On 18.03.22 12:35, Jesper Dybdal wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a
pre-queue filter.
I would now like to add DMARC validation, done by the opendmarc
milter in the after-Amavis smtpd instance.
This basically works: opendmarc inserts an
"Authentication-Results" header.
I would now like to do something (e.g., reject) depending on that
header.
On 2022-03-18 13:07, Matus UHLAR - fantomas wrote:
opendmarc can reject itself, if you configure it to.
On 18.03.22 13:46, Jesper Dybdal wrote:
Thanks for your response.
If the version of opendmarc that is included in Debian Buster is
configured to reject, then it also puts "quarantine" mails in postfix'
hold queue, which is not practical.
I guess you mean that mail from domains that have "p=quarantine" are actually
held/quarantined.
opendmarc 1.4.1 has option to pass those e-mails.
I have filled bugreport asking opendmarc maintainers to upload fixed version
to bullseye backports.
You should be able to compile working opendmarc version on buster too.
However, opendmarc milter requires those Authentication-Results
headers for SPF and DKIM to be already present. so you need
spf/dkim milter(s) before opendmarc.
I use Amavis to generate and verify DKIM signatures, and
policyd-spf-python to perform SPF checks. That works, but means that
the opendmarc milter must be run by the after-Amavis smtpd.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
