How to install and configure OpenDMARC Filter on Debian.

How to install and configure OpenDMARC Filter on Debian.

Install OpenDMARC.

sudo apt install opendmarc

Auto-start OpenDMARC at system boot.

sudo systemctl enable opendmarc

Edit OpenDMARC config file.

sudo nano /etc/opendmarc.conf

Delete hash end edit parameters near:

AuthservID OpenDMARC
TrustedAuthservIDs mail.domain.com domain.com
RejectFailures true
PidFile /run/opendmarc/opendmarc.pid
IgnoreAuthenticatedClients true
RequiredHeaders true
Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /run/opendmarc/opendmarc.dat

Create file ignore.hosts in OpenDMARC directory, add your local IPs and change file permission.

sudo mkdir -p /etc/opendmarc/ignore.hosts
sudo nano /etc/opendmarc/ignore.hosts

127.0.0.0/8
::1/128
localhost
192.168.0.0/24

sudo chown opendmarc:opendmarc -R /etc/opendmarc/ignore.hosts

Create folder OpenDMARC in postfix working directory and change permission.

sudo mkdir -p /var/spool/postfix/opendmarc
sudo chown opendmarc:opendmarc /var/spool/postfix/opendmarc -R

Add user postfix to group opendmarc.

sudo adduser postfix opendmarc

Add alias opendramc to root for mail system.

sudo nano /etc/aliases 
opendmarc: root
sudo systemctl restart opendmarc

Edit main configuration file for Postfix and add theses parameters.

sudo nano /etc/postfix/main.cf
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters

If you already use another milter add local:opendmarc/opendmarc.sock after coma:

smtpd_milters = local:opendkim/opendkim.sock, local:opendmarc/opendmarc.sock
sudo systemctl restart postfix

Testing.

tail -n 1000 /var/log/mail.log |grep opendmarc
date:time hostname opendmarc[1313]: OpenDMARC Filter v1.3.2 starting ()
date:time hostname opendmarc[1313]: additional trusted authentication services: domain.com, mail.domain.com
date:time hostname opendmarc[1313]: 4F5D6C0926: dmarc.yahoo.com pass
date:time hostname opendmarc[1313]: ignoring connection from localhost

Leave a Reply

Your e-mail address will not be published.