So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518
DKIM can be found here viewtopic.php?t=1006
This assumes you currently have a working solution SPF and DKIM in place.
So Implementing DMARC checking on EFA box for more info on what DMARC is read https://postmarkapp.com/guides/dmarc?ut ... mpaign=nav
Lets get started.....
I followed the instructions on the link below.
https://www.stevejenkins.com/blog/2015/ ... os-fedora/
The package does not seem to have schema.mysql in usr/share/doc/opendmarc-1.x.x/schema.mysql
So I downloaded it from the opendkim source.
However you get an error "ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes"
Accord to article https://dba.stackexchange.com/questions ... -767-bytes
If you change
Code: Select all
VARCHAR(255) to VARCHAR(100)
Next you get spam spamassassin to use the headers on the email to score.
I created a file called opendmarc.cf in /etc/mail/spamassassin
Change <EFA FQDN> to what your EFA full qualified domain name.
Also change the scores to suit you.
Code: Select all
header DMARC_PASS Authentication-Results =~ /<EFA FQDN>; dmarc=pass /
describe DMARC_PASS DMARC validation seems valid
tflags DMARC_PASS nice
score DMARC_PASS -0.1
header DMARC_NONE Authentication-Results =~ /<EFA FQDN>; dmarc=none /
describe DMARC_NONE DMARC validation none
score DMARC_NONE 0.0
header __DMARC_FAIL Authentication-Results =~ /<EFA FQDN>; dmarc=fail /
meta DMARC_FAIL __DMARC_FAIL && !__DOS_HAS_LIST_ID && !__DOS_HAS_MAILING_LIST
describe DMARC_FAIL DMARC validation failed
score DMARC_FAIL 3.0
and https://www.skelleton.net/2015/03/21/ho ... ith-dmarc/
Do not forget to run SA-UPDATE and SA-COMPILE and update your SA descriptions via MailWatch.
If you want DMARC reporting following the instructions here, you will get weekly reports.
See https://dmarc.postmarkapp.com/
Do not think I missed anything from what I did, any queries let me know.