On 30 January 2018 at 10:11, li...@lazygranch.com <li...@lazygranch.com> wrote: > I've installed the opendmarc milter. I'm not rejecting mail from it at > the moment. I've noticed that if I send myself a message, the > policyd-spf milter isn't run. That in turn causes mail I send myself to > fail in opendmarc. Any ideas? > > The various email verifiers do show that my email passes spf. > > It is easy enough just to whitelist your own domains from opendmarc, > but that would allow spoofed email to get through.
Which version of opendmarc? (opendmarc -V) If you have 1.3.2+ you can use opendmarc's own spf instead (SPFSelfValidate True) - not reliable for earlier versions though. Anyway, in general: /etc/opendmarc.conf: ... IgnoreAuthenticatedClients true IgnoreHosts /etc/postfix/opendmarc-ignorehosts.txt ... /etc/opendkim.conf: ... InternalHosts /etc/postfix/opendmarc-ignorehosts.txt ... /etc/postfix/opendmarc-ignorehosts.txt # emails from localhost are not authenticated but should be signed by opendkim and not tested by opendmarc 127.0.0.1 # similarly any ips from which we accept unauthenticated originating emails (e.g. lan, or none)