- 追加された行はこの色です。
- 削除された行はこの色です。
#author("2022-07-26T14:55:41+09:00","default:kuji","kuji")
#author("2022-08-09T17:50:32+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*Open DMARC [#o2097502]
portinstall mail/opendmarc
/etc/rc.conf
opendmarc_enable="YES"
opendmarc_socketspec="/var/run/opendmarc/socket"
**/usr/local/etc/mail/opendmarc.conf の編集 [#hf76cfdc]
/usr/local/etc/mail/にサンプルファイルがあるのでコピー
## opendmarc.conf -- configuration file for OpenDMARC filter
##
## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved.
AutoRestart ture
BaseDirectory /var/run/opendmarc
IgnoreHosts /usr/local/etc/mail/opendmarc_ignore.hosts
IgnoreMailFrom smb.net
Socket local:/var/run/opendmarc/socket
SPFSelfValidate true
UMask 002
**IgnoreHostsの編集 [#m0077c52]
/usr/local/etc/mail/opendmarc_ignore.hosts
localhost
::1
2001:db8::/32
127.0.0.0/8
192.168.1.0/24
**postfixの設定変更 [#mf6d95e6]
/usr/local/etc/postfix/main.cf
3行目のみ追加
# mail filter
smtpd_milters =
unix:/var/run/milteropendkim/socket
unix:/var/run/opendmarc/socket ← この行
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
**policyd-spf設定削除 [#x4e53413]
今回、opendmarcのspf評価を使用するためpolicyd-spfの設定を削除する。
/usr/local/etc/postfix/main.cf
# policyd-spf
#policyd-spf_time_limit = 3600
# check_policy_service unix:private/policyd-spf
/usr/local/etc/postfix/master.cf
#policyd-spf unix - n n - 0 spawn
# user=nobody argv=/usr/local/bin/policyd-spf
**DNSにTXTレコード追加 [#k539ba6d]
/usr/local/etc/namedb/master/smb.net.zone
_dmarc IN TXT "v=DMARC1; p=none; sp=none; ri=3600; rua=mailto:postmaster@smb.net; ruf=mailto:postmaster@smb.net"
**起動 [#dd023283]
# service opendmarc start
Starting opendmarc.
# service postfix restart
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: starting the Postfix mail system
***Mail header [#q6326238]
dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=v1em8NmM;
dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=v1em8NmM;
spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender) smtp.mailfrom=root@g7.kuji-clinic.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kuji-clinic.net
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);