Hi Andreas, thnaks for your answer. I agree with you. That's not a usual policy.
My intention is, to reject mail from outside with a faked sender adress of our own domain. In the past we were attacked by such mails to our mailinglists. So if I ensure that all mails originating from our domain have a valid DKIM signature it should be easy to identify and reject mails with our sender domain and with no or invalid DKIM signature. I'd like to achieve this aim without DMARC because I want to use amavisd-new installed in our SuSE linux. Is there any way do do this without DMARC? Best regards Gerhard >>> "A. Schulze" <[email protected]> schrieb am Dienstag, 12. Januar 2016 um 17:59 in Nachricht <[email protected]>: > > Am 12.01.2016 um 15:03 schrieb Gerhard Rappenecker: >> I'd like to discard, reject or quarantine mails from a specific domain, but > only if they have no or no valid DKIM signature. > > it's your policy but usually it's wrong to reject on no or no valid DKIM > signature ¹) > You want DMARC but DMARC validation is not implemented in amavisd-new > > we run a pipeline of milters here: > - smf-spf milter for SPF validation > - opendkim for DKIM validation > - opendmarc to inspect SPF+DKIM result and apply a policy > - amavisd-milter for content inspection > > Andreas > > ¹) https://tools.ietf.org/html/rfc6376#section-6.1: > ... a Verifier SHOULD NOT treat a message that has one or more > bad signatures and no good signatures differently from a message with > no signature at all.
