On 2022-03-18 13:07, Matus UHLAR - fantomas wrote:
On 18.03.22 12:35, Jesper Dybdal wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a pre-queue
filter.
I would now like to add DMARC validation, done by the opendmarc
milter in the after-Amavis smtpd instance.
This basically works: opendmarc inserts an "Authentication-Results"
header.
I would now like to do something (e.g., reject) depending on that
header.
opendmarc can reject itself, if you configure it to.
Thanks for your response.
If the version of opendmarc that is included in Debian Buster is
configured to reject, then it also puts "quarantine" mails in postfix'
hold queue, which is not practical. So I would prefer to just get the
header, and then control what happens after that with postfix header checks.
However, opendmarc milter requires those Authentication-Results
headers for SPF and DKIM to be already present. so you need spf/dkim
milter(s) before opendmarc.
I use Amavis to generate and verify DKIM signatures, and
policyd-spf-python to perform SPF checks. That works, but means that
the opendmarc milter must be run by the after-Amavis smtpd.
--
Jesper Dybdal
https://www.dybdal.dk