[Rspamd-Users] Prevent sender address spoofing envelope/header FROM
Gerald Galster
list+rspamd at gcore.biz
Mon Jan 22 18:56:02 UTC 2024
> Thanks Gerald, that's worth a try. I had another idea that might work and
> wanted to check.
>
> While SPF verifies the envelope FROM address, and DKIM signs the message,
> it is DMARC that enforces the header FROM address which makes it sent to
> spam at the destination server. By default, Rspamd disables DMARC for
> outgoing messages, what if we enable it so that it verifies DMARC locally
> before sending out. This prevents it from getting to spam on the
> destination server as it isn't sent out in the first place. Would that work?
I don't think that will work. Dkim-signing means you trust the sender
because of its ip or sasl authentification. That way you would revoke
that trust. If a legitimate sender, that enforces dmarc for its domain,
undergoes dmarc-checks before signing, that unsigned / to-be-signed mail
would be rejected.
Moreover checking dmarc in rspamd does not mean enforcing that policy,
e.g. DMARC_POLICY_REJECT could just add to the spamlevel, not rejecting
the mail immediately. To enforce that, something like
actions = {
qarantine = "add_header";
reject = "reject";
}
had to be added to local.d/dmarc.conf.
I would go with the lua example, extracting and comparing the
lowercase envelope-sender/from domains for authenticated submitters.
Best regards
Gerald
More information about the Users
mailing list