Amavis and OpenDMARC

Noel Butler noel.butler at ausics.net
Sun Nov 12 03:10:46 CET 2023 

On 12/11/2023 02:02, Dino Edwards wrote:

>> That's correct, if you're using  only opendmarc just the 
>> inet:127.0.0.1:54321 is needed, thats all you need, are you sure it 
>> >is adding sigs on sending? send an email to check-auth at verifier.port25.com wait a minute then  check its results email.
> 
> If opendmarc requires dkim signature verification before it makes a 
> decision, I will need something that checks dkim first, right? I did 
> send an e-mail to the e-mail address you suggested and everything looks 
> good:

DMARC (thus OpenDMARC) makes its decision based on the senders DMARC fo 
policy -

if policy uses fo=0  then yes, both SPF and DKIM must exist, and both 
must pass.

if policy uses fo=1  then no, as a minimum _either_ SPF or DKIM must 
exist, and pass, so DMARC will work with only SPF or only DKIM, it will 
also work with both, which has the advantage that only one of these must 
pass, eg: SPF passes but DKIM fails, DMARC usinng fo=1 will pass.

I recommend fo=1 for general use but fo=0 for critical areas, like 
govts, legal and finance sectors, or those who deal with them on a very 
regular basis, in which case they wouldn't be authorised to use there 
govt/corp email for private use so if ill-configured mailing lists for 
example rejected them, then that's acceptable collateral damage.

-- 
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20231112/2ac077f1/attachment.htm>

More information about the amavis-users mailing list