Mail Server : Set DMARC Checking2024/07/17 |
Configure Postfix to check DMARC (Domain-based Message Authentication, Reporting, and Conformance) on receiving mail. To configure DMARC as a sender, see Configuring DMARC records on your DNS server. |
|
[1] | Install and configure OpenDMARC. |
[root@mail ~]#
vi /etc/opendmarc.conf # line 28 : uncomment and change # name that appears in the Authentication-Results header # use the server hostname in the [HOSTNAME] specification AuthservID HOSTNAME # line 169 : to enable failure report generation, uncomment and change to [true] # if [true], generate failure reports if the sender requests them # * on this example, proceed with the default setting [false] # FailureReports false # line 235 : uncomment and change # skip checking for SMTP AUTH authenticated clients IgnoreAuthenticatedClients true # line 259 : uncomment # list of hosts to skip checking IgnoreHosts /etc/opendmarc/ignore.hosts # line 317 : uncomment and change # if [true], reject message if DMARC evaluation fails RejectFailures true # line 345 : uncomment and change # reject messages if their headers do not comply with RFC5322 RequiredHeaders true # line 418 : specify the trusted [authserv-id] # if [HOSTNAME] is specified, it will be replaced with the server hostname # if multiple entries are specified, separate them with commas TrustedAuthservIDs HOSTNAME
[root@mail ~]#
vi /etc/opendmarc/ignore.hosts
# create new file
# list hosts to skip
127.0.0.1
::1
systemctl enable --now opendmarc
|
[2] | Configure Postfix. |
[root@mail ~]#
vi /etc/postfix/main.cf # add opendmark to [smtpd_milters] smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock non_smtpd_milters = $smtpd_milters milter_default_action = accept[root@mail ~]# usermod -aG opendmarc postfix [root@mail ~]# systemctl reload postfix |
[3] |
Send an email to your email address from Gmail or similar. If the header shows [Authentication-Results: mail.srv.world; dmarc=pass ***], then everything is OK. |
Sponsored Link |
|