centos:mail_c6:mta_13

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
centos:mail_c6:mta_13 [23.03.2014 21:25. ] – [dbCollecting script anlegen] djangocentos:mail_c6:mta_13 [20.05.2021 12:41. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 2: Zeile 2:
 {{:centos:mail_c6:dmarc-logo.png?nolink |DMARC Logo}}  {{:centos:mail_c6:dmarc-logo.png?nolink |DMARC Logo}} 
  
-**DMARC**((**D**omain-based **M**essage **A**uthentication, **R**eporting & **C**onformance)) ist an sich kein eigenständiger Prozess in der eMail-Verarbeitung, vielmehr erweitert DMARC auf die beiden Techniken **SPF**((**S**ender **P**olicy **F**ramework)) und **DKIM**((**D**omainKeys **I**dentified **M**ail)). DMARC ergänzt somit DKIM und SPF, ohne die DMARC nicht funktionieren kann.  +**DMARC**((**D**omain-based **M**essage **A**uthentication, **R**eporting & **C**onformance)) ist an sich kein eigenständiger Prozess in der eMail-Verarbeitung, vielmehr erweitert DMARC auf die beiden Techniken **[[centos:mail_c6:mta_10|SPF]]**((**S**ender **P**olicy **F**ramework)) und **[[centos:mail_c6:mta_9|DKIM]]**((**D**omainKeys **I**dentified **M**ail)). DMARC ergänzt somit DKIM und SPF, ohne die DMARC nicht funktionieren kann.  
 Hinweise zu DMARC findet man bei auch auf der Webseite von [[http://dmarc.org|DMARC.org]], oder im [[https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/|Entwurf der Network Working Group]], die der **[[http://www.ietf.org/|ITF]]**((The **I**nternet Engineering **T**ask **F**orce)) Anfang 2012 zur Prüfung vorgelegt wurde. Hinweise zu DMARC findet man bei auch auf der Webseite von [[http://dmarc.org|DMARC.org]], oder im [[https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/|Entwurf der Network Working Group]], die der **[[http://www.ietf.org/|ITF]]**((The **I**nternet Engineering **T**ask **F**orce)) Anfang 2012 zur Prüfung vorgelegt wurde.
  
Zeile 18: Zeile 18:
 Das nachfolgende Schaubild zeigt den Bearbeitungsverlauf einer eMail mit Berücksichtigung auf DMARC auf. Das nachfolgende Schaubild zeigt den Bearbeitungsverlauf einer eMail mit Berücksichtigung auf DMARC auf.
  
-<uml width=900 title="DMARC - Verarbeitungsschritte einer eMail"+<uml> 
 +skinparam defaultFontName Courier
 state "Absender Klaus generiert eMail" as sender state "Absender Klaus generiert eMail" as sender
 sender : ------------------------------------------- sender : -------------------------------------------
Zeile 43: Zeile 43:
   state "Mail-Ausgang" as smtp_a   state "Mail-Ausgang" as smtp_a
   smtp_a : Versand der eMail   smtp_a : Versand der eMail
-  smtp_a : zum eMail-Server +  smtp_a : zum eMail-Server (MTA)
   smtp_a : des Empfängers   smtp_a : des Empfängers
 } }
Zeile 178: Zeile 178:
  
 </uml> </uml>
 +===== Zusammenspiel von DKIM, SPF und DMARC =====
 +
 +<WRAP round important> \\ Möchten wir DMARC bei unserem Mailserver einsetzen, ist es wichtig, dass alle drei Komponenten via **Milter**((**M**ail-F**ilter**)) an unseren Postfix-Mailserver angebunden werden. Nur so stehen dem **DMARC**-Daemon alle relevanten Headerinformationen zur Bewertung zur Verfügung. \\
 +</WRAP>
 +
 +Wir setzen daher bei unserer Installation jeweils folgende Pakete ein:
 +  * **SPF** **smf-spf** aus [[http://repository.nausch.org/public/|Djangos-Repository]]
 +  * **DKIM** **opendkim** aus dem [[centos:rpmforge6|RPMforge]]
 +  * **DMARC** **opendmarc** aus [[http://repository.nausch.org/public/|Djangos-Repository]]
 +
 +Die Installation von **SPF-Milter** ist im Kapitel [[centos:mail_c6:mta_10|SPF - Sender Policy Framework]] und **OpenDKIM-Milter** im Kapitel [[centos:mail_c6:mta_9?=opendkim#besonderheit_-_dmarc|DKIM - Domain Key Identified Mail]] genauer beschrieben.
 +
 +
 +
 +
 ===== DMARC-Record ===== ===== DMARC-Record =====
 ==== Beschreibung des Datensatzes ==== ==== Beschreibung des Datensatzes ====
Zeile 283: Zeile 298:
  
 Im Falle der x86_64-Pakete sind dies dann entsprechend folgende Pakete: Im Falle der x86_64-Pakete sind dies dann entsprechend folgende Pakete:
-   # wget http://repository.nausch.org/public/x86_64/libopendmarc-1.2.0-2.el6.x86_64.rpm+   # wget http://repository.nausch.org/public/x86_64/libopendmarc-1.3.0-beta0.el6.x86_64.rpm
  
-   # wget http://repository.nausch.org/public/x86_64/opendmarc-1.2.0-2.el6.x86_64.rpm+   # wget http://repository.nausch.org/public/x86_64/opendmarc-1.3.0-beta0.el6.x86_64.rpm
  
 ===== Installation ===== ===== Installation =====
-   # yum localinstall libopendmarc-1.2.0-1.el6.x86_64.rpm opendmarc-1.2.0-1.el6.x86_64.rpm+   # yum localinstall libopendmarc-1.3.0-beta0.el6.x86_64.rpm opendmarc-1.3.0-beta0.el6.x86_64.rpm
  
  
    # rpm -qil opendmarc    # rpm -qil opendmarc
-<code>Name        : opendmarc                    Relocations: (not relocatable) +<code>Version     : 1.3.0                             Vendor: Django 
-Version     : 1.2.0                             Vendor: django +Release     : beta0.el6                     Build Date: Mon 28 Apr 2014 05:46:34 PM CEST 
-Release     : 1.el6                         Build Date: Tue 18 Mar 2014 11:08:28 PM CET +Install Date: Mon 28 Apr 2014 05:50:47 PM CEST      Build Host: vml010039.intra.nausch.org 
-Install Date: Tue 18 Mar 2014 11:18:08 PM CET      Build Host: vml010039.intra.nausch.org +Group       : System Environment/Daemons    Source RPM: opendmarc-1.3.0-beta0.el6.src.rpm 
-Group       : System Environment/Daemons    Source RPM: opendmarc-1.2.0-1.el6.src.rpm +Size        : 175607                           License: BSD and Sendmail 
-Size        : 173606                           License: BSD and Sendmail +Signature   : RSA/SHA1, Mon 28 Apr 2014 05:46:35 PM CEST, Key ID 31b4758f7c65ab27
-Signature   : RSA/SHA1, Tue 18 Mar 2014 11:08:30 PM CET, Key ID 31b4758f7c65ab27+
 Packager    : Django Packager    : Django
 URL         : http://http://www.trusteddomain.org/opendmarc.html URL         : http://http://www.trusteddomain.org/opendmarc.html
Zeile 321: Zeile 335:
 /usr/sbin/opendmarc-params /usr/sbin/opendmarc-params
 /usr/sbin/opendmarc-reports /usr/sbin/opendmarc-reports
-/usr/share/doc/opendmarc-1.2.0 +/usr/share/doc/opendmarc-1.3.0 
-/usr/share/doc/opendmarc-1.2.0/INSTALL +/usr/share/doc/opendmarc-1.3.0/INSTALL 
-/usr/share/doc/opendmarc-1.2.0/README +/usr/share/doc/opendmarc-1.3.0/README 
-/usr/share/doc/opendmarc-1.2.0/README.schema +/usr/share/doc/opendmarc-1.3.0/README.schema 
-/usr/share/doc/opendmarc-1.2.0/RELEASE_NOTES +/usr/share/doc/opendmarc-1.3.0/RELEASE_NOTES 
-/usr/share/doc/opendmarc-1.2.0/schema.mysql+/usr/share/doc/opendmarc-1.3.0/schema.mysql
 /usr/share/man/man5/opendmarc.conf.5.gz /usr/share/man/man5/opendmarc.conf.5.gz
 /usr/share/man/man8/opendmarc-check.8.gz /usr/share/man/man8/opendmarc-check.8.gz
Zeile 339: Zeile 353:
 </code> </code>
  
 +  # rpm -qil libopendmarc
 +<code>Name        : libopendmarc                 Relocations: (not relocatable)
 +Version     : 1.3.0                             Vendor: Django
 +Release     : beta0.el6                     Build Date: Mon 28 Apr 2014 05:46:34 PM CEST
 +Install Date: Mon 28 Apr 2014 05:50:46 PM CEST      Build Host: vml010039.intra.nausch.org
 +Group       : System Environment/Libraries   Source RPM: opendmarc-1.3.0-beta0.el6.src.rpm
 +Size        : 69016                            License: BSD and Sendmail
 +Signature   : RSA/SHA1, Mon 28 Apr 2014 05:46:35 PM CEST, Key ID 31b4758f7c65ab27
 +Packager    : Django
 +URL         : http://http://www.trusteddomain.org/opendmarc.html
 +Summary     : An open source DMARC library
 +Description :
 +This package contains the library files required for running services built
 +using libopendmarc.
 +/usr/lib64/libopendmarc.so.1
 +/usr/lib64/libopendmarc.so.1.0.2
 +</code>
  
-===== Konfiguration ===== +===== Konfigurations-Dokumentation ===== 
-==== Konfigurations-Dokumentation ====+==== README ====
 Viele hilfreiche Informationen zur Konfiguration von OpenDMARC finden sich in den nachfolgenden Dateien. Viele hilfreiche Informationen zur Konfiguration von OpenDMARC finden sich in den nachfolgenden Dateien.
    # less /usr/share/doc/opendmarc-1.2.0/README    # less /usr/share/doc/opendmarc-1.2.0/README
Zeile 504: Zeile 535:
 </file> </file>
  
 +==== README.schema ====
    # less /usr/share/doc/opendmarc-1.2.0/README.schema    # less /usr/share/doc/opendmarc-1.2.0/README.schema
 <file /usr/share/doc/opendmarc-1.2.0/README.schema>This directory contains the OpenDMARC schema plus any related files. <file /usr/share/doc/opendmarc-1.2.0/README.schema>This directory contains the OpenDMARC schema plus any related files.
Zeile 546: Zeile 578:
 </file> </file>
  
 +==== opendmarc.conf ====
    # man opendmarc.conf    # man opendmarc.conf
 <code>opendmarc.conf(5)                                            opendmarc.conf(5) <code>opendmarc.conf(5)                                            opendmarc.conf(5)
Zeile 780: Zeile 813:
 </code> </code>
  
 +==== opendmarc ====
    # man 8 opendmarc    # man 8 opendmarc
 <code>opendmarc(8)                                                      opendmarc(8) <code>opendmarc(8)                                                      opendmarc(8)
Zeile 887: Zeile 921:
 </code> </code>
  
 +==== reports-README ====
    # elinks http://www.trusteddomain.org/opendmarc/reports-README    # elinks http://www.trusteddomain.org/opendmarc/reports-README
 <code>OPENDMARC REPORTS <code>OPENDMARC REPORTS
Zeile 950: Zeile 985:
  
 </code> </code>
 +==== opendmarc.import ====
  
    # man opendmarc-import    # man opendmarc-import
Zeile 1008: Zeile 1043:
 </code> </code>
  
 +==== opendmarc-reports ====
    # man opendmarc-reports    # man opendmarc-reports
 <code>opendmarc-reports(8)                                      opendmarc-reports(8) <code>opendmarc-reports(8)                                      opendmarc-reports(8)
Zeile 1084: Zeile 1120:
                           The Trusted Domain Project      opendmarc-reports(8)                           The Trusted Domain Project      opendmarc-reports(8)
 </code> </code>
 +===== Konfiguration =====
 ==== opendmarc Konfiguration ==== ==== opendmarc Konfiguration ====
 Die Konfiguration von OpenDMARC erfolgt über die Konfigurationsdatei **opendmarc.conf** im Verzeichnis **/etc**. Die Konfiguration von OpenDMARC erfolgt über die Konfigurationsdatei **opendmarc.conf** im Verzeichnis **/etc**.
Zeile 1096: Zeile 1133:
  
 ##  AuthservID (string) ##  AuthservID (string)
-##   defaults to MTA name+##      defaults to MTA name
 ## ##
 ##  Sets the "authserv-id" to use when generating the Authentication-Results: ##  Sets the "authserv-id" to use when generating the Authentication-Results:
Zeile 1108: Zeile 1145:
  
 ##  AuthservIDWithJobID { true | false } ##  AuthservIDWithJobID { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If "true", requests that the authserv-id portion of the added ##  If "true", requests that the authserv-id portion of the added
Zeile 1119: Zeile 1156:
  
 ##  AutoRestart { true | false } ##  AutoRestart { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Automatically re-start on failures. Use with caution; if the filter fails ##  Automatically re-start on failures. Use with caution; if the filter fails
Zeile 1127: Zeile 1164:
  
 ##  AutoRestartCount n ##  AutoRestartCount n
-##   default 0+##      default 0
 ## ##
 ##  Sets the maximum automatic restart count.  After this number of automatic ##  Sets the maximum automatic restart count.  After this number of automatic
Zeile 1136: Zeile 1173:
  
 ##  AutoRestartRate n/t[u] ##  AutoRestartRate n/t[u]
-##   default (no limit)+##      default (no limit)
 ## ##
 ##  Sets the maximum automatic restart rate.  If the filter begins restarting ##  Sets the maximum automatic restart rate.  If the filter begins restarting
Zeile 1151: Zeile 1188:
  
 ##  Background { true | false } ##  Background { true | false }
-##   default "true"+##      default "true"
 ## ##
 ##  Causes opendmarc to fork and exits immediately, leaving the service ##  Causes opendmarc to fork and exits immediately, leaving the service
Zeile 1159: Zeile 1196:
  
 ##  BaseDirectory (string) ##  BaseDirectory (string)
-##   default (none)+##      default (none)
 ## ##
 ##  If set, instructs the filter to change to the specified directory using ##  If set, instructs the filter to change to the specified directory using
Zeile 1168: Zeile 1205:
 # #
 # BaseDirectory /var/run/opendmarc # BaseDirectory /var/run/opendmarc
-# Django : 2014-03-18 
-BaseDirectory /var/run/opendmarc 
  
 ##  ChangeRootDirectory (string) ##  ChangeRootDirectory (string)
-##   default (none)+##      default (none)
 ## ##
 ##  Requests that the operating system change the effective root directory of ##  Requests that the operating system change the effective root directory of
Zeile 1182: Zeile 1217:
  
 ##  CopyFailuresTo (string) ##  CopyFailuresTo (string)
-##   default (none)+##      default (none)
 ## ##
 ##  Requests addition of the specified email address to the envelope of ##  Requests addition of the specified email address to the envelope of
Zeile 1188: Zeile 1223:
 # #
 # CopyFailuresTo postmaster@localhost # CopyFailuresTo postmaster@localhost
-# Django : 2014-03-19 
-CopyFailuresTo postmaster@nausch.org 
  
 ##  DNSTimeout (integer) ##  DNSTimeout (integer)
-##   default 5+##      default 5
 ##  ## 
 ##  Sets the DNS timeout in seconds.  A value of 0 causes an infinite wait. ##  Sets the DNS timeout in seconds.  A value of 0 causes an infinite wait.
Zeile 1200: Zeile 1233:
  
 ##  EnableCoredumps { true | false } ##  EnableCoredumps { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  On systems that have such support, make an explicit request to the kernel ##  On systems that have such support, make an explicit request to the kernel
Zeile 1211: Zeile 1244:
  
 ##  ForensicReports { true | false } ##  ForensicReports { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Enables generation of forensic reports when the DMARC test fails and the ##  Enables generation of forensic reports when the DMARC test fails and the
Zeile 1222: Zeile 1255:
  
 ##  ForensicReportsBcc (string) ##  ForensicReportsBcc (string)
-##   default (none)+##      default (none)
 ## ##
 ##  When forensic reports are enabled and one is to be generated, always ##  When forensic reports are enabled and one is to be generated, always
Zeile 1235: Zeile 1268:
  
 ##  ForensicReportsOnNone { true | false } ##  ForensicReportsOnNone { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Supplements the "ForensicReports" setting by generating reports for ##  Supplements the "ForensicReports" setting by generating reports for
Zeile 1243: Zeile 1276:
  
 # ForensicReportsOnNone false # ForensicReportsOnNone false
-# Django : 2014-03-18 
-ForensicReportsOnNone true 
  
 ##  ForensicReportsSentBy string ##  ForensicReportsSentBy string
-##   default "USER@HOSTNAME"+##      default "USER@HOSTNAME"
 ## ##
 ##  Specifies the email address to use in the From: field of forensic ##  Specifies the email address to use in the From: field of forensic
Zeile 1260: Zeile 1291:
  
 ##  HistoryFile path ##  HistoryFile path
-##   default (none)+##      default (none)
 ## ##
 ##  If set, specifies the location of a text file to which records are written ##  If set, specifies the location of a text file to which records are written
Zeile 1271: Zeile 1302:
 # #
 HistoryFile /var/run/opendmarc/opendmarc.dat HistoryFile /var/run/opendmarc/opendmarc.dat
 +             
  
 ##  IgnoreHosts path ##  IgnoreHosts path
-##   default (internal)+##      default (internal)
 ## ##
 ##  Specifies the path to a file that contains a list of hostnames, IP ##  Specifies the path to a file that contains a list of hostnames, IP
Zeile 1285: Zeile 1317:
  
 ##  IgnoreMailFrom domain[,...] ##  IgnoreMailFrom domain[,...]
-##   default (none)+##      default (none)
 ## ##
 ##  Gives a list of domain names whose mail (based on the From: domain) is to ##  Gives a list of domain names whose mail (based on the From: domain) is to
Zeile 1295: Zeile 1327:
  
 ##  MilterDebug (integer) ##  MilterDebug (integer)
-##   default 0+##      default 0
 ## ##
 ##  Sets the debug level to be requested from the milter library. ##  Sets the debug level to be requested from the milter library.
 # #
 # MilterDebug 0 # MilterDebug 0
 +# Django : 2014-04-28
 +MilterDebug 5
  
 ##  PidFile path ##  PidFile path
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the path to a file that should be created at process start ##  Specifies the path to a file that should be created at process start
Zeile 1313: Zeile 1347:
  
 ##  PublicSuffixList path ##  PublicSuffixList path
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the path to a file that contains top-level domains (TLDs) that ##  Specifies the path to a file that contains top-level domains (TLDs) that
Zeile 1324: Zeile 1358:
  
 ##  RecordAllMessages { true | false } ##  RecordAllMessages { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set and "HistoryFile" is in use, all received messages are recorded ##  If set and "HistoryFile" is in use, all received messages are recorded
Zeile 1334: Zeile 1368:
  
 ##  RejectFailures { true | false } ##  RejectFailures { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set, messages will be rejected if they fail the DMARC evaluation, or ##  If set, messages will be rejected if they fail the DMARC evaluation, or
Zeile 1343: Zeile 1377:
 # #
 # RejectFailures false # RejectFailures false
 +# Django : 2014-03-24
 +RejectFailures true
  
 ##  ReportCommand string ##  ReportCommand string
-##   default "/usr/sbin/sendmail -t"+##      default "/usr/sbin/sendmail -t"
 ## ##
 ##  Indicates the shell command to which forensic reports should be passed for ##  Indicates the shell command to which forensic reports should be passed for
Zeile 1353: Zeile 1389:
  
 ##  RequiredHeaders { true | false } ##  RequiredHeaders { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set, the filter will ensure the header of the message conforms to the ##  If set, the filter will ensure the header of the message conforms to the
Zeile 1364: Zeile 1400:
  
 ##  Socket socketspec ##  Socket socketspec
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the socket that should be established by the filter to receive ##  Specifies the socket that should be established by the filter to receive
Zeile 1378: Zeile 1414:
 # Socket inet:8893@localhost # Socket inet:8893@localhost
 # Django : 2014-03-19 # Django : 2014-03-19
-Socket inet:10003@localhost+Socket inet:10012@localhost
  
 ##  SoftwareHeader { true | false } ##  SoftwareHeader { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Causes the filter to add a "DMARC-Filter" header field indicating the ##  Causes the filter to add a "DMARC-Filter" header field indicating the
Zeile 1391: Zeile 1427:
 # Django : 2014-03-18 # Django : 2014-03-18
 SoftwareHeader true SoftwareHeader true
 +
 +##  SPFIgnoreResults { true | false }
 +##      default "false"
 +##
 +##  Causes the filter to ignore any SPF results in the header of the
 +##  message.  This is useful if you want the filter to perfrom SPF checks
 +##  itself, or because you don't trust the arriving header.
 +#
 +# SPFIgnoreResults false
 +
 +##  SPFSelfValidate { true | false }
 +##      default false
 +##
 +##  Causes the filter to perform a fallback SPF check itself when
 +##  it can find no SPF results in the message header.  If SPFIgnoreResults
 +##  is also set, it never looks for SPF results in headers and
 +##  always performs the SPF check itself when this is set.
 +#
 +# SPFSelfValidate false
 +# Django : 2014-04-28
 +SPFSelfValidate true
  
 ##  Syslog { true | false } ##  Syslog { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Log via calls to syslog(3) any interesting activity. ##  Log via calls to syslog(3) any interesting activity.
Zeile 1402: Zeile 1459:
  
 ##  SyslogFacility facility-name ##  SyslogFacility facility-name
-##   default "mail"+##      default "mail"
 ## ##
 ##  Log via calls to syslog(3) using the named facility.  The facility names ##  Log via calls to syslog(3) using the named facility.  The facility names
 ##  are the same as the ones allowed in syslog.conf(5). ##  are the same as the ones allowed in syslog.conf(5).
 # #
 +# SyslogFacility mail
  
 ##  TemporaryDirectory path ##  TemporaryDirectory path
-##   default /var/tmp+##      default /var/tmp
 ## ##
 ##  Specifies the directory in which temporary files should be written. ##  Specifies the directory in which temporary files should be written.
Zeile 1416: Zeile 1474:
  
 ##  TrustedAuthservIDs string ##  TrustedAuthservIDs string
-##   default HOSTNAME+##      default HOSTNAME
 ## ##
 ##  Specifies one or more "authserv-id" values to trust as relaying true ##  Specifies one or more "authserv-id" values to trust as relaying true
Zeile 1428: Zeile 1486:
  
 ##  UMask mask ##  UMask mask
-##   default (none)+##      default (none)
 ## ##
 ##  Requests a specific permissions mask to be used for file creation.  This ##  Requests a specific permissions mask to be used for file creation.  This
Zeile 1438: Zeile 1496:
 # #
 # UMask 077 # UMask 077
 +# Django : 2014-03-23
 +UMask 007
  
 ##  UserID user[:group] ##  UserID user[:group]
-##   default (none)+##      default (none)
 ## ##
 ##  Attempts to become the specified userid before starting operations. ##  Attempts to become the specified userid before starting operations.
Zeile 1448: Zeile 1508:
 # UserID opendmarc # UserID opendmarc
 # Django : 2014-03-23 # Django : 2014-03-23
-UserID opendmarc:opendmarc+UserID opendmarc:dmarc
 </file> </file>
  
Zeile 1470: Zeile 1530:
 <code>AuthservID mx01.nausch.org <code>AuthservID mx01.nausch.org
 AuthservIDWithJobID true AuthservIDWithJobID true
-BaseDirectory /var/run/opendmarc 
-CopyFailuresTo postmaster@nausch.org 
 ForensicReports true ForensicReports true
 ForensicReportsBcc postmaster@nausch.org ForensicReportsBcc postmaster@nausch.org
Zeile 1479: Zeile 1537:
 IgnoreHosts /etc/opendmarc/ignore.hosts IgnoreHosts /etc/opendmarc/ignore.hosts
 PidFile /var/run/opendmarc.pid PidFile /var/run/opendmarc.pid
-Socket inet:10003@localhost+Socket inet:10012@localhost
 SoftwareHeader true SoftwareHeader true
 Syslog true Syslog true
-UserID opendmarc:opendmarc+UserID opendmarc:dmarc
 </code> </code>
  
Zeile 1711: Zeile 1769:
 ... ...
 </file> </file>
-===== Programmstart ===== 
  
-   service opendmarc start+==== Postfix ==== 
 +Die Konfiguration auf Seiten unseres Postfix-Mailserver gestaltet sich relativ einfach, muss doch nur ein zusätzlicher [[http://www.postfix.org/postconf.5.html#smtpd_milters|Mailfilter]] angelegt werden. Hier geben wir dann den Port an, den wir bei der Konfiguration von [[centos:mail_c6:mta_13#opendmarc_konfiguration|OpenDMARC]] definiert haben. 
 +   # vim /etc/postfix/main.cf
  
-  Mar 19 00:02:17 vml000080 opendmarc[13533]: OpenDMARC Filter v1.2.0 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) +<file bash /etc/postfix/main.cf>... 
-  Mar 19 00:02:17 vml000080 opendmarc[13533]: trusted authentication services: mx01.nausch.org+ 
 +# Django : 2014-03-19 
 +# SPF-Check und DKIM-Signaturüberprüfung via SMF-SPF- und DKIM-Milter einbinden. 
 +smtpd_milters = 
 +# SMF-SPF-Milter   :  
 +   inet:127.0.0.1:10010, 
 +# DKIM-Milter:  
 +   inet:127.0.0.1:10011, 
 +# DMARC-Milter   :  
 +   inet:127.0.0.1:10012 
 + 
 +... 
 +</file> 
 + 
 +===== erster manueller Programmstart ===== 
 +Nun ist es an der Zeit unseren DMARC-Daemon das erste mal zu starten. 
 +   # service opendmarc start 
 +Im /var/log/maillog wird der erfolgreiche Start ausreichend dokumentiert:  
 +  Apr 28 19:32:24 vml000080 opendmarc[28728]: OpenDMARC Filter: Opening listen socket on conn inet:10012@localhost 
 +  Apr 28 19:32:24 vml000080 opendmarc[28729]: OpenDMARC Filter v1.3.0 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) 
 +  Apr 28 19:32:24 vml000080 opendmarc[28729]: trusted authentication services: mx01.nausch.org
  
  
 +Über den Port 10012 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
    # lsof -i :10003    # lsof -i :10003
  
Zeile 1724: Zeile 1804:
   opendmarc 13533 root    3u  IPv4 115489      0t0  TCP localhost:documentum_s (LISTEN)   opendmarc 13533 root    3u  IPv4 115489      0t0  TCP localhost:documentum_s (LISTEN)
  
 +Auch mit Hilfe von **netstat** können wir abfragen, ob der Port **1003** in Verwendung ist.
 +   # netstat -tulpen | grep 10012
  
-   netstat -tulpen | grep 10003+  tcp        0      0 127.0.0.1:10012             0.0.0.0:                  LISTEN      0          115489     13533/opendmarc      
 + 
 +Anschließend können wir nun auch unseren Postfix-Mailserver durchstarten, damit die Änderungen an seiner [[centos:mail_c6:mta_13#postfix|Konfiguration]] auch wirksam wird. 
 + 
 +===== automatisches Starten des Dienste beim Systemstart =====  
 +Damit nun unser DMARC-Daemon beim Booten unseres Servers automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor. 
 +   # chkconfig opendmarc on 
 + 
 +Anschließend überprüfen wir noch unsere Änderung: 
 +   # chkconfig --list | grep opendmarc 
 + 
 +  opendmarc       0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus
  
-  tcp        0      0 127.0.0.1:10003             0.0.0.0:                  LISTEN      0          115489     13533/opendmarc      
  
 ===== Logging / Mailheader ===== ===== Logging / Mailheader =====
 +Im Maillog werden entsprechend unserer zuvor festgelegten Konfiguration, vom DMARC-Daemon logeinträge erzeugt.
 +Folgender Logeintrag zeigt einen erfolgreiche DMARC-Überprüfung.
 +  Mar 23 22:46:01 vml000080 opendmarc[25914]: C198981: gmail.com pass
  
-  DMARC-Filter: OpenDMARC Filter v1.2.0 mx01.nausch.org D9B6D83 +Im Mailheader der Nachricht, wird dies auch entsprechend vermerkt. 
-  Authentication-Results: mx01.nausch.org/D9B6D83; dmarc=none header.from=piratenpartei-bayern.de+  DMARC-Filter: OpenDMARC Filter v1.2.0 mx01.nausch.org C198981 
 +  Authentication-Results: mx01.nausch.org/C198981; dmarc=pass header.from=gmail.com
  
 +Hat der Domainbetreiber keinen DMARC-Eintrag im DNS hinterlegt, sieht die betreffende Zeile im Maillog entsprechend so aus.
 +  Mar 19 00:22:36 vml000080 opendmarc[14508]: D9B6D83: piratenpartei-bayern.de none
  
 +Auch dies wird im Mailheader entsprechend vermerkt.
 +  DMARC-Filter: OpenDMARC Filter v1.2.0 mx01.nausch.org D9B6D83
 +  Authentication-Results: mx01.nausch.org/D9B6D83; dmarc=none header.from=piratenpartei-bayern.de
  
  • centos/mail_c6/mta_13.1395609914.txt.gz
  • Zuletzt geändert: 23.03.2014 21:25.
  • von django