On 24/11/2022 8:23 π.μ., Patrick Ben Koetter wrote:
I suggest to use valid DKIM signatures, if your bank sends DKIM signed
messages and use one or a list of policy banks to overrule (here: disable)
specific content classifications:
Hi Patrick and everyone who replied,
Thanks for your valuable feedback. No, unfortunately the Banks we are
having issues with do not use DKIM signatures.
However, they are using *dedicated* mail servers, so I assume I can use
@mynetworks to safely whitelist these. Isn't that right?
Regarding DMARC, I don't see amavis / spamassassin to be adjusting
scoring using DMARC validation. Should such behavior be enabled somehow?
Patrick, for other cases with mails with DKIM signatures, please
clarify: using @author_to_policy_bank_maps applies ONLY to valid
DKIM-signed mails?
Would you suggest to also increase negative scoring of SPF_PASS
(currently -0.1)?
Matus, you suggested to make an exception at the MTA level. I guess you
mean something like (in Postfix):
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access
hash:/etc/postfix/rbl_override,
...
where /etc/postfix/rbl_override is:
1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK
Right?
Thank you all,
Nick
