From fba4d4702e233fa66591ca37e6fe71225c661846 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Mon, 16 Feb 2015 23:16:09 +0000 Subject: [PATCH] install opendmarc to add Authentication-Results headers for DMARC too --- management/status_checks.py | 1 + setup/dkim.sh | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) mode change 100644 => 100755 setup/dkim.sh diff --git a/management/status_checks.py b/management/status_checks.py index 0fccd98d..e20cbabd 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -65,6 +65,7 @@ def run_services_checks(env, output): { "name": "Postgrey", "port": 10023, "public": False, }, { "name": "Spamassassin", "port": 10025, "public": False, }, { "name": "OpenDKIM", "port": 8891, "public": False, }, + { "name": "OpenDMARC", "port": 8893, "public": False, }, { "name": "Memcached", "port": 11211, "public": False, }, { "name": "Sieve (dovecot)", "port": 4190, "public": True, }, { "name": "Mail-in-a-Box Management Daemon", "port": 10222, "public": False, }, diff --git a/setup/dkim.sh b/setup/dkim.sh old mode 100644 new mode 100755 index 453dedf3..4ef82419 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -10,7 +10,7 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars # Install DKIM... -apt_install opendkim opendkim-tools +apt_install opendkim opendkim-tools opendmarc # Make sure configuration directories exist. mkdir -p /etc/opendkim; @@ -48,15 +48,25 @@ fi chown -R opendkim:opendkim $STORAGE_ROOT/mail/dkim chmod go-rwx $STORAGE_ROOT/mail/dkim -# Add OpenDKIM as a milter to postfix, which is how it intercepts outgoing -# mail to perform the signing (by adding a mail header). -# Be careful. If we add other milters later, it needs to be concatenated on the smtpd_milters line. #NODOC +tools/editconf.py /etc/opendmarc.conf -s \ + "Syslog=true" \ + "Socket=inet:8893@[127.0.0.1]" + +# Add OpenDKIM and OpenDMARC as milters to postfix, which is how OpenDKIM +# intercepts outgoing mail to perform the signing (by adding a mail header) +# and how they both intercept incoming mail to add Authentication-Results +# headers. The order possibly/probably matters: OpenDMARC relies on the +# OpenDKIM Authentication-Results header already being present. +# +# Be careful. If we add other milters later, this needs to be concatenated +# on the smtpd_milters line. tools/editconf.py /etc/postfix/main.cf \ - smtpd_milters=inet:127.0.0.1:8891 \ + "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\ non_smtpd_milters=\$smtpd_milters \ milter_default_action=accept # Restart services. restart_service opendkim +restart_service opendmarc restart_service postfix