centos:mail_c6:mta_13

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
centos:mail_c6:mta_13 [28.03.2014 15:33. ] – [/etc/opendmarc.conf] djangocentos:mail_c6:mta_13 [20.05.2021 12:41. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 2: Zeile 2:
 {{:centos:mail_c6:dmarc-logo.png?nolink |DMARC Logo}}  {{:centos:mail_c6:dmarc-logo.png?nolink |DMARC Logo}} 
  
-**DMARC**((**D**omain-based **M**essage **A**uthentication, **R**eporting & **C**onformance)) ist an sich kein eigenständiger Prozess in der eMail-Verarbeitung, vielmehr erweitert DMARC auf die beiden Techniken **SPF**((**S**ender **P**olicy **F**ramework)) und **DKIM**((**D**omainKeys **I**dentified **M**ail)). DMARC ergänzt somit DKIM und SPF, ohne die DMARC nicht funktionieren kann.  +**DMARC**((**D**omain-based **M**essage **A**uthentication, **R**eporting & **C**onformance)) ist an sich kein eigenständiger Prozess in der eMail-Verarbeitung, vielmehr erweitert DMARC auf die beiden Techniken **[[centos:mail_c6:mta_10|SPF]]**((**S**ender **P**olicy **F**ramework)) und **[[centos:mail_c6:mta_9|DKIM]]**((**D**omainKeys **I**dentified **M**ail)). DMARC ergänzt somit DKIM und SPF, ohne die DMARC nicht funktionieren kann.  
 Hinweise zu DMARC findet man bei auch auf der Webseite von [[http://dmarc.org|DMARC.org]], oder im [[https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/|Entwurf der Network Working Group]], die der **[[http://www.ietf.org/|ITF]]**((The **I**nternet Engineering **T**ask **F**orce)) Anfang 2012 zur Prüfung vorgelegt wurde. Hinweise zu DMARC findet man bei auch auf der Webseite von [[http://dmarc.org|DMARC.org]], oder im [[https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/|Entwurf der Network Working Group]], die der **[[http://www.ietf.org/|ITF]]**((The **I**nternet Engineering **T**ask **F**orce)) Anfang 2012 zur Prüfung vorgelegt wurde.
  
Zeile 18: Zeile 18:
 Das nachfolgende Schaubild zeigt den Bearbeitungsverlauf einer eMail mit Berücksichtigung auf DMARC auf. Das nachfolgende Schaubild zeigt den Bearbeitungsverlauf einer eMail mit Berücksichtigung auf DMARC auf.
  
-<uml width=900 title="DMARC - Verarbeitungsschritte einer eMail"+<uml> 
 +skinparam defaultFontName Courier
 state "Absender Klaus generiert eMail" as sender state "Absender Klaus generiert eMail" as sender
 sender : ------------------------------------------- sender : -------------------------------------------
Zeile 43: Zeile 43:
   state "Mail-Ausgang" as smtp_a   state "Mail-Ausgang" as smtp_a
   smtp_a : Versand der eMail   smtp_a : Versand der eMail
-  smtp_a : zum eMail-Server +  smtp_a : zum eMail-Server (MTA)
   smtp_a : des Empfängers   smtp_a : des Empfängers
 } }
Zeile 298: Zeile 298:
  
 Im Falle der x86_64-Pakete sind dies dann entsprechend folgende Pakete: Im Falle der x86_64-Pakete sind dies dann entsprechend folgende Pakete:
-   # wget http://repository.nausch.org/public/x86_64/libopendmarc-1.2.0-2.el6.x86_64.rpm+   # wget http://repository.nausch.org/public/x86_64/libopendmarc-1.3.0-beta0.el6.x86_64.rpm
  
-   # wget http://repository.nausch.org/public/x86_64/opendmarc-1.2.0-2.el6.x86_64.rpm+   # wget http://repository.nausch.org/public/x86_64/opendmarc-1.3.0-beta0.el6.x86_64.rpm
  
 ===== Installation ===== ===== Installation =====
-   # yum localinstall libopendmarc-1.2.0-1.el6.x86_64.rpm opendmarc-1.2.0-1.el6.x86_64.rpm+   # yum localinstall libopendmarc-1.3.0-beta0.el6.x86_64.rpm opendmarc-1.3.0-beta0.el6.x86_64.rpm
  
  
    # rpm -qil opendmarc    # rpm -qil opendmarc
-<code>Name        : opendmarc                    Relocations: (not relocatable) +<code>Version     : 1.3.0                             Vendor: Django 
-Version     : 1.2.0                             Vendor: django +Release     : beta0.el6                     Build Date: Mon 28 Apr 2014 05:46:34 PM CEST 
-Release     : 1.el6                         Build Date: Tue 18 Mar 2014 11:08:28 PM CET +Install Date: Mon 28 Apr 2014 05:50:47 PM CEST      Build Host: vml010039.intra.nausch.org 
-Install Date: Tue 18 Mar 2014 11:18:08 PM CET      Build Host: vml010039.intra.nausch.org +Group       : System Environment/Daemons    Source RPM: opendmarc-1.3.0-beta0.el6.src.rpm 
-Group       : System Environment/Daemons    Source RPM: opendmarc-1.2.0-1.el6.src.rpm +Size        : 175607                           License: BSD and Sendmail 
-Size        : 173606                           License: BSD and Sendmail +Signature   : RSA/SHA1, Mon 28 Apr 2014 05:46:35 PM CEST, Key ID 31b4758f7c65ab27
-Signature   : RSA/SHA1, Tue 18 Mar 2014 11:08:30 PM CET, Key ID 31b4758f7c65ab27+
 Packager    : Django Packager    : Django
 URL         : http://http://www.trusteddomain.org/opendmarc.html URL         : http://http://www.trusteddomain.org/opendmarc.html
Zeile 336: Zeile 335:
 /usr/sbin/opendmarc-params /usr/sbin/opendmarc-params
 /usr/sbin/opendmarc-reports /usr/sbin/opendmarc-reports
-/usr/share/doc/opendmarc-1.2.0 +/usr/share/doc/opendmarc-1.3.0 
-/usr/share/doc/opendmarc-1.2.0/INSTALL +/usr/share/doc/opendmarc-1.3.0/INSTALL 
-/usr/share/doc/opendmarc-1.2.0/README +/usr/share/doc/opendmarc-1.3.0/README 
-/usr/share/doc/opendmarc-1.2.0/README.schema +/usr/share/doc/opendmarc-1.3.0/README.schema 
-/usr/share/doc/opendmarc-1.2.0/RELEASE_NOTES +/usr/share/doc/opendmarc-1.3.0/RELEASE_NOTES 
-/usr/share/doc/opendmarc-1.2.0/schema.mysql+/usr/share/doc/opendmarc-1.3.0/schema.mysql
 /usr/share/man/man5/opendmarc.conf.5.gz /usr/share/man/man5/opendmarc.conf.5.gz
 /usr/share/man/man8/opendmarc-check.8.gz /usr/share/man/man8/opendmarc-check.8.gz
Zeile 352: Zeile 351:
 /var/run/opendmarc /var/run/opendmarc
 /var/spool/opendmarc /var/spool/opendmarc
 +</code>
 +
 +  # rpm -qil libopendmarc
 +<code>Name        : libopendmarc                 Relocations: (not relocatable)
 +Version     : 1.3.0                             Vendor: Django
 +Release     : beta0.el6                     Build Date: Mon 28 Apr 2014 05:46:34 PM CEST
 +Install Date: Mon 28 Apr 2014 05:50:46 PM CEST      Build Host: vml010039.intra.nausch.org
 +Group       : System Environment/Libraries   Source RPM: opendmarc-1.3.0-beta0.el6.src.rpm
 +Size        : 69016                            License: BSD and Sendmail
 +Signature   : RSA/SHA1, Mon 28 Apr 2014 05:46:35 PM CEST, Key ID 31b4758f7c65ab27
 +Packager    : Django
 +URL         : http://http://www.trusteddomain.org/opendmarc.html
 +Summary     : An open source DMARC library
 +Description :
 +This package contains the library files required for running services built
 +using libopendmarc.
 +/usr/lib64/libopendmarc.so.1
 +/usr/lib64/libopendmarc.so.1.0.2
 </code> </code>
  
Zeile 1116: Zeile 1133:
  
 ##  AuthservID (string) ##  AuthservID (string)
-##   defaults to MTA name+##      defaults to MTA name
 ## ##
 ##  Sets the "authserv-id" to use when generating the Authentication-Results: ##  Sets the "authserv-id" to use when generating the Authentication-Results:
Zeile 1128: Zeile 1145:
  
 ##  AuthservIDWithJobID { true | false } ##  AuthservIDWithJobID { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If "true", requests that the authserv-id portion of the added ##  If "true", requests that the authserv-id portion of the added
Zeile 1139: Zeile 1156:
  
 ##  AutoRestart { true | false } ##  AutoRestart { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Automatically re-start on failures. Use with caution; if the filter fails ##  Automatically re-start on failures. Use with caution; if the filter fails
Zeile 1147: Zeile 1164:
  
 ##  AutoRestartCount n ##  AutoRestartCount n
-##   default 0+##      default 0
 ## ##
 ##  Sets the maximum automatic restart count.  After this number of automatic ##  Sets the maximum automatic restart count.  After this number of automatic
Zeile 1156: Zeile 1173:
  
 ##  AutoRestartRate n/t[u] ##  AutoRestartRate n/t[u]
-##   default (no limit)+##      default (no limit)
 ## ##
 ##  Sets the maximum automatic restart rate.  If the filter begins restarting ##  Sets the maximum automatic restart rate.  If the filter begins restarting
Zeile 1171: Zeile 1188:
  
 ##  Background { true | false } ##  Background { true | false }
-##   default "true"+##      default "true"
 ## ##
 ##  Causes opendmarc to fork and exits immediately, leaving the service ##  Causes opendmarc to fork and exits immediately, leaving the service
Zeile 1179: Zeile 1196:
  
 ##  BaseDirectory (string) ##  BaseDirectory (string)
-##   default (none)+##      default (none)
 ## ##
 ##  If set, instructs the filter to change to the specified directory using ##  If set, instructs the filter to change to the specified directory using
Zeile 1190: Zeile 1207:
  
 ##  ChangeRootDirectory (string) ##  ChangeRootDirectory (string)
-##   default (none)+##      default (none)
 ## ##
 ##  Requests that the operating system change the effective root directory of ##  Requests that the operating system change the effective root directory of
Zeile 1200: Zeile 1217:
  
 ##  CopyFailuresTo (string) ##  CopyFailuresTo (string)
-##   default (none)+##      default (none)
 ## ##
 ##  Requests addition of the specified email address to the envelope of ##  Requests addition of the specified email address to the envelope of
Zeile 1208: Zeile 1225:
  
 ##  DNSTimeout (integer) ##  DNSTimeout (integer)
-##   default 5+##      default 5
 ##  ## 
 ##  Sets the DNS timeout in seconds.  A value of 0 causes an infinite wait. ##  Sets the DNS timeout in seconds.  A value of 0 causes an infinite wait.
Zeile 1216: Zeile 1233:
  
 ##  EnableCoredumps { true | false } ##  EnableCoredumps { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  On systems that have such support, make an explicit request to the kernel ##  On systems that have such support, make an explicit request to the kernel
Zeile 1227: Zeile 1244:
  
 ##  ForensicReports { true | false } ##  ForensicReports { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Enables generation of forensic reports when the DMARC test fails and the ##  Enables generation of forensic reports when the DMARC test fails and the
Zeile 1238: Zeile 1255:
  
 ##  ForensicReportsBcc (string) ##  ForensicReportsBcc (string)
-##   default (none)+##      default (none)
 ## ##
 ##  When forensic reports are enabled and one is to be generated, always ##  When forensic reports are enabled and one is to be generated, always
Zeile 1251: Zeile 1268:
  
 ##  ForensicReportsOnNone { true | false } ##  ForensicReportsOnNone { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Supplements the "ForensicReports" setting by generating reports for ##  Supplements the "ForensicReports" setting by generating reports for
Zeile 1259: Zeile 1276:
  
 # ForensicReportsOnNone false # ForensicReportsOnNone false
-# Django : 2014-03-18 
-ForensicReportsOnNone true 
  
 ##  ForensicReportsSentBy string ##  ForensicReportsSentBy string
-##   default "USER@HOSTNAME"+##      default "USER@HOSTNAME"
 ## ##
 ##  Specifies the email address to use in the From: field of forensic ##  Specifies the email address to use in the From: field of forensic
Zeile 1276: Zeile 1291:
  
 ##  HistoryFile path ##  HistoryFile path
-##   default (none)+##      default (none)
 ## ##
 ##  If set, specifies the location of a text file to which records are written ##  If set, specifies the location of a text file to which records are written
Zeile 1287: Zeile 1302:
 # #
 HistoryFile /var/run/opendmarc/opendmarc.dat HistoryFile /var/run/opendmarc/opendmarc.dat
 +             
  
 ##  IgnoreHosts path ##  IgnoreHosts path
-##   default (internal)+##      default (internal)
 ## ##
 ##  Specifies the path to a file that contains a list of hostnames, IP ##  Specifies the path to a file that contains a list of hostnames, IP
Zeile 1301: Zeile 1317:
  
 ##  IgnoreMailFrom domain[,...] ##  IgnoreMailFrom domain[,...]
-##   default (none)+##      default (none)
 ## ##
 ##  Gives a list of domain names whose mail (based on the From: domain) is to ##  Gives a list of domain names whose mail (based on the From: domain) is to
Zeile 1311: Zeile 1327:
  
 ##  MilterDebug (integer) ##  MilterDebug (integer)
-##   default 0+##      default 0
 ## ##
 ##  Sets the debug level to be requested from the milter library. ##  Sets the debug level to be requested from the milter library.
 # #
 # MilterDebug 0 # MilterDebug 0
 +# Django : 2014-04-28
 +MilterDebug 5
  
 ##  PidFile path ##  PidFile path
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the path to a file that should be created at process start ##  Specifies the path to a file that should be created at process start
Zeile 1329: Zeile 1347:
  
 ##  PublicSuffixList path ##  PublicSuffixList path
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the path to a file that contains top-level domains (TLDs) that ##  Specifies the path to a file that contains top-level domains (TLDs) that
Zeile 1340: Zeile 1358:
  
 ##  RecordAllMessages { true | false } ##  RecordAllMessages { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set and "HistoryFile" is in use, all received messages are recorded ##  If set and "HistoryFile" is in use, all received messages are recorded
Zeile 1350: Zeile 1368:
  
 ##  RejectFailures { true | false } ##  RejectFailures { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set, messages will be rejected if they fail the DMARC evaluation, or ##  If set, messages will be rejected if they fail the DMARC evaluation, or
Zeile 1359: Zeile 1377:
 # #
 # RejectFailures false # RejectFailures false
 +# Django : 2014-03-24
 +RejectFailures true
  
 ##  ReportCommand string ##  ReportCommand string
-##   default "/usr/sbin/sendmail -t"+##      default "/usr/sbin/sendmail -t"
 ## ##
 ##  Indicates the shell command to which forensic reports should be passed for ##  Indicates the shell command to which forensic reports should be passed for
Zeile 1369: Zeile 1389:
  
 ##  RequiredHeaders { true | false } ##  RequiredHeaders { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  If set, the filter will ensure the header of the message conforms to the ##  If set, the filter will ensure the header of the message conforms to the
Zeile 1380: Zeile 1400:
  
 ##  Socket socketspec ##  Socket socketspec
-##   default (none)+##      default (none)
 ## ##
 ##  Specifies the socket that should be established by the filter to receive ##  Specifies the socket that should be established by the filter to receive
Zeile 1397: Zeile 1417:
  
 ##  SoftwareHeader { true | false } ##  SoftwareHeader { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Causes the filter to add a "DMARC-Filter" header field indicating the ##  Causes the filter to add a "DMARC-Filter" header field indicating the
Zeile 1407: Zeile 1427:
 # Django : 2014-03-18 # Django : 2014-03-18
 SoftwareHeader true SoftwareHeader true
 +
 +##  SPFIgnoreResults { true | false }
 +##      default "false"
 +##
 +##  Causes the filter to ignore any SPF results in the header of the
 +##  message.  This is useful if you want the filter to perfrom SPF checks
 +##  itself, or because you don't trust the arriving header.
 +#
 +# SPFIgnoreResults false
 +
 +##  SPFSelfValidate { true | false }
 +##      default false
 +##
 +##  Causes the filter to perform a fallback SPF check itself when
 +##  it can find no SPF results in the message header.  If SPFIgnoreResults
 +##  is also set, it never looks for SPF results in headers and
 +##  always performs the SPF check itself when this is set.
 +#
 +# SPFSelfValidate false
 +# Django : 2014-04-28
 +SPFSelfValidate true
  
 ##  Syslog { true | false } ##  Syslog { true | false }
-##   default "false"+##      default "false"
 ## ##
 ##  Log via calls to syslog(3) any interesting activity. ##  Log via calls to syslog(3) any interesting activity.
Zeile 1418: Zeile 1459:
  
 ##  SyslogFacility facility-name ##  SyslogFacility facility-name
-##   default "mail"+##      default "mail"
 ## ##
 ##  Log via calls to syslog(3) using the named facility.  The facility names ##  Log via calls to syslog(3) using the named facility.  The facility names
 ##  are the same as the ones allowed in syslog.conf(5). ##  are the same as the ones allowed in syslog.conf(5).
 # #
 +# SyslogFacility mail
  
 ##  TemporaryDirectory path ##  TemporaryDirectory path
-##   default /var/tmp+##      default /var/tmp
 ## ##
 ##  Specifies the directory in which temporary files should be written. ##  Specifies the directory in which temporary files should be written.
Zeile 1432: Zeile 1474:
  
 ##  TrustedAuthservIDs string ##  TrustedAuthservIDs string
-##   default HOSTNAME+##      default HOSTNAME
 ## ##
 ##  Specifies one or more "authserv-id" values to trust as relaying true ##  Specifies one or more "authserv-id" values to trust as relaying true
Zeile 1444: Zeile 1486:
  
 ##  UMask mask ##  UMask mask
-##   default (none)+##      default (none)
 ## ##
 ##  Requests a specific permissions mask to be used for file creation.  This ##  Requests a specific permissions mask to be used for file creation.  This
Zeile 1454: Zeile 1496:
 # #
 # UMask 077 # UMask 077
 +# Django : 2014-03-23
 +UMask 007
  
 ##  UserID user[:group] ##  UserID user[:group]
-##   default (none)+##      default (none)
 ## ##
 ##  Attempts to become the specified userid before starting operations. ##  Attempts to become the specified userid before starting operations.
Zeile 1749: Zeile 1793:
    # service opendmarc start    # service opendmarc start
 Im /var/log/maillog wird der erfolgreiche Start ausreichend dokumentiert:  Im /var/log/maillog wird der erfolgreiche Start ausreichend dokumentiert: 
-  Mar 19 00:02:17 vml000080 opendmarc[13533]: OpenDMARC Filter v1.2.0 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) +  Apr 28 19:32:24 vml000080 opendmarc[28728]: OpenDMARC Filter: Opening listen socket on conn inet:10012@localhost 
-  Mar 19 00:02:17 vml000080 opendmarc[13533]: trusted authentication services: mx01.nausch.org+  Apr 28 19:32:24 vml000080 opendmarc[28729]: OpenDMARC Filter v1.3.0 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) 
 +  Apr 28 19:32:24 vml000080 opendmarc[28729]: trusted authentication services: mx01.nausch.org 
  
-Über den Port 10003 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:+Über den Port 10012 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
    # lsof -i :10003    # lsof -i :10003
  
Zeile 1759: Zeile 1805:
  
 Auch mit Hilfe von **netstat** können wir abfragen, ob der Port **1003** in Verwendung ist. Auch mit Hilfe von **netstat** können wir abfragen, ob der Port **1003** in Verwendung ist.
-   # netstat -tulpen | grep 10003+   # netstat -tulpen | grep 10012
  
-  tcp        0      0 127.0.0.1:10003             0.0.0.0:                  LISTEN      0          115489     13533/opendmarc     +  tcp        0      0 127.0.0.1:10012             0.0.0.0:                  LISTEN      0          115489     13533/opendmarc     
  
 Anschließend können wir nun auch unseren Postfix-Mailserver durchstarten, damit die Änderungen an seiner [[centos:mail_c6:mta_13#postfix|Konfiguration]] auch wirksam wird. Anschließend können wir nun auch unseren Postfix-Mailserver durchstarten, damit die Änderungen an seiner [[centos:mail_c6:mta_13#postfix|Konfiguration]] auch wirksam wird.
  • centos/mail_c6/mta_13.1396020827.txt.gz
  • Zuletzt geändert: 28.03.2014 15:33.
  • von django