About OpenDMARC

OpenDMARC checks the DKIM and SPF validation results and source domain in the mail header. If you suspect that you are spoofing, we will contact the DNS of the source domain to handle it.

OpenDMARC - official

reference site

apt install opendmarc

adduser postfix opendmarc

mkdir -p /var/spool/postfix/opendmarc
chown -R opendmarc.opendmarc /var/spool/postfix/opendmarc

opendmarc.conf

vi /etc/opendmarc.conf

AuthservID mail4-loog

# change socket
Socket local:/var/spool/postfix/opendmarc/opendmarc.sock

# Skip ip address or domain (127.0.0.1, ::1)
IgnoreHosts /etc/opendmarc/ignore.hosts

# Even with SPF validated headers, Revalidate SPF.
SPFIgnoreResults false

# SPF validate. 
SPFSelfValidate true

# If the DMARC validation result is false and there is a DMARC policy for the source domain, follow it.
RejectFailures true

# Emails that do not comply with RFC5322 will be rejected.
RequiredHeaders true

IgnoreAuthenticatedClients true

ignore.hosts

mkdir -p /etc/opendmarc

vi /etc/opendmarc/ignore.hosts

127.0.0.1
::1

chown -R opendmarc.opendmarc /etc/opendmarc

Postfix main.cf

vi /etc/postfix/main.cf

# OpenDMARC
milter_default_action = accept
smtpd_milters=unix:/opendkim/opendkim.sock, /opendmarc/opendmarc.sock
non_smtpd_milters=$smtpd_milters

Append DNS record.

# p=none (Trial. Allways received.), p=reject (Production)
# adkim, aspf (r: allow subdomain, s: only domain)
_dmarc TXT "v=DMARC1; p=none; pct=100; adkim=r; aspf=r"