Closed wildstray closed 7 years ago
To tell the truth, DKIM, DMARC and SPF checks are intended to be done on rspamd side. But rmilter can obviously add this information somehow.
Authentication-Results is documented by RFC5451 (but it might exists an updated RFC because I seen also dmarc Authentication-Results in GMail or header added by opendmarc). About generation it rspamd side, I often implemented mail systems in this way: email from external source (legitimate MTA or bot or spammer) ---> dnsbl (postfix postscreen or, in the past, postfix smtpd_recipient_restrictions rules) ---> spf/dkim/dmarc (reject) ---> clamav (reject) ---> spamassassin (tag). My logic is to reject messages ASAP and with the lightest possible controls and with a separation between source/sender/headers checking and message content checking. The messages that seems to be legitimate to dnsbl, local blacklists, dkim, spf, are verified thru clamav, thru spamassassin (bayes) and marked (or rejected in case of attached virus or significant spam scoring). Rspamd is dramatically fast than SA, so there isn't the problem of using it "as a last resource", but might be interesting to supply rmilter of "full loaded" tools to mark/reject (eg. dmarc is missing) email autonomously, indipendently from dspam. Obviously spf/dkim/dmarc results can contribute, later, to the spam score. PS: Please don't abandon this project, it's promising, it can replace "all-in-one" many milters, script and libraries.
The reason why I don't like this project is simple: so far, rspamd can do almost all things supported in rmilter but significantly faster than rmilter. The only missing thing is the milter protocol interface for rspamd. Hence, I'm looking forward to adopt rspamd to understand milter protocol directly than to add more hacks to rmilter.
Authentication-Results header is useful , hope it come as soon as probably .
It appears #65 is a duplicate of this.
@vstakhov Is rmilter still necessary for integration with Postfix?
I'm a little confused as to quite what #65 is really about.
Support for adding Authentication-Results header is available in rspamd (in 1.5.0+ but the module will work in 1.4.x)- rmilter is able to use this.
Rmilter is still needed for integration with Postfix.
An Authentication-Results header will be useful for debugging purposes and as a validation of a legitimate sender from a legitimate server.
Eg. (GMail Authentication-Results)
Authentication-Results: mx.google.com; spf=pass (google.com: domain of foo@mydomain.it designates 2.10.10.10 as permitted sender) smtp.mail=foo@mydomain.it; dkim=pass header.i=@mydomain.it; dmarc=pass (p=NONE dis=NONE) header.from=mydomain.it
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.