[opendmarc-users] Enforcing p=REJECT
Juri Haberland
juri at sapienti-sat.org
Thu Mar 12 01:29:59 PDT 2020
On 2020-03-12 05:04, Steve Siirila wrote:
> Has anyone turned on RejectFailures in their opendmarc milter
> configuration? I have a couple of questions:
Yes, of course.
> 1. Does this conditionally reject based on the sender domain's DMARC
> policy?
> 2. If #1 is true, is there a way to distinguish between p=REJECT and
> p=QUARANTINE modes?
>
> What we are looking for is a way to have our MTA reject only for
> senders
> whose DMARC policy is REJECT and who fail DMARC. For p=NONE and
> p=QUARANTINE we want to pass email through. Is anyone currently doing
> this
> or have any suggestions?
OpenDMARC will reject if the sender's domain has p=reject. On
p=quarantine it will depend on you MTA: Postfix will put those messages
on hold and you have to release (or delete) them manually. As this is
not ideal, there is a patch that will add an option to OpenDMARC to let
those messages pass.
I'll attach it.
Cheers,
Juri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: z00_ticket138_v3.patch
Type: text/x-diff
Size: 3286 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20200312/bc257742/attachment.patch>
More information about the opendmarc-users
mailing list