[Rspamd-Users] Image spam
Tim Harman
tim at muppetz.com
Tue Apr 23 09:03:13 UTC 2019
On 17/04/2019 9:51 pm, Bill Pye via Users wrote:
> Hi all
>
> Does anyone have some insight what can be done, if anything, with the
> current wave of bitcoin 'image' spam that's hitting our servers?
The way I've dealt with it (with my single, small domain) is to realise
that the "scam" uses a from: that's the same as the to:
Because I have SPF, DKIM and a DMARC record that I'm happy with, I have
set DMARC failure to p=reject;
Then all I did was set the following in local.d/dmarc.conf
actions = {
quarantine = "add_header";
reject = "reject";
}
So when a mail comes in for my domain, from my domain, when they have no
authority in SPF or DKIM to send from my domain, they fail DMARC and the
mail is rejected, no matter how well it would otherwise score:
2019-04-23 15:27:28 #25902(normal) <69eec6>; task;
rspamd_add_passthrough_result: <undef>: set pre-result to reject (no
score): 'Action set by DMARC' from dmarc(1)
Hope this helps.
Tim
More information about the Users
mailing list