How ISPConfig manage SPF/DMARC for incoming mails ?

Discussion in 'Installation/Configuration' started by francoisPE, Jan 7, 2022.

  1. francoisPE

    francoisPE Member HowtoForge Supporter

    Hello,
    I have ISPConfig 3.2.7p1 configured with email domains and email boxes.
    I wonder how my server is dealing incoming mails regarding SPF directives and DMARC directives ?
    Does it consider SPF record when receiving a mail and reject if violated ?
    How does it consider DMARC directives ? Does it send a mail like [email protected] ?
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I don't remember, are you using amavis or rspamd?
     
  3. francoisPE

    francoisPE Member HowtoForge Supporter

    I set up amavis (with ubuntu 20.04)
    I ve just checked ubuntu setup tutorial : it is implementing amavis not rspamd : dont know why ?
     
    Last edited: Jan 8, 2022
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  5. francoisPE

    francoisPE Member HowtoForge Supporter

    Very nice.
    I have my conf (multi server) in production... is there a tuto to move to rspamd ?
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  7. francoisPE

    francoisPE Member HowtoForge Supporter

    Very easy, i'll do that. Thanks.
    If i come back to my initial question,
    I understand from your explaination that rspamd is managing spf and dmarc including sending emails 'noreplydmarc'
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    With rspamd, spf/dkim/dmarc is checked and used to score mail by default, it does not reject, even when the domain policy explicitly calls for it. The default scores are in the 1.5-3 range, not terribly high; you will have to manually change the score or force an action based on the relevant symbols if you want to do differently. Rspamd can send dmarc reports, you have to manually configure it to do so. Be sure to send from a noreply type sender address which discards mail, as it will get lots of bounced mail back (I've not tried to determine what percent of domains have misconfigured dmarc reporting, but it's more than just a few).
     
  9. francoisPE

    francoisPE Member HowtoForge Supporter

    I imagine that these settings
    - Spam score / force action
    - send dmarc report
    are accessible in web gui ?

    For 'noreply', is that in ispconfig ?
     
  10. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I don't know, I've only configured it via config files.

    You can add a mail route in ispconfig for the email address you want and set it to 'discard:' as the transport.
     
  11. francoisPE

    francoisPE Member HowtoForge Supporter

    Is there a tuto you would recommend me ?
     
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Taleman likes this.
  13. francoisPE

    francoisPE Member HowtoForge Supporter

    Thanks a lot, I'll do that :):):)
     

Share This Page