CentOS Stream 9
Sponsored Link

Mail Server : Set DMARC Checking2024/07/17

 

Configure Postfix to check DMARC (Domain-based Message Authentication, Reporting, and Conformance) on receiving mail.

To configure DMARC as a sender, see Configuring DMARC records on your DNS server.

[1] Install and configure OpenDMARC.
# install from EPEL

[root@mail ~]#
dnf --enablerepo=epel -y install opendmarc
[root@mail ~]#
vi /etc/opendmarc.conf
# line 28 : uncomment and change
# name that appears in the Authentication-Results header
# use the server hostname in the [HOSTNAME] specification
AuthservID HOSTNAME

# line 169 : to enable failure report generation, uncomment and change to [true]
# if [true], generate failure reports if the sender requests them
# * on this example, proceed with the default setting [false]
# FailureReports false

# line 235 : uncomment and change
# skip checking for SMTP AUTH authenticated clients
IgnoreAuthenticatedClients true

# line 259 : uncomment
# list of hosts to skip checking
IgnoreHosts /etc/opendmarc/ignore.hosts

# line 317 : uncomment and change
# if [true], reject message if DMARC evaluation fails
RejectFailures true

# line 345 : uncomment and change
# reject messages if their headers do not comply with RFC5322
RequiredHeaders true

# line 418 : specify the trusted [authserv-id]
# if [HOSTNAME] is specified, it will be replaced with the server hostname
# if multiple entries are specified, separate them with commas
TrustedAuthservIDs HOSTNAME

[root@mail ~]#
vi /etc/opendmarc/ignore.hosts
# create new file
# list hosts to skip
127.0.0.1
::1

[root@mail ~]#
systemctl enable --now opendmarc
[2] Configure Postfix.
[root@mail ~]#
vi /etc/postfix/main.cf
# add opendmark to [smtpd_milters]
smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

[root@mail ~]#
usermod -aG opendmarc postfix

[root@mail ~]#
systemctl reload postfix

[3]

Send an email to your email address from Gmail or similar. If the header shows [Authentication-Results: mail.srv.world; dmarc=pass ***], then everything is OK.

Matched Content