offtopic: rant about thoughtless enabling DMARC checks [was: Re: Bounces?]
Michael A. Peters
mpeters at domblogger.net
Sat Feb 9 21:23:25 EET 2019
On 2/9/19 11:13 AM, Michael A. Peters via dovecot wrote:
> On 2/9/19 10:48 AM, Juri Haberland via dovecot wrote:
*snip*
>
> Honestly I was sort of tempted to try and create my own DMARC validator
> (I was thinking one daemon that does both DKIM and DMARC - for postfix,
> Exim has DKIM native but I only use Exim for submission) that tried to
> sniff Mailman and not enforce it but it looks like it would be very time
> consuming.
>
What I wanted to do, was sniff mailman in headers and if it was sent by
mail, reject if reverse DNS didn't match HELO/EHLO and white list from
OpenDMARC enforcement if it did. That would prevent most spoofed that
tried to look like Mailman since spoofed mail rarely has reverseDNS
properly set up but Mailman admins tend to.
More information about the dovecot
mailing list