Nikolaos Milas skrev den 2022-11-27 19:35:
On 24/11/2022 8:23 π.μ., Patrick Ben Koetter wrote:
I suggest to use valid DKIM signatures, if your bank sends DKIM
signed
messages and use one or a list of policy banks to overrule (here:
disable)
specific content classifications:
Hi Patrick and everyone who replied,
Thanks for your valuable feedback. No, unfortunately the Banks we are
having issues with do not use DKIM signatures.
However, they are using *dedicated* mail servers, so I assume I can
use @mynetworks to safely whitelist these. Isn't that right?
Regarding DMARC, I don't see amavis / spamassassin to be adjusting
scoring using DMARC validation. Should such behavior be enabled
somehow?
Patrick, for other cases with mails with DKIM signatures, please
clarify: using @author_to_policy_bank_maps applies ONLY to valid
DKIM-signed mails?
Would you suggest to also increase negative scoring of SPF_PASS
(currently -0.1)?
Matus, you suggested to make an exception at the MTA level. I guess
you mean something like (in Postfix):
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access
hash:/etc/postfix/rbl_override,
alternative is
smtpd_milter_maps=
this will work if amavisd is used as milter
...
where /etc/postfix/rbl_override is:
1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK
Right?
ips is fine in that map, lost how secure hostname is
for the smtpd_milter_maps change content in rbl_override
1.2.3.4 DISABLE
1.2.3.5 DISABLE
if you used fuglu life would be more easy
