[opendmarc-users] Fwd: DMARC configuration confusion

Dominic Raferd dominic at timedicer.co.uk
Thu Dec 28 03:36:36 PST 2017


On 28 December 2017 at 10:07, Selcuk Yazar <selcuk.yazar at gmail.com> wrote:
>
>
>
> Hi,
>
> when i sent email to gmail the header fields like below.
>
> Authentication-Results: mx.google.com;
>        dkim=pass header.i=@mydomain.com header.s=m1 header.b=e719fQme;
>        dkim=pass header.i=@mydomain.com header.s=m1 header.b=DvTnKUjy;
>        dkim=pass header.i=@mydomain.com header.s=m1 header.b=e719fQme;
>        dkim=pass header.i=@mydomain.com header.s=m1 header.b=DvTnKUjy;
>        spf=pass (google.com: domain of selcukyazar at mydomain.com designates
> IP_ADDRESS as permitted sender) smtp.mailfrom=selcukyazar at mydomain.com;
>        dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
> header.from=mydomain.com
> ....
> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.mydomain.com 85CAD7BB56E
> Authentication-Results: mail.mydomain.com; dmarc=fail (p=quarantine
> dis=none) header.from=mydomain.com
> Authentication-Results: mail.mydomain.com; spf=fail
> smtp.mailfrom=selcukyazar at mydomain.com
>
> Actually i'm not an MTA expert. But when i check our DMARC record for DNS on
> net everything is ok. On our server OpenDmarc filter v.1.3.2. When i try to
> set RejectDFailures true, i cannot send emails to outside ? (Because i
> wantto reject spoofed emails)
>
> i 'm stuck here.

RejectFailures should not result in your own outgoing emails being
rejected, if this happens then you have not configured opendmarc
correctly. You might need to post the active lines of your
opendmarc.conf. This is a (slightly simplified) version of mine (runs
under Ubuntu), suitable if:
- you have opendmarc 1.3.2+
- all your own outgoing mails are either generated on the mailserver
or come via SMTP AUTH
- no outsider emails should come via SMTP AUTH
- you have a current public_suffix_list.dat file in the specified
location - this is likely provided by the distro

/etc/opendmarc.conf:
PidFile /var/run/opendmarc/opendmarc.pid
RejectFailures true
UMask 0002
UserID opendmarc:opendmarc
PublicSuffixList /usr/share/publicsuffix/public_suffix_list.dat
IgnoreAuthenticatedClients true
SPFIgnoreResults True
SPFSelfValidate True


More information about the opendmarc-users mailing list