Marc skrev den 2023-07-26 08:44:
blocklist_from *@gmail.com welcomelist_auth *@gmail.com makes it perfect :) if both dkim and spf is pass, it will get neutral scores
I found this to be not sufficient (assuming the above pass is ~all). gmail has spf ~all.
set softfail score to 100, solved
So I have made an exception for the google network in milter and everything from the gmail / google that would fail an -all spf I reject.
milters should not be spam scanners, spamassassin is better
There is only a few legitimate domains that will be targetted by this, but asking them to correctly setup spf is mostly enough.
maybe use bind9 rpz to change spf data for stupid domains, mostly freemail domains in this category ? :)
