[opendmarc-users] OpenDMARC NOT useless with Postfix
A. Schulze
sca at andreasschulze.de
Thu Sep 18 10:55:52 PDT 2014
Joachim Fahrner:
> I found that OpenDMARC is useless in Postfix environments.
wrong
> OpenDMARC does not calculate and verify DKIM hashes on its own, but relies on
> Authentication-Result headers from SPF and DKIM milters.
right
> But in Postfix one milter does not see headers that some other
> milter inserts.
prove it!
> You can compile OpenDMARC with SPF support and let it check SPF on its
> own, but that makes no sense when DKIM support is missing. So running
> OpenDMARC as a Postfix milter is only a placebo (you can do the same
> checks with a spf policy daemon).
wrong
the whole chain works very well.
postfix-smtp server handle the protocol
multiple milter inspect the content
I usually have this in postfix/main.cf:
spf_milter = inet:localhost:1111
dkim_milter = inet:localhost:1112
dmarc_milter = inet:localhost:1113
...
smtpd_milters = ${spf_milter},${dkim_milter},${dmarc_milter}
that works. why should I use a postfix policy daemon for check spf?
To discuss about missing first header lines? Not my business...
Of course you have to make sure the spf+dkim milter
actually *do not* reject any message.
for spf_milter look here:
http://www.trusteddomain.org/pipermail/opendmarc-users/2013-April/000140.html
Andreas
More information about the opendmarc-users
mailing list