I’m wondering how to configure my system to silently drop incoming messages that fail DMARC/SPF. I don’t want to be bouncing errors to legit servers when the whole point of the failure is to tell me that the message source was not legit.
(I’ve recently been inundated with non-delivery reports for messages that were spoofed to appear to come from me, so I know how annoying it is, and I want to ensure that I don’t contribute to the problem.)
In an ideal world everybody would use DMARC/SPF (but it isn’t). Just because some do not comply doesn’t make them (not legit). Just like a website not being https - it is a perfectly legitimate behaviour. Also as a user it is perfectly acceptable to reject cookies and block javascript. It is a choice.
I accept that as a VS owner it is your choice to dump all emails that are not DMARC compliant. As to how (probably somewhere in Postgres = a guess)
There is a program to add that can drop folks that fail SPF. I had to disable it because it rejected forwarded messages. That’s OK if you know where ALL forwarded messages will come from. You can add them to the whitelist. But, I decided it wasn’t worth it.
Bottom line, this stuff may upset you but Virtualmin defaults are a safe and tested route to go. You will NEVER have a perfect solution so don’t go nuts trying to implement it.