[opendmarc-users] Host lists in 'IgnoreHosts' file still being scanned, with headers added. How to exclude specific domains from scanning?

hal469 at xsmail.com hal469 at xsmail.com
Thu Apr 12 15:04:22 PDT 2018 

> > A domain added as argument to 'IgnoreMailFrom', either as a single domain, or within a comma-separated list of domains *dies* result in non-scanning.

1st, let's fix *MY* typo

-	within a comma-separated list of domains *dies* result in non-scanning.
+	within a comma-separated list of domains *DOES* result in non-scanning.

Sry.

> Will try to reproduce that tomorrow.

OK.

> Did you try it with 1.3.2, too?

Nope.

   opendkim: OpenDKIM Filter v2.11.0
   opendmarc: OpenDMARC Filter v1.4.0

are the only versions I have, and have tried.

> > So it appears IgnoreMailFrom works, but IgnoreHosts does not, in excluding domains from scanning.
> > 
> > Should they both work? Or have I misunderstood usage of the latter?
> 
> IgnoreHosts is meant to ignore all mails from a given IP address, not from
> a domain. It might be used to ignore mails from a backup MX, that does
> DMARC handling by itself and passes the scanned mails to the primary MX,
> which should not do DMARC checks again, as they would fail.
> 
> IgnoreHosts:     ignore mail from an IP address
> IgnoreMailFrom:  ignore mail from a domain

Hm.  That's a bitdifferent than how I understand the man page:

  http://www.trusteddomain.org/opendmarc/opendmarc.conf.5.html 
    IgnoreHosts (string)Specifies the path to a file that contains a list of hostnames, IP addresses, and/or CIDR expressions identifying hosts whose SMTP connections are to be ignored by the filter. If not specified, defaults to "127.0.0.1" only.

'hostnames' sounds pretty clearly *NOT* just ip addresses/CIDRs ...  at best, confusing.

It would be useful to be able to reference a file as a <dataset>, as argument passed to 'IgnoreMailFrom'.
TBH, haven't tried to see if it might work ...

The goal is to be able to bypass milter operation for a list of domains.  Ideally, supporting a list of domain/regex patterns in an external file.  How that's done, doesn't matter -- as long as you can.  For the moment, and a short list, IgnoreMailFrom works as well as anything.

More information about the opendmarc-users mailing list