Enforcing inbound DKIM / DMARC

Questions and answers about how to do stuff
Post Reply
lukekenny
Posts: 15
Joined: 29 Jun 2020 15:37

Enforcing inbound DKIM / DMARC

Post by lukekenny »

I want to run a fairly strict email filter for inbound email. I can get eFa to block incoming email with bad SPF records:

In /etc/mail/spamassassin/mailscanner.cf:

Code: Select all

score SPF_FAIL 7.00
score SPF_SOFTFAIL 4.50
score SPF_HELO_FAIL 7.00
score SPF_NEUTRAL 3.00
How can I achieve a similar outcome for DKIM and DMARC fails?

I want to:

a. block email with a faulty / forged DKIM signature
b. block unsigned email where there is a DMARC record with "reject" set
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Enforcing inbound DKIM / DMARC

Post by shawniverson »

Do you see DKIMs in your spam score reports?
User avatar
Aryfir
Posts: 21
Joined: 04 Sep 2020 13:52

Re: Enforcing inbound DKIM / DMARC

Post by Aryfir »

I suggest that you applied KAM.cf from https://mcgrail.com/downloads/

Then put high score on local.cf eg:
score KAM_DMARC_REJECT 10.0
score KAM_DMARC_QUARANTINE 3.0
Post Reply