Am 02.12.2014 um 12:16 schrieb Robert Schetterer: > Am 02.12.2014 um 11:39 schrieb Christian Rößner: >> So I thought why not using mechanisms from incoming mail for outgoing mail >> that does not influence law. And therefor I thought about using DMARC as >> well, which would protect outgoing mail from spoofed headers for domains >> that already have defined DMARC policies. So if Yahoo, Microsoft, AOL and >> all the others have defined DMARC, why should I even allow users to send >> mails with spoofed From:- (the envelope-sender is caught by the >> reject_sender_login_mismatch), if I could do a quick check for DMARC? >> >> Is this wrong thinking? I thought about your words: Fight problems at the >> source. > > as far i remember your problem is/was the some faked "from:" header > injected by webservers scripts, so you need a "mech" which compares this > to your "allowed" maildomains, this might be usefull config at the > webserver postfix itself , but i speculate it will not work fine in real > world on typical submission use. > > Clamav-milter with sane security works fine here at submission, but > spamass-milter was to slow, i guess if you doing SPF/DKIM/DMARC verify > with real mail clients it will massive slow down...., so in the > submission case it might be best accept the mail and filter it before go > outbound, amavis may classify and handle the mail like whats your policy... > > so i guess you have to split problems for different transport > channels/servers and handle in a different way...you might not find a > uni simple solution > > Best Regards > MfG Robert Schetterer >
so final ..,some submission milter should check all From: against allowed maildomain/mailaddress i.e in addition so sasl sender login checks, this should avoid deliver in mail ,from some typical pish bots Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
