Chip schrieb am 19.01.2018 um 00:49:
The end point here is to examine the email headers that specifically
refer to dkim and spf signatures. Based on fail or pass, or some
combination in concert with the sender's email address, they get moved
into fail or pass folders.
The right thing to do this is not SpamAssassin. Dkim and spf are
designed to reject mail at mta level that does not pass validation.
SpamAssassin is meant to only process mail that has not been rejected at
mta level. Usually, you are able to reject 80 percent and more spam
right at mta level by using block lists, smtp validation rules, dkim,
spf and others. You never even accept them, so you don't need to
classify them, so you don't have to move them to some spam folder, so
you don't need to manually verify and delete them. It simply doesn't
reach your system.
If you only want to handle the dkim and spf aspect of mail delivery,
install a spf policy daemon into your mail server and install a dkim
milter into your mail server. I can only tell about CentOS with postfix,
and here I do this:
For spf:
install spf policy daemon:
$ yum install pypolicyd-spf (from epel repository)
called from postfix main.cf (the last line does the spf check)
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
check_policy_service unix:private/policyd-spf
For dkim:
Install opendkim milter:
$ yum install opendkim (from epel repository)
called from postfix main.cf:
smtpd_milters =
unix:/var/run/opendkim-postfix/sock
I skipped the actual configurations of pypolicyd-spf and opendkim, but I
can provide it if you are interested.
This is light-weight in comparison to SpamAssassin and they are "install
and configure once and it works forever" pieces of software, while
SpamAssassin is something you have to actively maintain to keep it in
good working shape.
I cannot tell how this could work together with your cpanel, because I
never used some administration panel. Such panels limit you to do only
what is provided by the panel. To get more into the system the panel
supports is painful or not possible - exactly the problem you are
currently fighting.
