[opendmarc-users] dmarc fail on internal emails

Juri Haberland juri at sapienti-sat.org
Fri Apr 21 15:36:21 PDT 2017


On 21.04.2017 23:40, Ian Evans wrote:

> As a note to your previous email, I'm not insisting on testing internal
> emails. The config in the tutorial didn't have a way shown to turn that
> off. If it's a best practice how do I stop those tests on example.com to
> example.com emails. I'll turn it off in a flash once I know.

Something like:

in (Postfix-)master.cf:
submission inet [...]
  [...]
  -o smtpd_milters=inet:localhost:12345
  [...]

assuming that OpenDKIM listens on port 12345.

And in opendmarc.conf:
IgnoreAuthenticatedClients true


Besides internal mail:
You need to set PublicSuffixList in opendmarc.conf and get the current
public list from https://publicsuffix.org/list/public_suffix_list.dat

And if you haven't done it already, set
Header_Type = AR
in /etc/postfix-policyd-spf-python/policyd-spf.conf, as OpenDMARC 1.3.1 has
a bug parsing the Received-SPF header.


  Juri



More information about the opendmarc-users mailing list