On 2021-04-20 14:21, Simon Wilson wrote:
header DMARC_FAIL_REJECT Authentication-Results =~
/mail\.simonandkate\.net; dmarc=fail \(p=reject/
describe DMARC_FAIL_REJECT DMARC check failed (p=reject)
score DMARC_FAIL_REJECT 6.0
That works fine,
this rule is DMARC testing in OUTbound mail, dont do this :)
the rule is fine for INbound mail, IF you use opendmarc before
spamassassin milter, there is no garenti that spamassassin see opendmarc
results in that chains of trustness
its safe to remove all AR headers before doing own milters that add
local testing and trusted headers, AR headers is not DKIM signed by a
good reason :=)
and has the bonus of only running when I expect it to
- which is when I have ensured the relevant milters have run and
added trusted headers on inbound email.
irrelevant since the rule in spamassassin is still used in OUTbound and
INbound, it will give false possitive testing this in spamassassin, work
around could be to have spamd for inbound,and spamd for outbound, but
this needs new rules for outbound :=)
i remember KAM sayed, the possible to do anything in Framework is
stable, its just rules that is still waiting for spamassassin 4.x.x
when you post problems here its a hope KAM listen on it, and will
possible change the problem
all the best, YMMV
Simon.
