[opendmarc-users] OpenDMARC Postfix SPF implementation

Andreas Schulze sca at andreasschulze.de
Sat Apr 26 06:52:52 PDT 2014


Scott Kitterman:

> Multiple milters work fine.  It's if the header field was added by something
> else, in this case a policy server.
Ah, maybe I misunderstood the previous message.
Yes, there are issues if header are added by postfix policy servers.
They may no be visible to any milter in any milter stage. For that reason
I don't recommend a spf checker as postfix policy server *if*
the intention is to check dmarc too.


> I don't reject because of DMARC yet, so it's not currently an issue for me.
That brings me to an other idea. OpenDMARC currently could only honer  
p=reject or even not.
I miss an additional lookuptable to enforce local policy:

no matter if AOL or Yahoo or $FOO will announce p=reject
Only if also listed in that local lookuptable, opendmarc should honer  
p=reject.
EBAY or PAYPAL are perfect candidates for such list.

If the list grow - and that will happen - the logic may be flipped:
honer p=reject but not if senderdomain is in this lookuptable...

Other opinions on this list?

Andreas



More information about the opendmarc-users mailing list