vstakhov / rmilter

Another sendmail milter for different mail checks.
86 stars 18 forks source link

Add an Authentication-Results header #28

Closed wildstray closed 7 years ago

wildstray commented 9 years ago

An Authentication-Results header will be useful for debugging purposes and as a validation of a legitimate sender from a legitimate server.

Eg. (GMail Authentication-Results)

Authentication-Results: mx.google.com; spf=pass (google.com: domain of foo@mydomain.it designates 2.10.10.10 as permitted sender) smtp.mail=foo@mydomain.it; dkim=pass header.i=@mydomain.it; dmarc=pass (p=NONE dis=NONE) header.from=mydomain.it

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

vstakhov commented 9 years ago

To tell the truth, DKIM, DMARC and SPF checks are intended to be done on rspamd side. But rmilter can obviously add this information somehow.

wildstray commented 9 years ago

Authentication-Results is documented by RFC5451 (but it might exists an updated RFC because I seen also dmarc Authentication-Results in GMail or header added by opendmarc). About generation it rspamd side, I often implemented mail systems in this way: email from external source (legitimate MTA or bot or spammer) ---> dnsbl (postfix postscreen or, in the past, postfix smtpd_recipient_restrictions rules) ---> spf/dkim/dmarc (reject) ---> clamav (reject) ---> spamassassin (tag). My logic is to reject messages ASAP and with the lightest possible controls and with a separation between source/sender/headers checking and message content checking. The messages that seems to be legitimate to dnsbl, local blacklists, dkim, spf, are verified thru clamav, thru spamassassin (bayes) and marked (or rejected in case of attached virus or significant spam scoring). Rspamd is dramatically fast than SA, so there isn't the problem of using it "as a last resource", but might be interesting to supply rmilter of "full loaded" tools to mark/reject (eg. dmarc is missing) email autonomously, indipendently from dspam. Obviously spf/dkim/dmarc results can contribute, later, to the spam score. PS: Please don't abandon this project, it's promising, it can replace "all-in-one" many milters, script and libraries.

vstakhov commented 9 years ago

The reason why I don't like this project is simple: so far, rspamd can do almost all things supported in rmilter but significantly faster than rmilter. The only missing thing is the milter protocol interface for rspamd. Hence, I'm looking forward to adopt rspamd to understand milter protocol directly than to add more hacks to rmilter.

wangyu1314 commented 8 years ago

Authentication-Results header is useful , hope it come as soon as probably .

devurandom commented 7 years ago

It appears #65 is a duplicate of this.

@vstakhov Is rmilter still necessary for integration with Postfix?

fatalbanana commented 7 years ago

I'm a little confused as to quite what #65 is really about.

Support for adding Authentication-Results header is available in rspamd (in 1.5.0+ but the module will work in 1.4.x)- rmilter is able to use this.

Rmilter is still needed for integration with Postfix.