[opendmarc-users] Enforcing p=REJECT

Juri Haberland juri at sapienti-sat.org
Thu Mar 12 01:29:59 PDT 2020


On 2020-03-12 05:04, Steve Siirila wrote:
> Has anyone turned on RejectFailures in their opendmarc milter
> configuration?  I have a couple of questions:

Yes, of course.

>    1. Does this conditionally reject based on the sender domain's DMARC
>    policy?
>    2. If #1 is true, is there a way to distinguish between p=REJECT and
>    p=QUARANTINE modes?
> 
> What we are looking for is a way to have our MTA reject only for 
> senders
> whose DMARC policy is REJECT and who fail DMARC.  For p=NONE and
> p=QUARANTINE we want to pass email through.  Is anyone currently doing 
> this
> or have any suggestions?

OpenDMARC will reject if the sender's domain has p=reject. On 
p=quarantine it will depend on you MTA: Postfix will put those messages 
on hold and you have to release (or delete) them manually. As this is 
not ideal, there is a patch that will add an option to OpenDMARC to let 
those messages pass.

I'll attach it.

Cheers,
   Juri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: z00_ticket138_v3.patch
Type: text/x-diff
Size: 3286 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20200312/bc257742/attachment.patch>


More information about the opendmarc-users mailing list