[opendmarc-users] OpenDMARC NOT useless with Postfix
Robert Schetterer
rs at sys4.de
Thu Sep 18 12:22:25 PDT 2014
Am 18.09.2014 um 19:55 schrieb A. Schulze:
> the whole chain works very well.
> postfix-smtp server handle the protocol
> multiple milter inspect the content
>
> I usually have this in postfix/main.cf:
>
> spf_milter = inet:localhost:1111
> dkim_milter = inet:localhost:1112
> dmarc_milter = inet:localhost:1113
> ...
> smtpd_milters = ${spf_milter},${dkim_milter},${dmarc_milter}
Hi Andreas, so spf and dkim are only working as "helpers"
to dmarc, and dont reject by its own.
If no dmarc policy is anounced but and/or spf/dkim polcy exist
check is left to other policy servers, config stuff later i.e amavis
doing/classify spf/dkim checks again.
So thats a little bit "unusual" , normally i would expect
doing every stage its job by its own resulting in reject at the earliest
time possible.
Seems it might be a job for milter-manger or some other over the top
milter to organize cascading more efficient and failure tolerable.
After all seems many people have some wrong setup , by missing good
definite instructions to setup dmarc-milter with postfix
However thx for driving me home with the facts.
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the opendmarc-users
mailing list