[opendmarc-users] Override Quarantine?

postfix at ptld.com postfix at ptld.com
Sat Jul 17 13:32:57 PDT 2021


>> Is there anyway to override policies and have opendmarc treat a 
>> p=quarantine as p=reject?

> On 07-16-2021 3:55 am, Дилян Палаузов wrote:
> 
> you can apply this patch
> https://mail.aegee.org/cgit/OpenDMARC/commit/?id=b20af25a672607b826c6314260de5836d88aee35
> and then you have such an option.

I found a way using postfix to accomplish this without having to 
patch/rebuild opendmarc.
If anyone else was curious how:

   postfix main.cf:
     milter_header_checks = pcre:/etc/postfix/header_checks_milter

   header_checks_milter:
     if /^Authentication-Results:/
     if / dmarc=fail /
     !/p=reject/     REJECT DMARC Failed and Local p=reject Policy 
Enforced
     endif
     endif

The text after the REJECT action is optional and can be anything. You 
can filter for different conditions to fine tune it to your liking such 
as only enforcing if the domain policy is p=quarantine. Syntax, options 
and formatting is found on http://www.postfix.org/header_checks.5.html


More information about the opendmarc-users mailing list