It does look like SpamAssassin has a SPF hook.
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#scoring_options
*From: *Jeffs Chips
*Sent: *Sunday, June 26, 2016 5:20 PM
*To: *li...@lazygranch.com
*Cc: *postfix-users@postfix.org
*Subject: *Re: DKIM/SPF failure to folder, not return to sender and
other tricks
This projects is not for normal email delivery but an esoteric use
not usually associated with email - can't really divulge more but
I'm starting to see no easy solution. There are spf scripts that can
run against files separately from the stuff built into spam assassin
and postfix/exim etc.
On Jun 26, 2016 7:57 PM, <li...@lazygranch.com> wrote:
Well maybe. If your client supports extra folders per each
mailbox and you can access those folders, then yes. Most clients
do have such folders, but the are designed to be used with
"filters" built in the client. The filters probably aren't
sophisticated enough to check DKIM or SPF, which is why plugins
are used.
While readers of this list think filtering out email that fails
ID is a great idea, the general public just wants the email to
be delivered.
I don't use Gmail, but I understand Google has implemented or is
working on implementing a notification for email that fails DKIM
and SPF. I would be interesting to get some stats on email
passing both DKIM, each individually, or none at all.
When I suggested a plugin for CLAWS email client to check DKIM
and SPF, the silence was deafening.
Original Message
From: Chip
Sent: Sunday, June 26, 2016 4:41 PM
To: postfix-users@postfix.org <mailto:postfix-users@postfix.org>
Reply To: jeffsch...@gmail.com <mailto:jeffsch...@gmail.com>
Subject: Re: DKIM/SPF failure to folder, not return to sender
and other tricks
Thanks,
So it just may be easier to deliver all messages to a folder
then have a
cron job run some spf/dkim checking script against the emails.
On 06/26/2016 05:53 PM, Bill Cole wrote:
> On 26 Jun 2016, at 16:44, Chip wrote:
>
>> I'm wondering if Postfix can do the following easily.
>
> Nope, not *easily*.
>
>> It's a real dog to get this setup in Exim.
>
> Or Sendmail, or probably ANY MTA that isn't tightly integrated to
> robust local delivery, mailstore, and mail access subsystems
OR which
> has a sophisticated flexible mechanism for arbitrary policy
definition
> and enforcement. So I guess if you wrote cf-ese by hand it
might be a
> cinch in Sendmail... But anyway: this is *out of scope* for a
pure MTA.
>
> [details elided]
>
>> In other words, a database or text list of emails with
corresponding
>> acceptable senders needs to be maintained and referenced for each
>> user, I believe, unless a guru here can tell me how to get
the flow
>> properly.
>
> To do this with Postfix, you need some sort of external
program. The
> traditional Postfix mechanism would be a policy daemon. In modern
> Postfix you could do it in a milter such as MIMEDefang which
provides
> a framework for you to create and enforce any policy that you can
> express in Perl. (which is easier than cf-ese, really...)
>
> Within Postfix proper, I suppose you could hypothetically do
this with
> restriction classes, but those don't scale well. If you had
something
> checking and tagging messages for SPF & DKIM authentication in
Postfix
> (e.g. any mechanism that hooks to SpamAssassin or specialized
tools)
> you could then do delivery via LMTP to something like Dovecot
with its
> Pigeonhole add-on and have all your per-user rules in Sieve rules.
>
> In short: there are many different ways to skin this cat, but
they all
> include the unpleasantry of skinning a cat. Ick.
>
