> On Mar 11, 2021, at 11:09 PM, Dominic Raferd <domi...@timedicer.co.uk> wrote:
>
> On 12/03/2021 02:35, Dan Mahoney wrote:
>>
>>> On Mar 11, 2021, at 1:00 AM, Dominic Raferd <domi...@timedicer.co.uk
>>> <mailto:domi...@timedicer.co.uk>> wrote:
>>>
>>> This works for me:
>>>
>>> # grep ^RejectFailures /etc/opendmarc.conf # (note: false is the default
>>> anyway)
>>> RejectFailures false
>>
>> That’s orthogonal.
>>
>> RejectFailures only affects domains tagged p=reject. The feature I’m
>> working with only affects p=quarantine.
> So you might think, but actually RejectFailures does affect domains tagged
> p=quarantine: setting it to false (or, presumably, not setting it at all)
> prevents the 'hold' action being reported back to the MTA (opendmarc v1.3.2).
I apologize. So it does (opendmarc.c around line 3476). Setting
rejectfailures to “false” (the default) basically shuts off the milter’s
ability to do anything but tag.
It might better be called “ActOnFailures”, because without it, reject doesn’t
reject and quarantine doesn’t quarantine.
Perhaps the way I described *should* be the way it works. Both behaviors
should be individually tune-able.
(I will note that this is only marginally related to postfix — but a dialog is
going and hopefully people searching for issues like “hey, why is my hold queue
filling up) will find this here. To everyone else, I apologize for the noise.
Stay safe out there,
-Dan
