After a couple of iterations and re-reading the policy syntax in a
DMARC draft, I ended up with the following set of rules ( based on
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7099 ):
ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1
(?=\s*;) .* ;\s* p\s*=\s*none \s*(?:;|\z)/x
askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1
(?=\s*;) .* ;\s* p\s*=\s*quarantine \s*(?:;|\z)/x
askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1
(?=\s*;) .* ;\s* p\s*=\s*reject \s*(?:;|\z)/x
meta __DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) &&
__DMARC_POLICY_REJECT
meta __DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) &&
__DMARC_POLICY_QUAR
meta __DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) &&
__DMARC_POLICY_NONE
meta DMARC_REJECT __DMARC_REJECT && !__VIA_ML
score DMARC_REJECT 2.1
meta DMARC_REJECT_ML __DMARC_REJECT && __VIA_ML
score DMARC_REJECT_ML 0.8
meta DMARC_QUAR __DMARC_QUAR && !__VIA_ML
score DMARC_QUAR 1.8
meta DMARC_QUAR_ML __DMARC_QUAR && __VIA_ML
score DMARC_QUAR_ML 0.7
endif
Mark