this works for me

main
Florent Daigniere 2 years ago
parent be4dd6d84a
commit af87456faf

@ -1,7 +1,17 @@
rules { rules {
ANTISPOOF { ANTISPOOF_NOAUTH {
action = "reject"; action = "reject";
expression = "((R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)|BLACKLIST_ANTISPOOF) & IS_LOCAL_DOMAIN"; expression = "(IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA))";
message = "Rejected (anti-spoofing)"; message = "Rejected (anti-spoofing noauth)";
}
ANTISPOOF_DMARC_ENFORCE_LOCAL {
action = "reject";
expression = "((IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE)";
message = "Rejected (anti-spoofing DMARC-enforce for local domains)";
}
ANTISPOOF_AUTH_FAILED {
action = "reject";
expression = "BLACKLIST_ANTISPOOF";
message = "Rejected (anti-spoofing auth-failed)";
} }
} }

@ -1,5 +1,11 @@
IS_LOCAL_DOMAIN { IS_LOCAL_DOMAIN_H {
type = "from"; type = "selector"
filter = "email:domain"; selector = "from('mime'):domain";
map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
}
IS_LOCAL_DOMAIN_E {
type = "selector"
selector = "from('smtp'):domain";
map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains"; map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
} }

@ -3,6 +3,6 @@ rules {
valid_dmarc = true; valid_dmarc = true;
blacklist = true; blacklist = true;
domains = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains"; domains = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
score = 15.0; score = 99.0;
} }
} }

Loading…
Cancel
Save