[opendmarc-users] OpenDMARC NOT useless with Postfix

A. Schulze sca at andreasschulze.de
Thu Sep 18 10:55:52 PDT 2014

Joachim Fahrner:

> I found that OpenDMARC is useless in Postfix environments.

> OpenDMARC does not calculate and verify DKIM hashes on its own, but relies on
> Authentication-Result headers from SPF and DKIM milters.

> But in Postfix one milter does not see headers that some other  
> milter inserts.
prove it!

> You can compile OpenDMARC with SPF support and let it check SPF on its
> own, but that makes no sense when DKIM support is missing. So running
> OpenDMARC as a Postfix milter is only a placebo (you can do the same
> checks with a spf policy daemon).

the whole chain works very well.
postfix-smtp server handle the protocol
multiple milter inspect the content

I usually have this in postfix/main.cf:

spf_milter    = inet:localhost:1111
dkim_milter   = inet:localhost:1112
dmarc_milter  = inet:localhost:1113
smtpd_milters = ${spf_milter},${dkim_milter},${dmarc_milter}

that works. why should I use a postfix policy daemon for check spf?
To discuss about missing first header lines? Not my business...

Of course you have to make sure the spf+dkim milter
actually *do not* reject any message.

for spf_milter look here:


More information about the opendmarc-users mailing list