On Thu, 24 Dec 2015 08:38:07 AM Jason White via luv-main wrote:
I've spent time today trying to configure SPF, DKIM and DMARC for my domain.
Experience will determine how successful I have been.
The next step is to configure my mail system, running Postfix, to check inbound mail using these mechanisms. Which tool do others prefer for this purpose?
I use opendkim to check DKIM and also sign outbound messages. In almost all cases the program that signs messages will also check messages - assuming you use the same server for inbound and outbound mail. I use the Debian package postfix-policyd-spf-perl for SPF checks. I think that SpamAssassin does SPF checks by default and you can also configure it to use DKIM check results to add to the score (if you don't want to just reject mail that fails DKIM).
My DMARC record may be too strict; I essentially copied an example from http://www.zytrax.com/books/dns/ch9/dmarc.html (with a slight modification to change the address to which reports are sent). If necessary, I can switch to a "quarantine" rather than a "reject" policy for SPF, DKIM or both.
Most mailing lists break SPF and DKIM so a reject will cause you some problems if you use many lists.
Mailing list servers and their treatment of DKIM would be my main concern, although in such cases, if I understand rightly, the recipient should use the list server's DMARC record to determine the policy rather than mine, since it's the list server which is actually sending the mail out.
That's only if the header is modified for the mail to be "from" the list. Doing that requires a recent version of Mailman (in this case Debian/Jessie not Debian/Wheezy) and being willing to turn it on. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/