[opendmarc-users] Enforcing p=REJECT

Steve Siirila sfs at umn.edu
Thu Mar 12 06:39:27 PDT 2020


Thanks Juri, much appreciated!  That's the behavior we were looking for.


On Thu, Mar 12, 2020 at 3:30 AM Juri Haberland <juri at sapienti-sat.org>
wrote:

> On 2020-03-12 05:04, Steve Siirila wrote:
> > Has anyone turned on RejectFailures in their opendmarc milter
> > configuration?  I have a couple of questions:
>
> Yes, of course.
>
> >    1. Does this conditionally reject based on the sender domain's DMARC
> >    policy?
> >    2. If #1 is true, is there a way to distinguish between p=REJECT and
> >    p=QUARANTINE modes?
> >
> > What we are looking for is a way to have our MTA reject only for
> > senders
> > whose DMARC policy is REJECT and who fail DMARC.  For p=NONE and
> > p=QUARANTINE we want to pass email through.  Is anyone currently doing
> > this
> > or have any suggestions?
>
> OpenDMARC will reject if the sender's domain has p=reject. On
> p=quarantine it will depend on you MTA: Postfix will put those messages
> on hold and you have to release (or delete) them manually. As this is
> not ideal, there is a patch that will add an option to OpenDMARC to let
> those messages pass.
>
> I'll attach it.
>
> Cheers,
>    Juri_______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20200312/a482623b/attachment-0001.htm>


More information about the opendmarc-users mailing list