Am 2014-04-30 12:58, schrieb Axb:
On 04/30/2014 12:50 PM, Michael Storz wrote:
Am 2014-04-30 12:23, schrieb Axb:
On 04/30/2014 12:10 PM, Django [BOfH] wrote:
HI!
Am 30.04.2014 11:14, schrieb Axb:
Seems to me that amavisd-new would be the better place to handle
this
You ned a mail filter, witch can see (!) SPF-Auth and DKIM-Auth
while
DMARC is checking both results.
So the only really good and best place ist to use Milters[1]:
SMF-SPF-Milter
OpenDKIM-Milter
DMARC-Milter
and
amavisd-new-milter.
Don't mix milters with several policyd-daemon!
Sers
Django
[1] https://dokuwiki.nausch.org/doku.php/centos:mail_c6:mta_13
or none at all - depending on what kind of traffic you handle all
this goo causes more problems than its worth. :)
my unrequested 2 cents
That's corect, it depends on the kind of environement you are
living. If
you operate an email sink, then it is ok to just mark emails as
spam.
For universities this is different. A lot of students are forwarding
their emails to freemail providers like AOL, Google, Hotmail and
Yahoo.
All of them are using DMARC to reject emails. If you are forwarding
emails, which are marked as spam and fail the DMARC check, these
emails
will be rejected und you will produce backscatter. Even worse, the
reputation of your mail server will decrease until the server gets
blocked.
if doing alot of forwarding, SRS is probably your friend
We are doing SRS because GMX and Web.de, two big german freemail
providers, are heavily using SPF and no DKIM. But GMAIL tells us we
should NOT use SRS because then the alignment requirements of DMARC are
destroyed!
If you like DMARC or not, in such a scenario you are forced to
react.
discussing the good and band of DMARC iso outside SA' scope and
should be moved to mailop list where the horse is getting beaten to
death.
EOT for me
Thanks, your answers are very helpful for solving the problems we are
facing.
--
Michael
