137 lines
2.6 KiB
Plaintext
137 lines
2.6 KiB
Plaintext
group "policies" {
|
|
description = "SPF, DKIM, DMARC, ARC";
|
|
|
|
symbols = {
|
|
# SPF
|
|
"R_SPF_FAIL" {
|
|
weight = 1.0;
|
|
description = "SPF verification failed";
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_SOFTFAIL" {
|
|
weight = 0.0;
|
|
description = "SPF verification soft-failed";
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_NEUTRAL" {
|
|
weight = 0.0;
|
|
description = "SPF policy is neutral";
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_ALLOW" {
|
|
weight = -0.2;
|
|
description = "SPF verification allows sending";
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_DNSFAIL" {
|
|
weight = 0.0;
|
|
description = "SPF DNS failure";
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_NA" {
|
|
weight = 0.0;
|
|
description = "Missing SPF record";
|
|
one_shot = true;
|
|
groups = ["spf"];
|
|
}
|
|
"R_SPF_PERMFAIL" {
|
|
weight = 0.0;
|
|
description = "SPF record is malformed or persistent DNS error";
|
|
groups = ["spf"];
|
|
}
|
|
|
|
# DKIM
|
|
"R_DKIM_REJECT" {
|
|
weight = 1.0;
|
|
description = "DKIM verification failed";
|
|
one_shot = true;
|
|
groups = ["dkim"];
|
|
}
|
|
"R_DKIM_TEMPFAIL" {
|
|
weight = 0.0;
|
|
description = "DKIM verification soft-failed";
|
|
groups = ["dkim"];
|
|
}
|
|
"R_DKIM_PERMFAIL" {
|
|
weight = 0.0;
|
|
description = "DKIM verification hard-failed (invalid)";
|
|
groups = ["dkim"];
|
|
}
|
|
"R_DKIM_ALLOW" {
|
|
weight = -0.2;
|
|
description = "DKIM verification succeed";
|
|
one_shot = true;
|
|
groups = ["dkim"];
|
|
}
|
|
"R_DKIM_NA" {
|
|
weight = 0.0;
|
|
description = "Missing DKIM signature";
|
|
one_shot = true;
|
|
groups = ["dkim"];
|
|
}
|
|
|
|
# DMARC
|
|
"DMARC_POLICY_ALLOW" {
|
|
weight = -0.5;
|
|
description = "DMARC permit policy";
|
|
groups = ["dmarc"];
|
|
}
|
|
"DMARC_POLICY_ALLOW_WITH_FAILURES" {
|
|
weight = -0.5;
|
|
description = "DMARC permit policy with DKIM/SPF failure";
|
|
groups = ["dmarc"];
|
|
}
|
|
"DMARC_POLICY_REJECT" {
|
|
weight = 2.0;
|
|
description = "DMARC reject policy";
|
|
groups = ["dmarc"];
|
|
}
|
|
"DMARC_POLICY_QUARANTINE" {
|
|
weight = 1.5;
|
|
description = "DMARC quarantine policy";
|
|
groups = ["dmarc"];
|
|
}
|
|
"DMARC_POLICY_SOFTFAIL" {
|
|
weight = 0.1;
|
|
description = "DMARC failed";
|
|
groups = ["dmarc"];
|
|
}
|
|
"DMARC_NA" {
|
|
weight = 0.0;
|
|
description = "No DMARC record";
|
|
groups = ["dmarc"];
|
|
}
|
|
|
|
# ARC
|
|
"ARC_ALLOW" {
|
|
weight = -1.0;
|
|
description = "ARC checks success";
|
|
groups = ["arc"];
|
|
}
|
|
|
|
"ARC_REJECT" {
|
|
weight = 1.0;
|
|
description = "ARC checks failed";
|
|
groups = ["arc"];
|
|
}
|
|
|
|
"ARC_INVALID" {
|
|
weight = 0.5;
|
|
description = "ARC structure invalid";
|
|
groups = ["arc"];
|
|
}
|
|
|
|
"ARC_DNSFAIL" {
|
|
weight = 0.0;
|
|
description = "ARC DNS error";
|
|
groups = ["arc"];
|
|
}
|
|
|
|
"ARC_NA" {
|
|
weight = 0.0;
|
|
description = "ARC signature absent";
|
|
groups = ["arc"];
|
|
}
|
|
}
|
|
}
|