Don't apply antispoof rules on locally generated emails
parent
179c624116
commit
36623188b5
@ -1,17 +1,17 @@
|
||||
rules {
|
||||
ANTISPOOF_NOAUTH {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
|
||||
message = "Rejected (anti-spoofing: noauth). Please setup DMARC with DKIM or SPF if you want to send emails from your domain from other servers.";
|
||||
}
|
||||
ANTISPOOF_DMARC_ENFORCE_LOCAL {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
|
||||
message = "Rejected (anti-spoofing: DMARC compliance is enforced for local domains, regardless of the policy setting)";
|
||||
}
|
||||
ANTISPOOF_AUTH_FAILED {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & BLACKLIST_ANTISPOOF";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & BLACKLIST_ANTISPOOF";
|
||||
message = "Rejected (anti-spoofing: auth-failed)";
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,2 @@
|
||||
{{ SUBNET }}
|
||||
{{ SUBNET6 }}
|
@ -0,0 +1 @@
|
||||
Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules
|
Loading…
Reference in New Issue