On Mon, Feb 25, 2019 at 07:43:49PM +0100, Patrick Proniewski wrote:
> Then, I'm currently trying another approach. In my current setup, I've an
> amavisd sandwich: outer-smtp->amavisd->inner-smtp. I can't put opendmarc
> or any milter on the outer-smtp, so I've put opendmarc on the inner-smtp.
> It's working OK so far, but I'll need extensive testing to check all
> possible case. Only downside: I can't reject mails on dmarc failure, but
> I should be able to quarantine/tag those messages later on the road.
>
> Any though about that?
You're free to reject message content after "." on the south side
of a pre-queue proxy filter. You can use milters to do that if you
like. What you can't do is reject individual recipients.
Keep in mind that if the proxy filter makes any changes to the
message (modifies the content rather than rejects it), that may
invalidate the DKIM signature, and you could end up with DMARC
false-positives. So make sure to understand what changes you've
configure in amavis. Avoid subject tags, ... You can probably
inject most "X-" headers without invalidating DKIM signatures.
--
Viktor.
