efa-project.org


https://forum.efa-project.org/

Enforcing inbound DKIM / DMARC

https://forum.efa-project.org/viewtopic.php?t=4825

Page 1 of 1

Enforcing inbound DKIM / DMARC

Posted: 31 Aug 2021 02:40
by lukekenny
I want to run a fairly strict email filter for inbound email. I can get eFa to block incoming email with bad SPF records:

In /etc/mail/spamassassin/mailscanner.cf:

Code: Select all

score SPF_FAIL 7.00
score SPF_SOFTFAIL 4.50
score SPF_HELO_FAIL 7.00
score SPF_NEUTRAL 3.00
How can I achieve a similar outcome for DKIM and DMARC fails?

I want to:

a. block email with a faulty / forged DKIM signature
b. block unsigned email where there is a DMARC record with "reject" set

Re: Enforcing inbound DKIM / DMARC

Posted: 31 Aug 2021 13:10
by shawniverson
Do you see DKIMs in your spam score reports?

Re: Enforcing inbound DKIM / DMARC

Posted: 10 Sep 2021 17:32
by Aryfir
I suggest that you applied KAM.cf from https://mcgrail.com/downloads/

Then put high score on local.cf eg:
score KAM_DMARC_REJECT 10.0
score KAM_DMARC_QUARANTINE 3.0
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited