On 25-03-10 07:34:41, Dusan Obradovic via Postfix-users wrote:
>
> It is not difficult to override policy published and unconditionally reject
> DMARC failures. This does not follow RFC7489 guidelines:
>
> /etc/postfix/milter_header_checks:
> /^Authentication-Results:.+dmarc=fail/ REJECT
I was thinking about something similar. However, this filtering rule would
reject all mail that comes from postfix.org mailing lists, which isn't an
option. Maybe this one combined with another rule, but i need more statistics
to see what exactly.
For example, if all checks fail at the same time - spf, dkim and dmarc (in an
AND logic relation), there's a good chance that this is spam.
> milter_header_checks (default: empty)
> Optional lookup tables for content inspection of message headers that are
> produced by Milter applications. See the header_checks(5) manual page
> available actions. Currently, PREPEND is not implemented.
>
> The following example sends all mail that is marked as SPAM to a spam handling
> machine. Note that matches are case-insensitive by default.
>
> /etc/postfix/main.cf:
> milter_header_checks = pcre:/etc/postfix/milter_header_checks
> /etc/postfix/milter_header_checks:
> /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
> The milter_header_checks mechanism could also be used for allowlisting. For
> example it could be used to skip heavy content inspection for DKIM-signed mail
> from known friendly domains.
Yup, perhaps something along these lines.
Petko
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
