From a839602cba8eb36b8e4a13f46ed76aeea8249766 Mon Sep 17 00:00:00 2001 From: Paul Date: Sun, 28 Feb 2021 05:21:15 -0800 Subject: [PATCH] Enable sending DMARC failure reports (#1929) Configures opendmarc to send failure reports for domains that request them, including when p=none. The emails are sent as the package default of package name and user@hostname: OpenDMARC Filter Note I have been running this for several months with a configuration I did not include in the PR to have reports BCC'd to me (FailureReportsBcc postmaster@example.com). Very low load for my personal server of rarely more than a dozen emails sent out per day. I am not familiar with editing scripts, so apologies in advance and please feel free to correct me. --- setup/dkim.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/setup/dkim.sh b/setup/dkim.sh index 05221b27..b2541a12 100755 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -62,7 +62,8 @@ chmod go-rwx $STORAGE_ROOT/mail/dkim tools/editconf.py /etc/opendmarc.conf -s \ "Syslog=true" \ - "Socket=inet:8893@[127.0.0.1]" + "Socket=inet:8893@[127.0.0.1]" \ + "FailureReports=true" # SPFIgnoreResults causes the filter to ignore any SPF results in the header # of the message. This is useful if you want the filter to perfrom SPF checks @@ -81,6 +82,12 @@ tools/editconf.py /etc/opendmarc.conf -s \ tools/editconf.py /etc/opendmarc.conf -s \ "SPFSelfValidate=true" +# Enables generation of failure reports for sending domains that publish a +# "none" policy. + +tools/editconf.py /etc/opendmarc.conf -s \ + "FailureReportsOnNone=true" + # AlwaysAddARHeader Adds an "Authentication-Results:" header field even to # unsigned messages from domains with no "signs all" policy. The reported DKIM # result will be "none" in such cases. Normally unsigned mail from non-strict