Install OpenDMARC on Ubuntu 18.04

Veröffentlicht am 2018-04-202021-12-14 von Gerald

apt update && apt -y upgrade && apt -y install opendmarc

Modify opendmarc.service

 vi /lib/systemd/system/opendmarc.service

[Unit]
Description=OpenDMARC Milter
Documentation=man:opendmarc(8) man:opendmarc.conf(5)
After=network.target nss-lookup.target

[Service]
EnvironmentFile=/etc/default/opendmarc
Type=forking
PIDFile=/var/run/opendmarc/opendmarc.pid
User=opendmarc
ExecStart=/usr/sbin/opendmarc -p $SOCKET -c /etc/opendmarc.conf  -u opendmarc -P /var/run/opendmarc/opendmarc.pid
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

systemctl daemon-reload

Edit /etc/opendmarc.conf

vi /etc/opendmarc.conf

AuthservID mail.domain.xx
FailureReports true
PidFile /var/run/opendmarc/opendmarc.pid
PublicSuffixList /usr/share/publicsuffix
#RejectFailures false
RejectFailures true
Syslog true
TrustedAuthservIDs post.domain.xx, smtp.domain.yy
UMask 0002
UserID opendmarc:opendmarc
IgnoreAuthenticatedClients true
IgnoreHosts /etc/opendmarc/ignore.hosts
SoftwareHeader false
HistoryFile /var/run/opendmarc/opendmarc.dat
CopyFailuresTo [email protected]
FailureReportsSentBy [email protected]
RequiredHeaders true
SPFSelfValidate true
SPFIgnoreResults true
MilterDebug 0

Adjust mail.domain.xx to your FQDN

Create ignore.hosts

mkdir -p /etc/opendmarc

vi /etc/opendmarc/ignore.hosts

localhost
127.0.0.1/8
192.168.0.0/24

Edit /etc/default/opendmarc

vi /etc/default/opendmarc

RUNDIR=/var/run/opendmarc
SOCKET="inet:8892@localhost"
USER=opendmarc
GROUP=opendmarc
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=

Restart OpenDMARC

service opendmarc restart

Add port to services

vi /etc/services

opendmarc       8892/tcp

OpenDMARC is up and running

netstat -putan | grep 8892

tcp        0      0 127.0.0.1:8892          0.0.0.0:*               LISTEN      2959/opendmarc

Add OpenDMARC milter to Postfix

vi /etc/postfix/main.cf

opendmarc_milter = inet:localhost:8892

vi /etc/postfix/master.cf

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
  -o smtpd_milters=${opendmarc_milter}
#smtp      inet  n       -       y       -       1       postscreen

service postfix restart

Test OpenDMARC

Send a test email from Gmail

tail -f /var/log/mail.log | grep opendmarc

opendmarc[13133]: 9CA09500A3E: SPF(mailfrom): [email protected] pass
opendmarc[13133]: 9CA09500A3E: gmail.com pass

Mail header:

Authentication-Results: mail.domain.xx; dmarc=pass header.from=gmail.com

Add Sieve Rule to IMAP Account

if header :regex ["Authentication-Results"] [".*(spf\=fail|spf\=none|dkim\=fail|dkim\=none|dmarc\=fail|dmarc\=none).*"] {
    fileinto "Junk";
    stop;
}

Modify opendmarc.service

Edit /etc/opendmarc.conf

Create ignore.hosts

Edit /etc/default/opendmarc

Restart OpenDMARC

Add port to services

OpenDMARC is up and running

Add OpenDMARC milter to Postfix

Test OpenDMARC

Add Sieve Rule to IMAP Account

See also