Am 2014-04-30 13:36, schrieb Kevin A. McGrail:
On 4/30/2014 7:15 AM, Michael Storz wrote:
Thanks, your answers are very helpful for solving the problems we
are facing. On a related note, if you need, I did implement a
modification routine for mailman in mimedefang. Code published at
http://lists.roaringpenguin.com/pipermail/mimedefang/2014-April/037324.html
As for an SA plugin, I think it will be needed but I believe it is
just an overlay on top of existing DKIM and SPF information.
If you open a bug for the plugin with your list of desired features,
that would be good.
Otherwise, to me, I think the features are:
- Make sure SPF and DKIM are enabled
- Check those results
- Check the DMARC policy
- If policy is reject or quarantine and the SPF/DKIM fails, give a
fairly high score to a rule
You are missing the alignment requirements of the RFC5322.From domain
with the signing domain (DKIM) and the RFC5321.MailFrom domain (SPF).
But this is already implemented in Mail::DMARC.
Beyond that, I doubt I would support a reporting mechanism. Like
reporting viruses, the likelihood of causing a problem and not
notifying the correct person is far higher.
For DMARC, this will not be a problem, because the address where
reports should be sent ist specified in the DMARC record in DNS:
rua: Reporting URI(s) for aggregate data
ruf: Reporting URI(s) for forensic data
Examples:
dig +short txt _dmarc.paypal.com
"v=DMARC1; p=reject; rua=mailto:[email protected];
ruf=mailto:[email protected],mailto:[email protected]";
dig +short txt _dmarc.yahoo.com
"v=DMARC1; p=reject; sp=none; pct=100;
rua=mailto:[email protected], mailto:[email protected];";
Anyone's thoughts?
Regards,
KAM
--
Michael
