mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2025-01-26 05:27:29 +02:00
[Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0
This commit is contained in:
parent
405c49fb0a
commit
073c6c6e73
@ -62,7 +62,7 @@ smtpd_sasl_authenticated_header = yes
|
||||
smtpd_sasl_path = inet:dovecot:10001
|
||||
smtpd_sasl_type = dovecot
|
||||
smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
|
||||
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain
|
||||
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain
|
||||
smtpd_soft_error_limit = 3
|
||||
smtpd_tls_auth_only = yes
|
||||
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
|
||||
|
@ -2,7 +2,7 @@ rules {
|
||||
DKIM_FAIL {
|
||||
action = "add header";
|
||||
expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
|
||||
require_action = ["no action", "greylist"];
|
||||
require_action = ["no action", "greylist", "soft reject"];
|
||||
}
|
||||
VIRUS_FOUND {
|
||||
action = "reject";
|
||||
@ -19,4 +19,9 @@ rules {
|
||||
expression = "WHITELISTED_FWD_HOST";
|
||||
require_action = ["greylist", "soft reject"];
|
||||
}
|
||||
ADD_UNAUTH_SUBJ {
|
||||
action = "rewrite subject";
|
||||
subject = "[Unauth] %s";
|
||||
expression = "SPOOFED_SENDER";
|
||||
}
|
||||
}
|
||||
|
@ -34,3 +34,7 @@ group "MX" {
|
||||
one_shot = "true";
|
||||
}
|
||||
}
|
||||
symbol "SPOOFED_SENDER" {
|
||||
description = "Sender is not authenticated but part of mailcow managed domains";
|
||||
score = 1.0;
|
||||
}
|
||||
|
@ -1,22 +1,29 @@
|
||||
RCPT_MAILCOW_DOMAIN {
|
||||
type = "rcpt";
|
||||
filter = "email:domain"
|
||||
map = "redis://DOMAIN_MAP"
|
||||
filter = "email:domain";
|
||||
map = "redis://DOMAIN_MAP";
|
||||
}
|
||||
|
||||
RCPT_WANTS_SUBJECT_TAG {
|
||||
type = "rcpt";
|
||||
filter = "email:addr"
|
||||
map = "redis://RCPT_WANTS_SUBJECT_TAG"
|
||||
map = "redis://RCPT_WANTS_SUBJECT_TAG";
|
||||
}
|
||||
|
||||
WHITELISTED_FWD_HOST {
|
||||
type = "ip";
|
||||
map = "redis://WHITELISTED_FWD_HOST"
|
||||
map = "redis://WHITELISTED_FWD_HOST";
|
||||
}
|
||||
|
||||
KEEP_SPAM {
|
||||
type = "ip";
|
||||
map = "redis://KEEP_SPAM"
|
||||
map = "redis://KEEP_SPAM";
|
||||
action = "accept";
|
||||
}
|
||||
|
||||
SPOOFED_SENDER {
|
||||
type = "rcpt";
|
||||
filter = "email:domain";
|
||||
map = "redis://DOMAIN_MAP";
|
||||
require_symbols = "AUTH_NA | !RCVD_VIA_SMTP_AUTH";
|
||||
}
|
||||
|
@ -58,6 +58,9 @@ rspamd_config:register_symbol({
|
||||
local redis_params = rspamd_parse_redis_server('dyn_rl')
|
||||
local rspamd_logger = require "rspamd_logger"
|
||||
local envfrom = task:get_from(1)
|
||||
if not envfrom then
|
||||
return false
|
||||
end
|
||||
local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case
|
||||
local env_from_addr = envfrom[1].addr:lower() -- get smtp from addr in lower case
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user