On 2/9/19 11:13 AM, Michael A. Peters via dovecot wrote:
On 2/9/19 10:48 AM, Juri Haberland via dovecot wrote:
*snip*
Honestly I was sort of tempted to try and create my own DMARC validator (I was thinking one daemon that does both DKIM and DMARC - for postfix, Exim has DKIM native but I only use Exim for submission) that tried to sniff Mailman and not enforce it but it looks like it would be very time consuming.
What I wanted to do, was sniff mailman in headers and if it was sent by mail, reject if reverse DNS didn't match HELO/EHLO and white list from OpenDMARC enforcement if it did. That would prevent most spoofed that tried to look like Mailman since spoofed mail rarely has reverseDNS properly set up but Mailman admins tend to.
