Re: Spamassassin rule

Fri, 17 Nov 2023 03:43:54 -0800 

W dniu 17.11.2023 o 12:31, Matus UHLAR - fantomas pisze:

On 17.11.23 11:19, natan wrote:

How it realy realy works in SA ? I ask beacuse warking not so cool:

example:

ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/ askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/ askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=reject;/ 

meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_REJECT
score DMARC_REJECT 1
meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_QUAR
score DMARC_QUAR 0.5
meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_NONE
score DMARC_NONE 0.1
endif
Note that SPF uses envelope from domain whie DKIM uses header From, so it must be combined with HEADER_FROM_DIFFERENT_DOMAINS so something like:
meta DMARC_REJECT __DMARC_POLICY_REJECT && !(DKIM_VALID_AU || (SPF_PASS && !HEADER_FROM_DIFFERENT_DOMAINS))
However there is stock SA rule that uses Mail::SpamAssassin::Plugin::DMARC: 

header DMARC_REJECT eval:check_dmarc_reject()

I can't find realy works with rules




Log:
Nov 17 11:10:49 amavis5 amavis[598804]: (598804-07) spam-tag, <3jtxxzrapacwkwuumvba-vwzmxtglwka.owwotm....@chime-notifications.bounces.google.com> -> <u...@domain.ltd>, No, score=4.865 tagged_above=3.6 required=6 tests=[AWL=-0.124, BAYES_00=-1.9, DCC_CHECK=4, DKIMWL_WL_MED=-0.001,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, DMARC_REJECT=1, FROM_NOT_RETURN_PATH=2,
root@amavis5:/etc/mail/spamassassin# host -t txt chime-notifications.bounces.google.com chime-notifications.bounces.google.com descriptive text "v=spf1 redirect=_spf.google.com" 

root@amavis5:/etc/mail/spamassassin# host -t txt _spf.google.com
_spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
root@amavis5:/etc/mail/spamassassin# host -t txt _dmarc.chime-notifications.bounces.google.com _dmarc.chime-notifications.bounces.google.com descriptive text "v=spf1 redirect=_spf.google.com" 

E-mail was signed DKIM but why SA set "DMARC_REJECT" in this time ?





it's hard to see this without envelope and header from:
Return-Path: <3jtxxzrapacwkwuumvba-vwzmxtglwka.owwotm....@chime-notifications.bounces.google.com> 
Delivered-To: u...@domain.ltd
Received: from yyyy ([yyy.yyy.yyy.yyyy])
        by dovecot6 with LMTP
        id MMRTKyk8V2XTEAAAcMszrQ
        (envelope-from <3jtxxzrapacwkwuumvba-vwzmxtglwka.owwotm....@chime-notifications.bounces.google.com>) 
        for <u...@domain.ltd>; Fri, 17 Nov 2023 11:10:49 +0100
....
Received: by mail-io1-f69.google.com with SMTP id ca18e2360f4ac-7a68ed726c9so157910939f.3 
        for <u...@domain.ltd>; Fri, 17 Nov 2023 02:10:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1700215845; x=1700820645; darn=domain.ltd; 
h=to:from:subject:message-id:date:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Q271PAJLNE4ybEFdYYzmBSNisnfHEmKVmA/gB6QMDBg=;
b=K7zCfAzBao69/w5rWbl+jsmFIIHCDucKkLqpUpEHMnXyElFe1Y8tZTAdm1ZnVfjC1f
nPBS8uHr06W3yDokonBjtJtbGeWhbvRXyQkCaEY8GIgx6U7gCad2137MSAwu5wQH9Udp
mQz/EAxVx+GMEcC2EgqZt/Ptlrays5kYRq+dVYh+uZMDrcYaezBT1u3Y7KlDKycbyXis
C/Eu87graMi99CvgRnCSDNYyrCtAHL1/BcfDpbwVoBFNzD2MEYcgu1xoHyDb0vj+iDX0
Dlblv26b2U7r4TxiP5PyddZv8aVqgU5Z4qdWLMiLqYL5bXHAG77Iiv3DBfDSGoUaqp+Y
         L5iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1700215845; x=1700820645;
h=to:from:subject:message-id:date:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Q271PAJLNE4ybEFdYYzmBSNisnfHEmKVmA/gB6QMDBg=;
b=ipCF0iXILzxHTf09/2B77o7o1X/VBzKxs+7dNfXVWHA4daM60j4TUfh/8zXqNoZQd7
ZgTHZujfS3B+/URFdiUomGoZ7b+gLEcfX0wcOO8x0cQ6zN0Se/+55741X7fUtw5QtFr5
FbTb+fug6r+Mn8mLu4HsRGKsejep44OGiQbCxE7lCrl0iroapupL/zlQ5/05nbY4v0XU
n9YdWIBA5YcmwOsAFhRo33ueec3xkJcqQL46r+36KO/fT8EZ/8MjxA37Jtx/bh4+ElIM
I81jZAVb7KXePskT5OU94EYjdfJdmbVHN0MZdUEE5GV2xfHZvaTybwdRzHbGGpahGPvp
         YVbw==
.....
Message-ID: <ao12ivmx0hfcr4kc13h...@notifications.google.com>
Subject: =?UTF-8?B?4oCeVGFiZWxrYSBLbGllbnTigJ0gYnnFgiBvc3RhdG5pbyBlZHl0b3dhbnk=?= 
From: Google Sheets <comments-nore...@docs.google.com>
.....


--

Reply via email to