Am 2014-04-30 11:33, schrieb Jim Popovitch:
On Apr 30, 2014 5:09 AM, "Tom Hendrikx" <t...@whyscream.net> wrote:
>
> On 04/30/2014 11:00 AM, Axb wrote:
> > On 04/30/2014 10:30 AM, Michael Storz wrote:
> >> Am 2014-04-30 10:23, schrieb Axb:
> >>> On 04/30/2014 10:10 AM, Michael Storz wrote:
> >>>> Are there any plans for a DMARC plugin for SpamAssassin?
Reacting to a
> >>>> DMARC policy of reject (AOL/Yahoo) seems only feasible with
> >>>> SpamAssassin
> >>>> because so many exceptions are needed for software which
destryes DKIM
> >>>> signatures:
> >>>>
> >>>> - mailing lists
> >>>> - MS Exchange
> >>>> - Novell GroupWise
> >>>> - Lotus Domino Server ???
> >>>> - web form emails
> >>>> - ESPs
> >>>> ...
> >>>>
> >>>> exceptions, which could be configured via SpamAssassin rules.
> >>>
> >>>
> >>> How could a SA plugin help?
> >>> Isn't this something that should be handled at MTA level?
> >>
> >> Well, we are using amavisd-new in prequeue filtering mode. In
our
> >> configuration a score of 5 will quarantine an email, a score of
10 will
> >> reject the email.
> >
> > You can submit a feature request in SA's bugzilla....
> >
> > and in the meantime may want to look at
> > http://sourceforge.net/projects/opendmarc/ [1]
> >
>
> I proposed a DMARC plugin for spamassassin on the dmarc mailing
list
> last year, to make it easier for people to give DMARC a spin. They
> didn't really like the idea (I still do), because a simple plugin
> wouldn't do the report sending, which is an important part of
DMARC.
>
> Regards,
> Tom
>
Sending reports can leak data (think: HIPAA). Know what you are
leaking to others.
-Jim P.
Right, therefore nearly no one is sending forensic reports, only
aggregate reports.
--
Michael
