smedev:qpsmtpd_096

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision 		Révision précédente
smedev:qpsmtpd_096 [09/05/2016 09:26]
dani [Inbound DKIM / SPF / DMARC] 		smedev:qpsmtpd_096 [13/09/2016 09:43] (Version actuelle)
dani [Helo]
Ligne 9: Ligne 9:
 The first step is to update the core qpsmtpd package to the latest version, adapt the spec file if needed, rebase needed patches. The first step is to update the core qpsmtpd package to the latest version, adapt the spec file if needed, rebase needed patches.
  
-This is currently being worked on, my latest build is available in fws-testing repo 
- 
-  * http://repo.firewall-services.com/centos-testing/6/SRPMS/qpsmtpd-0.96-1.beta3.el6.fws.src.rpm 
-  * http://repo.firewall-services.com/centos-testing/6/noarch/qpsmtpd-0.96-1.beta3.el6.fws.noarch.rpm 
  
 ===== Check qpsmtpd-plugins and smeserver-qpsmtpd for duplicated plugins ===== ===== Check qpsmtpd-plugins and smeserver-qpsmtpd for duplicated plugins =====
Ligne 142: Ligne 138:
 Previously, the helo plugin was just checking for some known bad helo hostnames used by spammers (aol.com and yahoo.com). Now, it can check much more than that. This plugin is always enabled and has a single setting: Previously, the helo plugin was just checking for some known bad helo hostnames used by spammers (aol.com and yahoo.com). Now, it can check much more than that. This plugin is always enabled and has a single setting:
  
-  * HeloPolicy: (lenient|rfc|strict). The default value is **rfc**. See https://github.com/smtpd/qpsmtpd/blob/master/plugins/helo for a description of the various tests done at each level+  * HeloPolicy: (lenient|rfc|strict). The default value is **lenient**. See https://github.com/smtpd/qpsmtpd/blob/master/plugins/helo for a description of the various tests done at each level
  
 Example: Example:
  
 <code bash> <code bash>
-db configuration setprop qpsmtpd HeloPolicy lenient+db configuration setprop qpsmtpd HeloPolicy rfc
 signal-event email-update signal-event email-update
 </code> </code>
Ligne 155: Ligne 151:
 DMARC is a policy on top of DKIM and SPF. By default, SPF and DKIM are now checked on every inbound emails, but no reject is attempted. The dmarc plugin can decide to reject the email (depending on the sender policy). dkim and spf plugins are always enabled. dmarc has two settings: DMARC is a policy on top of DKIM and SPF. By default, SPF and DKIM are now checked on every inbound emails, but no reject is attempted. The dmarc plugin can decide to reject the email (depending on the sender policy). dkim and spf plugins are always enabled. dmarc has two settings:
  
-  * DMARCReject (1|0): Default value is 1. If set to 1, the dmarc plugin can decide to reject an email (if the policy of the sender is to reject on alignment failure). You can disable it by setting this to 0 (or disabled, off, no+  * DMARCReject (enabled|disabled): Default value is disabled. If set to enabled, the dmarc plugin can decide to reject an email (if the policy of the sender is to reject on alignment failure) 
-  * DMARCReporting (1|0): Default value is 1. If set to 1, enable reporting (which is the **r** in dma**r**c). Reporting is a very important part of the DMARC standard. When enabled, you'll record information about email you receive from domains which have published a DMARC policy in a local SQLite database (/var/lib/qpsmtpd/dmarc/reports.sqlite). Then, once a day, you send the aggregate reports to the domain owner so they have feedback. You can set this to if you want to disable this feature +  * DMARCReporting (enabled|disabled): Default value is enabled. If set to enabled, enable reporting (which is the **r** in dma**r**c). Reporting is a very important part of the DMARC standard. When enabled, you'll record information about email you receive from domains which have published a DMARC policy in a local SQLite database (/var/lib/qpsmtpd/dmarc/reports.sqlite). Then, once a day, you send the aggregate reports to the domain owner so they have feedback. You can set this to disabled if you want to disable this feature 
-  * SPFRejectPolicy (0|1|2|3|4): Default value is 1. Set the policy to apply in case of SPF failure when the sender hasn't published a DMARC policy. Note: this is only used when no DMARC policy is published by the sender. If there's a DMARC policy, even a "p=none" one (meaning no reject), then the email wont' be rejected, even on failed SPF tests.+  * SPFRejectPolicy (0|1|2|3|4): Default value is 0. Set the policy to apply in case of SPF failure when the sender hasn't published a DMARC policy. Note: this is only used when no DMARC policy is published by the sender. If there's a DMARC policy, even a "p=none" one (meaning no reject), then the email won'be rejected, even on failed SPF tests.
     * 0: do not reject anything     * 0: do not reject anything
     * 1: reject when SPF says fail     * 1: reject when SPF says fail
Ligne 167: Ligne 163:
 Example: Example:
 <code bash> <code bash>
-db configuration setprop qpsmtpd DMARCReject SPFRejectPolicy 2+db configuration setprop qpsmtpd DMARCReject disabled SPFRejectPolicy 2
 signal-event email-update signal-event email-update
 </code> </code>
  • smedev/qpsmtpd_096.1462778814.txt.gz
  • Dernière modification: 09/05/2016 09:26
  • de dani