Hi,
I just came across this site.
http://www.stevejenkins.com/blog/2015/0 ... os-fedora/
Seems very easy to setup.
I have done it on my install of efa and monitoring it currently.
I have only installed opendmarc and integrated it into postfix. I have not done the rest.
Will update when there is more data.
P.V.Anthony
DMARC on efa. Possible solution.
Re: DMARC on efa. Possible solution.
Here are more details.
Used the following to get the spf working correctly with opendmarc.
https://incenp.org/notes/2016/postfix-p ... dmarc.html
Also installed opendkim to verify. It seems that this is needed for opendmarc to work.
https://blog.hamzahkhan.com/2014/02/08/ ... dmarc-tls/
main.cf
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_recipient_access regexp:/etc/postfix/recipient_access_spf, <-- added
check_policy_service unix:private/policyd-spf, <-- added
check_recipient_access hash:/etc/postfix/recipient_access,
check_policy_service inet:127.0.0.1:2501
smtpd_milters = inet:localhost:8891, inet:127.0.0.1:8893
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
master.cf
policyd-spf unix - n n - - spawn
user=nobody argv=/usr/libexec/postfix/policyd-spf
recipient_access_spf
/.\@./ PREPEND X-Incenp: Dummy header
yum install python-pip
pip install authres
policyd-spf.conf
# For a fully commented sample config file see policyd-spf.conf.commented
debugLevel = 1
defaultSeedOnly = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
# https://incenp.org/notes/2016/postfix-p ... dmarc.html
# Type of header to insert to document SPF result. Can be Received-SPF (SPF)
# or Authentication Results (AR). It cannot be both.
# Examples: (default is Received-SPF):
Header_Type = AR
# Header_Type = SPF
# Every Authentication-Results header field has an authentication identifier
# field ('Authserv_Id'). This is similar in syntax to a fully-qualified domain
# name. See policyd-spf.conf.5 and RFC 7001 paragraph 2.4 for details.
# Default is None. Authserv-Id must be provided if Header_Type 'AR' is used.
Authserv_Id = efa.domain.com
Hope this is useful for someone.
Used the following to get the spf working correctly with opendmarc.
https://incenp.org/notes/2016/postfix-p ... dmarc.html
Also installed opendkim to verify. It seems that this is needed for opendmarc to work.
https://blog.hamzahkhan.com/2014/02/08/ ... dmarc-tls/
main.cf
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_recipient_access regexp:/etc/postfix/recipient_access_spf, <-- added
check_policy_service unix:private/policyd-spf, <-- added
check_recipient_access hash:/etc/postfix/recipient_access,
check_policy_service inet:127.0.0.1:2501
smtpd_milters = inet:localhost:8891, inet:127.0.0.1:8893
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
master.cf
policyd-spf unix - n n - - spawn
user=nobody argv=/usr/libexec/postfix/policyd-spf
recipient_access_spf
/.\@./ PREPEND X-Incenp: Dummy header
yum install python-pip
pip install authres
policyd-spf.conf
# For a fully commented sample config file see policyd-spf.conf.commented
debugLevel = 1
defaultSeedOnly = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
# https://incenp.org/notes/2016/postfix-p ... dmarc.html
# Type of header to insert to document SPF result. Can be Received-SPF (SPF)
# or Authentication Results (AR). It cannot be both.
# Examples: (default is Received-SPF):
Header_Type = AR
# Header_Type = SPF
# Every Authentication-Results header field has an authentication identifier
# field ('Authserv_Id'). This is similar in syntax to a fully-qualified domain
# name. See policyd-spf.conf.5 and RFC 7001 paragraph 2.4 for details.
# Default is None. Authserv-Id must be provided if Header_Type 'AR' is used.
Authserv_Id = efa.domain.com
Hope this is useful for someone.
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact: