[opendmarc-users] Fwd: DMARC configuration confusion

Dominic Raferd dominic at timedicer.co.uk
Thu Dec 28 04:44:44 PST 2017


On 28 December 2017 at 12:23, Selcuk Yazar <selcuk.yazar at gmail.com> wrote:
> Hi ,
>
> thank you for your helps and clues
>
> now it's working with these settings :)
>
> AuthservID mail.mydomain.com
>  AutoRestart true
>  AutoRestartRate 10/1h
>  FailureReportsSentBy bidb at mydomain.com
>  IgnoreAuthenticatedClients true
>  IgnoreMailFrom mydomain.com
> PublicSuffixList /etc/opendmarc/effective_tld_names.dat
> RejectFailures true
> Socket inet:8893 at localhost
> SoftwareHeader true
> SPFIgnoreResults true
> SPFSelfValidate true
> Syslog true
> UMask 007
> UserID opendmarc:mail
>
> Happy new year!

I'm glad you have it working, but I am concerned about your setting:

IgnoreMailFrom mydomain.com

A spoofed email with internal 'From:' set to *@mydomain.com will be
accepted by opendmarc, even with domain p=reject (or p=quarantine)
policy. IMO you should be set up so you do not need this setting
'IgnoreMailFrom'.


More information about the opendmarc-users mailing list