header DMARC_FAIL_REJECT Authentication-Results =~
/mail\.simonandkate\.net; dmarc=fail \(p=reject/
describe DMARC_FAIL_REJECT DMARC check failed (p=reject)
score DMARC_FAIL_REJECT 6.0
That works fine,
this rule is DMARC testing in OUTbound mail, dont do this :)
***No it is not DMARC testing in OUTbound mail*** (not shouting, just
stressing this point)
Read my message again please :)
I have said a few times I do *not* run milters on outbound email, so
the header that rule tests for *does not exist on outbound email*, and
so the custom DMARC rule does not trigger on outbound email. It DOES
trigger on INbound emails, which is correct.
the rule is fine for INbound mail, IF you use opendmarc before
spamassassin milter, there is no garenti that spamassassin see
opendmarc results in that chains of trustness
its safe to remove all AR headers before doing own milters that add
local testing and trusted headers, AR headers is not DKIM signed by
a good reason :=)
and has the bonus of only running when I expect it to
- which is when I have ensured the relevant milters have run and
added trusted headers on inbound email.
irrelevant since the rule in spamassassin is still used in OUTbound
and INbound, it will give false possitive testing this in
spamassassin, work around could be to have spamd for inbound,and
spamd for outbound, but this needs new rules for outbound :=)
Sorry, you have not understood what I have written.
I will try and be clearer:
- OpenDMARC only runs on inbound email (controlled as a milter only on
port 25 inbound Postfix)
- When OpenDMARC runs it adds an Authentication-Results header with a
trusted Authserv-ID
- Only when that header exists does the rule trigger in Spamassassin,
i.e. THE RULE ONLY TRIGGERS ON INBOUND
--
Simon Wilson
M: 0400 12 11 16
