contains IP: '[192.168.xxx.xxx]') 2024/11/07 11:57:56 77076-69079 [Worker_1] [TLS-in] <ASSP IP> [OIP: 212.17.78.158] <f...@example.com> to: recipi...@domain.eu Message-Score: added 5 (fiphmValencePB) for IP in HELO '[192.168.xxx.xxx]' does not match IP in connection '<client ext ip>' , total score for this message is now 10 It seems to me that this wasn't the case before update to 2.8.x (?) Thank you in advance, Zrin_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
