Re: DMARC_REJECT?

Sat, 16 Nov 2019 10:39:46 -0800 

On 11/16/19 12:19 AM, Dominic Raferd wrote:
> 
> 
> On Fri, 15 Nov 2019 at 21:17, Kevin A. McGrail <kmcgr...@apache.org 
> <mailto:kmcgr...@apache.org>> wrote:
> 
>     Good idea.  This is done.
> 
>     On 11/15/2019 11:49 AM, David Jones wrote:
>      > Perhaps it needs to be named KAM_DMARC_REJECT to make it obvious
>     that it
>      > came from the KAM.cf and have a default score of 0.001?
> 
> 
> I believe only the renaming has been done, the default score remains 10; 
> so anyone overriding the default score (that would be, er, me) needs to 
> update their local settings for the new name.

Yes the rename was the only thing done.  The default score should be 
0.001 in KAM.cf then local overrides and meta rules could be used to 
bump up the score as needed.

The only way to get complete/true DMARC support in SA is to install 
OpenDMARC as a milter and then setup local rules to use the headers it 
adds that are specific to the AuthservID value in the 
/etc/opendmarc/opendmarc.conf.

We should add default rules to the SA ruleset that would utilize 
OpenDMARC headers if they were present similar to how SPF checks can use 
Received-SPF and Authentication-Results headers on internal headers.

Any perl people out there want to take a shot at a DMARC plugin that 
would use Authentication-Results nternal headers?


Examples:

Authentication-Results: smtp.ena.net; dkim=none
Authentication-Results: smtp.ena.net; dmarc=pass (p=none dis=none) 
header.from=dmarc.org
Authentication-Results: smtp.ena.net;
      dkim=pass (1024-bit key) header.d=dmarc.org header.i=@dmarc.org
Authentication-Results: smtp.ena.net; spf=none (mailfrom)
Authentication-Results: smtp.ena.net;
      dkim=pass (2048-bit key) header.d=dmarc.org header.i=@dmarc.org
Authentication-Results: smtp.ena.net; spf=pass (mailfrom) 
smtp.mailfrom=ncas.us-cert.gov (client-ip=208.42.190.161; 
helo=mailer190161.service.govdelivery.com; 
envelope-from=messa...@ncas.us-cert.gov; receiver=b...@example.com)
Authentication-Results: smtp.ena.net; dmarc=pass (p=reject dis=none) 
header.from=ncas.us-cert.gov
Authentication-Results: smtp.ena.net;
      dkim=pass (2048-bit key) header.d=ncas.us-cert.gov 
header.i=@ncas.us-cert.gov

-- 
David Jones

Reply via email to