Enforcing inbound DKIM / DMARC

Questions and answers about how to do stuff
Post Reply
lukekenny
Posts: 6
Joined: 29 Jun 2020 15:37

Enforcing inbound DKIM / DMARC

Post by lukekenny » 31 Aug 2021 02:40

I want to run a fairly strict email filter for inbound email. I can get eFa to block incoming email with bad SPF records:

In /etc/mail/spamassassin/mailscanner.cf:

Code: Select all

score SPF_FAIL 7.00
score SPF_SOFTFAIL 4.50
score SPF_HELO_FAIL 7.00
score SPF_NEUTRAL 3.00
How can I achieve a similar outcome for DKIM and DMARC fails?

I want to:

a. block email with a faulty / forged DKIM signature
b. block unsigned email where there is a DMARC record with "reject" set

User avatar
shawniverson
Posts: 3438
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Enforcing inbound DKIM / DMARC

Post by shawniverson » 31 Aug 2021 13:10

Do you see DKIMs in your spam score reports?

User avatar
Aryfir
Posts: 6
Joined: 04 Sep 2020 13:52

Re: Enforcing inbound DKIM / DMARC

Post by Aryfir » 10 Sep 2021 17:32

I suggest that you applied KAM.cf from https://mcgrail.com/downloads/

Then put high score on local.cf eg:
score KAM_DMARC_REJECT 10.0
score KAM_DMARC_QUARANTINE 3.0

Post Reply