[pfx] Re: whitelisting dmarc violators

Thu, 17 Jul 2025 05:36:19 -0700 

On 17.07.25 13:08, Marko Cupać via Postfix-users wrote:

I have postfix setup with opendmarc and opendkim:

milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
non_smtpd_milters = $smtpd_milters

This works as intended (rejecting mails which violate dmarc policies).

There are some "valid" senders which seem to violate their own policies
(below is log excerpt for denied password reset email from sony:

Jul 17 11:14:36 fbsd1 postfix/cleanup[68100]: 5FFB746F22B: 
message-id=<5ebed326-56e5-4bb5-85fe-09f02e822...@iad4s12mta429.xt.local>
Jul 17 11:14:36 fbsd1 opendkim[91485]: 5FFB746F22B: 
mta3.txn-email03.playstation.com [13.110.224.213] not internal
Jul 17 11:14:36 fbsd1 opendkim[91485]: 5FFB746F22B: not authenticated
Jul 17 11:14:36 fbsd1 opendkim[91485]: 5FFB746F22B: message has signatures from 
email03.account.sony.com, s12.y.mc.salesforce.com
Jul 17 11:14:36 fbsd1 opendkim[91485]: 5FFB746F22B: s=12dkim1 
d=email03.account.sony.com SSL
Jul 17 11:14:36 fbsd1 opendmarc[89790]: 5FFB746F22B: SPF(mailfrom): 
bounce.txn-email03.playstation.com pass
Jul 17 11:14:36 fbsd1 opendmarc[89790]: 5FFB746F22B: email03.account.sony.com 
fail
Jul 17 11:14:36 fbsd1 postfix/cleanup[68100]: 5FFB746F22B: milter-reject: END-OF-MESSAGE from mta3.txn-email03.playstation.com[13.110.224.213]: 5.7.1 rejected by DMARC policy for email03.account.sony.com; from=<bounce-6_html-348233145-1287-534001850-1423...@bounce.txn-email03.playstation.com> to=<u...@example.org> proto=ESMTP helo=<mta3.txn-email03.playstation.com> 
Jul 17 11:14:36 fbsd1 postfix/cleanup[68100]: 5FFB746F22B: removed (canceled)
Jul 17 11:14:36 fbsd1 postfix/smtpd[67964]: disconnect from 
mta3.txn-email03.playstation.com[13.110.224.213] ehlo=2 starttls=1 mail=1 
rcpt=1 data=0/1 quit=1 commands=6/7

What is the most appropriate way to selectively accept those emails?


perhaps smtpd_milter_maps could help:
http://www.postfix.org/postconf.5.html#smtpd_milter_maps

other choice - ignoring at milter level was already pointed out by Benny

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to