DMARC, SPF and DKIM
russell at coker.com.au
Thu Dec 24 12:50:09 AEDT 2015
On Thu, 24 Dec 2015 08:38:07 AM Jason White via luv-main wrote:
> I've spent time today trying to configure SPF, DKIM and DMARC for my
> Experience will determine how successful I have been.
> The next step is to configure my mail system, running Postfix, to check
> inbound mail using these mechanisms. Which tool do others prefer for this
I use opendkim to check DKIM and also sign outbound messages. In almost all
cases the program that signs messages will also check messages - assuming you
use the same server for inbound and outbound mail.
I use the Debian package postfix-policyd-spf-perl for SPF checks.
I think that SpamAssassin does SPF checks by default and you can also configure
it to use DKIM check results to add to the score (if you don't want to just
reject mail that fails DKIM).
> My DMARC record may be too strict; I essentially copied an example from
> http://www.zytrax.com/books/dns/ch9/dmarc.html (with a slight modification
> to change the address to which reports are sent). If necessary, I can
> switch to a "quarantine" rather than a "reject" policy for SPF, DKIM or
Most mailing lists break SPF and DKIM so a reject will cause you some problems
if you use many lists.
> Mailing list servers and their treatment of DKIM would be my main concern,
> although in such cases, if I understand rightly, the recipient should use
> the list server's DMARC record to determine the policy rather than mine,
> since it's the list server which is actually sending the mail out.
That's only if the header is modified for the mail to be "from" the list.
Doing that requires a recent version of Mailman (in this case Debian/Jessie
not Debian/Wheezy) and being willing to turn it on.
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the luv-main