| I'd say you are onto something. http://www.willamowius.de/claws-spf.html
Unfortunately SPF has a very high failure rate due to remailers. But it's a start.
From: Chip Sent: Sunday, June 26, 2016 6:28 PM To: li...@lazygranch.com Reply To: jeffsch...@gmail.com Cc: postfix-users@postfix.org Subject: Re: DKIM/SPF failure to folder, not return to sender and other tricks |
There is dkimverify and spfquery, two command line tools that you
can run against a message in the first case and a domain with ip in
the second case.
Trivial to put in a script and run against messages for sorting.
No?
It
does look like SpamAssassin has a SPF hook.
From: Jeffs Chips
Sent: Sunday, June 26, 2016 5:20 PM
Subject: Re: DKIM/SPF failure to folder,
not return to sender and other tricks
|
This projects is not for normal email delivery but
an esoteric use not usually associated with email - can't
really divulge more but I'm starting to see no easy solution.
There are spf scripts that can run against files separately
from the stuff built into spam assassin and postfix/exim etc.
On Jun 26, 2016 7:57 PM, < li...@lazygranch.com>
wrote:
Well
maybe. If your client supports extra folders per each
mailbox and you can access those folders, then yes. Most
clients do have such folders, but the are designed to be
used with "filters" built in the client. The filters
probably aren't sophisticated enough to check DKIM or SPF,
which is why plugins are used.
While readers of this list think filtering out email that
fails ID is a great idea, the general public just wants the
email to be delivered.
I don't use Gmail, but I understand Google has implemented
or is working on implementing a notification for email that
fails DKIM and SPF. I would be interesting to get some stats
on email passing both DKIM, each individually, or none at
all.
When I suggested a plugin for CLAWS email client to check
DKIM and SPF, the silence was deafening.
Original Message
From: Chip
Sent: Sunday, June 26, 2016 4:41 PM
To: postfix-users@postfix.org
Reply To: jeffsch...@gmail.com
Subject: Re: DKIM/SPF failure to folder, not return to
sender and other tricks
Thanks,
So it just may be easier to deliver all messages to a folder
then have a
cron job run some spf/dkim checking script against the
emails.
On 06/26/2016 05:53 PM, Bill Cole wrote:
> On 26 Jun 2016, at 16:44, Chip wrote:
>
>> I'm wondering if Postfix can do the following
easily.
>
> Nope, not *easily*.
>
>> It's a real dog to get this setup in Exim.
>
> Or Sendmail, or probably ANY MTA that isn't tightly
integrated to
> robust local delivery, mailstore, and mail access
subsystems OR which
> has a sophisticated flexible mechanism for arbitrary
policy definition
> and enforcement. So I guess if you wrote cf-ese by hand
it might be a
> cinch in Sendmail... But anyway: this is *out of scope*
for a pure MTA.
>
> [details elided]
>
>> In other words, a database or text list of emails
with corresponding
>> acceptable senders needs to be maintained and
referenced for each
>> user, I believe, unless a guru here can tell me how
to get the flow
>> properly.
>
> To do this with Postfix, you need some sort of external
program. The
> traditional Postfix mechanism would be a policy daemon.
In modern
> Postfix you could do it in a milter such as MIMEDefang
which provides
> a framework for you to create and enforce any policy
that you can
> express in Perl. (which is easier than cf-ese,
really...)
>
> Within Postfix proper, I suppose you could
hypothetically do this with
> restriction classes, but those don't scale well. If you
had something
> checking and tagging messages for SPF & DKIM
authentication in Postfix
> (e.g. any mechanism that hooks to SpamAssassin or
specialized tools)
> you could then do delivery via LMTP to something like
Dovecot with its
> Pigeonhole add-on and have all your per-user rules in
Sieve rules.
>
> In short: there are many different ways to skin this
cat, but they all
> include the unpleasantry of skinning a cat. Ick.
>
|
