User:Paul/sandbox/Install DMARC
WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.
Most of the commands in this article require root
privileges:
username@servername:~$ sudo /bin/bash
Install and configure OpenDMARC
root@servername:~# aptitude install opendmarc root@servername:~# mkdir /var/spool/postfix/opendmarc/ root@servername:~# chown opendmarc:root /var/spool/postfix/opendmarc root@servername:~# usermod -G opendmarc postfix root@servername:~# nano /etc/opendmarc.conf
Change:
Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
UserID opendmarc:opendmarc
Setting DMARC records
Due to http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-7.1 it is better to use postmaster@example.com as the rua email for example.com, and not postmaster@example.org. The email address, postmaster@example.com, can be set to forward to postmaster@example.org in Postfix Admin.
A major issue with setting p=reject is the impact this setting has on mailing list servers, as it will have the effect of preventing emails sent to the list from being received by list members who use servers which fully support the DMARC standard.