Implementing DMARC : How to

Questions and answers about how to do stuff
Post Reply
thewomble
Posts: 44
Joined: 17 Jan 2017 12:52

Implementing DMARC : How to

Post by thewomble » 21 Aug 2017 18:28

I was asked to get DMARC working on top of the EFA box.

So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518

DKIM can be found here viewtopic.php?t=1006

This assumes you currently have a working solution SPF and DKIM in place.

So Implementing DMARC checking on EFA box for more info on what DMARC is read https://postmarkapp.com/guides/dmarc?ut ... mpaign=nav

Lets get started.....

I followed the instructions on the link below.

https://www.stevejenkins.com/blog/2015/ ... os-fedora/

The package does not seem to have schema.mysql in usr/share/doc/opendmarc-1.x.x/schema.mysql

So I downloaded it from the opendkim source.

However you get an error "ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes"

Accord to article https://dba.stackexchange.com/questions ... -767-bytes

If you change

Code: Select all

VARCHAR(255) to VARCHAR(100)
The script works then MariaDB (MySql), I have not had any issues since implementing.

Next you get spam spamassassin to use the headers on the email to score.

I created a file called opendmarc.cf in /etc/mail/spamassassin

Change <EFA FQDN> to what your EFA full qualified domain name.

Also change the scores to suit you.

Code: Select all

header 		DMARC_PASS Authentication-Results =~ /<EFA FQDN>; dmarc=pass /
describe 	DMARC_PASS DMARC validation seems valid
tflags 		DMARC_PASS nice
score 		DMARC_PASS -0.1

header 		DMARC_NONE Authentication-Results =~ /<EFA FQDN>; dmarc=none /
describe 	DMARC_NONE DMARC validation none
score 		DMARC_NONE 0.0

header 		__DMARC_FAIL Authentication-Results =~ /<EFA FQDN>; dmarc=fail /
meta   		DMARC_FAIL   __DMARC_FAIL && !__DOS_HAS_LIST_ID && !__DOS_HAS_MAILING_LIST
describe 	DMARC_FAIL DMARC validation failed
score 		DMARC_FAIL 3.0
Reference https://blog.laussat.de/2014/05/19/usin ... massassin/
and https://www.skelleton.net/2015/03/21/ho ... ith-dmarc/

Do not forget to run SA-UPDATE and SA-COMPILE and update your SA descriptions via MailWatch.

If you want DMARC reporting following the instructions here, you will get weekly reports.
See https://dmarc.postmarkapp.com/

Do not think I missed anything from what I did, any queries let me know.
Last edited by thewomble on 23 Aug 2017 10:31, edited 2 times in total.

User avatar
shawniverson
Posts: 3029
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Implementing DMARC : How to

Post by shawniverson » 22 Aug 2017 20:28

Version eFa 4.0.2 now available!

Post Reply