----- Message from RW <rwmailli...@googlemail.com> ---------
Date: Mon, 19 Apr 2021 12:47:02 +0100
From: RW <rwmailli...@googlemail.com>
Subject: Re: KAM_DMARC_REJECT on internal emails
To: users@spamassassin.apache.org
On Mon, 19 Apr 2021 16:36:58 +1000
Simon Wilson wrote:
Hi list,
- I'm running KAM rules in Spamassassin
- Postfix port 587-submitted email is sent to Amavisd (as a
content_filter) on port 10026 (tagged as ORIGINATING/MYNETS) and is
spam-checked and DKIM-signed on its way out the door, sent back to
Postfix at port 10025 for final delivery
- my domain has DMARC p=reject
If the final delivery is a local address, I'm getting some in-theory
valid but in practicality invalid Spamassassin scores... e.g. SA is
tagging those emails with KAM_DMARC_REJECT - as DMARC fails
(correctly). The sending and receiving IPs are all internal...
The KAM DMARC rules are simplistic. IIWY I'd override them.
Thanks... I'd reached the same conclusion. Seems crazy to run yet
another set of tests when the emails I want to run those tests for I
already have on the way in with e.g. OpenDMARC. So I've set the KAM
DMARC rules to score 0. I have some alternate DMARC rules which only
trigger on existing Authentication-results headers, rather than do a
new test every time.
Question - with the KAM DMARC rules set to zero, do the dns tests, e.g.:
askdns __KAM_DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT
/^v=DMARC1;.*\bp=reject;/
run anyway? Or only if the resultant metas which call on them have a
score value <> 0?
Simon
--
Simon Wilson
M: 0400 12 11 16
