On 4/30/2014 8:04 AM, Michael Storz wrote:
Am 2014-04-30 13:36, schrieb Kevin A. McGrail:
On 4/30/2014 7:15 AM, Michael Storz wrote:
Thanks, your answers are very helpful for solving the problems we
are facing. On a related note, if you need, I did implement a
modification routine for mailman in mimedefang. Code published at
http://lists.roaringpenguin.com/pipermail/mimedefang/2014-April/037324.html
As for an SA plugin, I think it will be needed but I believe it is
just an overlay on top of existing DKIM and SPF information.
If you open a bug for the plugin with your list of desired features,
that would be good.
Otherwise, to me, I think the features are:
- Make sure SPF and DKIM are enabled
- Check those results
- Check the DMARC policy
- If policy is reject or quarantine and the SPF/DKIM fails, give a
fairly high score to a rule
You are missing the alignment requirements of the RFC5322.From domain
with the signing domain (DKIM) and the RFC5321.MailFrom domain (SPF).
But this is already implemented in Mail::DMARC.
I'm sure I'm missing a lot of things. I don't know that I would want to
make this dependent on another module though if it can be easily avoided.
When you are ready, open a bug in bugzilla. I think it's a good idea.
For DMARC, this will not be a problem, because the address where
reports should be sent ist specified in the DMARC record in DNS:
rua: Reporting URI(s) for aggregate data
ruf: Reporting URI(s) for forensic data
Examples:
dig +short txt _dmarc.paypal.com
"v=DMARC1; p=reject; rua=mailto:d...@rua.agari.com;
ruf=mailto:d...@bounce.paypal.com,mailto:d...@ruf.agari.com";
dig +short txt _dmarc.yahoo.com
"v=DMARC1; p=reject; sp=none; pct=100;
rua=mailto:dmarc-yahoo-...@yahoo-inc.com, mailto:dmarc_y_...@yahoo.com;";
I understand that but I find it difficult to believe anyone is bothering
to read these and that it will be useful to generate reports when
bounces are received. I could be wrong.
Regards,
KAM
