Merge #2633
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules. ### Related issue(s) ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>main
commit
db2a490256
@ -1,17 +1,17 @@
|
||||
rules {
|
||||
ANTISPOOF_NOAUTH {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
|
||||
message = "Rejected (anti-spoofing: noauth). Please setup DMARC with DKIM or SPF if you want to send emails from your domain from other servers.";
|
||||
}
|
||||
ANTISPOOF_DMARC_ENFORCE_LOCAL {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
|
||||
message = "Rejected (anti-spoofing: DMARC compliance is enforced for local domains, regardless of the policy setting)";
|
||||
}
|
||||
ANTISPOOF_AUTH_FAILED {
|
||||
action = "reject";
|
||||
expression = "!MAILLIST & BLACKLIST_ANTISPOOF";
|
||||
expression = "!IS_LOCALLY_GENERATED & !MAILLIST & BLACKLIST_ANTISPOOF";
|
||||
message = "Rejected (anti-spoofing: auth-failed)";
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,2 @@
|
||||
{{ SUBNET }}
|
||||
{{ SUBNET6 }}
|
@ -0,0 +1 @@
|
||||
Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules
|
Loading…
Reference in New Issue