OK, now I understand why no INPUTMSG for filter_sender(), it is testing
early before all of the message has come in. Got it.
For your SpamAssassin example, what I really want is to extract from
DKIM is the Domain in the signature which will be unique to my company
(we are using gmail business and setup a company domain).
I am getting messages that have a DKIM, but a spoofed sender at
@example.com. To prevent too many false positives on just rejecting
invalid DKIMs, I want to extract the domain from the DKIM to check it
against specific domains I know only come from me.
I had a situation where an employee got tricked with a fake email that
they though came from another company employee.
I don't even want these to come in as SPAM. We had that email marked and
that person just walked past that.
Thanks.,
Ralph
On 4/21/2023 5:59 PM, Bill Cole via MIMEDefang wrote:
On 2023-04-21 at 16:41:43 UTC-0400 (Fri, 21 Apr 2023 16:41:43 -0400)
Ralph Hayon via MIMEDefang <[email protected]>
is rumored to have said:
Hi Dianne,
Ok, I could not find any documentation that states this. This was my
guess based on my observations.
The filter_* functions are called at the analogous stages in the SMTP
transaction, so they only have the information known to the server at
each stage.
I am trying to easily get the domain extracted by DKIM to validate
the sender's email domain.
Until filter() you do not have ANY message headers or data, so you
cannot validate DKIM until then. It is also worth noting that if you
want to use DKIM with DMARC, you need to examine the address in the
From header, NOT the envelope sender, which is what MD puts in the
$Sender global. To get the From header address, you need to extract it
from the $entity object that MD passes to the filter() subroutine.
I want to have a system that confirms that emails to my employees
from other employees are valid and not faked.
If you are calling SpamAssassin 4.0 from MIMEDefang, you can use the
existing rules and welcomelist/blocklist features in SA to do this, no
coding needed. You would just add something like this to your local.cf:
welcomelist_from_auth *@example.com
describe _FROM_EXAMPLE From header has example.com domain
header _FROM_EXAMPLE From ~= /\bexample.com\b/
meta FORGED_FROM_EXAMPLE _FROM_EXAMPLE && !DKIM_VALID_AU
score FORGED_FROM_EXAMPLE 6
You could do the work in filter() or filter_end() yourself, if you
don't want to use SA.
Any suggestions how I can easily extract the arguments provided to
filter_sender() in a filter function after filter_begin() so that I
can use DKIM tests to assist with this?
The globals documented in the mimedefang-filter man page are
accessible from filter() as is the MIME::Entity object $entity which
holds the message. You could also access the HEADERS file directly to
find the From header.
Thank you for the information!
Thanks.
Ralph
On 4/21/2023 4:25 PM, Dianne Skoll via MIMEDefang wrote:
On Fri, 21 Apr 2023 15:46:17 -0400
Ralph Hayon via MIMEDefang <[email protected]> wrote:
When I try calling md_dkim_verify() inside of filter_sender() in
mimedefang-filter , it fails.
It also fails when I try callig md_dkim_verify() from
filter_recipient(), with the same results.
You can't do DKIM tests until you have a message body. So the earliest
you can do that is filter_begin()
Regards,
Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
--
***************************************
Ralph Hayon
Natural Wireless
60 Saddle River Ave, Unit B
South Hackensack, New Jersey 07606
email: [email protected]
www: naturalwireless.com
office: 201-438-2865 x 403
fax: 201-438-1803
cell: 201-315-7397
Natural Wireless
An Ultra Internet Service Provider
***************************************
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
--
***************************************
Ralph Hayon
Natural Wireless
60 Saddle River Ave, Unit B
South Hackensack, New Jersey 07606
email: [email protected]
www: naturalwireless.com
office: 201-438-2865 x 403
fax: 201-438-1803
cell: 201-315-7397
Natural Wireless
An Ultra Internet Service Provider
***************************************
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
