User:Paul/sandbox/Install DMARC

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

Most of the commands in this article require  privileges:

username@servername:~$ sudo /bin/bash

Install and configure OpenDMARC

root@servername:~# aptitude install opendmarc root@servername:~# mkdir /var/spool/postfix/opendmarc/ root@servername:~# chown opendmarc:root /var/spool/postfix/opendmarc root@servername:~# usermod -G opendmarc postfix root@servername:~# nano /etc/opendmarc.conf

Change:

Socket local:/var/spool/postfix/opendmarc/opendmarc.sock

UserID opendmarc:opendmarc

Setting DMARC records

Due to http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-7.1 it is better to use postmaster@example.com as the rua email for example.com, and not postmaster@example.org. The email address, postmaster@example.com, can be set to forward to postmaster@example.org in Postfix Admin.

A major issue with setting p=reject is the impact this setting has on mailing list servers, as it will have the effect of preventing emails sent to the list from being received by list members who use servers which fully support the DMARC standard.