Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

SpamGeek leveraging Domino 12.0.2 SPF inbound with just one new rule document

Daniel Nashed – 7 October 2022 09:02:18

Domino 12.0.2 introduced SPF checking leveraging the same libspf2 project (https://www.libspf2.org/), I have been using for a while in SpamGeek on Linux.
I had a special SpamGeek build, which I distributed only to some friends for testing and it had a hard dependency to libspf2.

Now with Domino 12.0.2 SPF checking is implemented in Domino native. And you can just enable it in the configuration document as shown below.

DKIM inbound is also listed in the Domino directory design. But it is not part of Domino 12.0.2 EAP5.

I tried to enable it, but it only writes the DKIM_Signature item.
There isn't a status item yet -- which is planned for Domino 12.0.2 GA from what I understand.

So for now let's focus on SPF checking.

Image:SpamGeek leveraging Domino 12.0.2 SPF inbound with just one new rule document

Once you enabled the settings in the optional SpamGeek options, you can add two fields to the log documents.
In a future SpamGeek version, I will add the new fields by default.
But for now you can just configure the additional fields.

Another way to implement the rule would be to run the rule document on the original note instead of the log document.

But I want the fields to be logged in SpamGeek log anyhow.

Image:SpamGeek leveraging Domino 12.0.2 SPF inbound with just one new rule document


Once you introduced the new fields, you can just create a new rule.

Here is a copy of my rule document.


Image:SpamGeek leveraging Domino 12.0.2 SPF inbound with just one new rule document

Here is the formula for pasting. You might adjust the score values to your own needs.


x:= @Left (Received_SPF; " ");
@if (
x = "pass"; -10;
x = "neutral"; 0;
x = "none"; 20;
x = "invalid"; 30;
x = "softfail"; 40;
x = "permerror"; 40;
x = "fail"; 90;
0)


Once DKIM inbound is officially available, I will have another post how to add a similar rule for inbound DKIM.
For now we could just check the DKIM signature item. But I would wait for the official status item.


Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]