Page 1 of 1

Sender Verification

Posted: 19 Apr 2019 16:35
by nicola.piazzi
Postfix can do sender verification, and can mantain a cache table to avoid frequantly verifications of same address.
But sender verification is too aggressive, i think that is bnot a good thing to reject unverified addresses
Is there something in spamassassin so unverified can assigned a score ?
A way can be to use postfix to create a header but accept messages marking

someone know how ?

Re: Sender Verification

Posted: 17 May 2019 19:03
by warlord
I don't have an answer but I am migrating from a postfix+maia-mailguard to efa-based solution. I've been using sender-verify on the old system and yes, it does have many false-positives and blocks valid email, but it's also extremely important in cutting down spam. So yes, I would definitely agree that some way to get SA to process would be useful, provided there is some way to trust the header. If the header can be forged then an attacker could just create it a priori and SA would accept it.

Alternatively, you can just enable sender_verify in postfix on EFA (which I am still considering doing).