From 78f7d1fc19e595368d85681d4ed9449a10ad4c6e Mon Sep 17 00:00:00 2001 From: Paul Date: Tue, 16 Feb 2021 21:57:36 -0800 Subject: [PATCH] Enable sending DMARC failure reports Configures opendmarc to send failure reports for domains that request them, including when p=none. The emails are sent as the package default of package name and user@hostname: OpenDMARC Filter Note I have been running this for several months with a configuration I did not include in the PR to have reports BCC'd to me (FailureReportsBcc postmaster@example.com). Very low load for my personal server of rarely more than a dozen emails sent out per day. I am not familiar with editing scripts, so apologies in advance and please feel free to correct me. --- setup/dkim.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/setup/dkim.sh b/setup/dkim.sh index 05221b27..76dc1655 100755 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -62,7 +62,8 @@ chmod go-rwx $STORAGE_ROOT/mail/dkim tools/editconf.py /etc/opendmarc.conf -s \ "Syslog=true" \ - "Socket=inet:8893@[127.0.0.1]" + "Socket=inet:8893@[127.0.0.1]" \ + "FailureReports=true" # SPFIgnoreResults causes the filter to ignore any SPF results in the header # of the message. This is useful if you want the filter to perfrom SPF checks @@ -81,6 +82,12 @@ tools/editconf.py /etc/opendmarc.conf -s \ tools/editconf.py /etc/opendmarc.conf -s \ "SPFSelfValidate=true" +# Enables generation of failure reports for sending domains that publish a +# "none" policy. + +tools/editconf.py /etc/opendmarc.conf -s \ + "FailureReportsOnNone=true" + # AlwaysAddARHeader Adds an "Authentication-Results:" header field even to # unsigned messages from domains with no "signs all" policy. The reported DKIM # result will be "none" in such cases. Normally unsigned mail from non-strict