- DMARC email policy filter for MTAs
[-A] [-c configfile] [-f] [-l] [-n] [-p socketspec] [-P
pidfile] [-t file[,file[...]]] [-u userid[:group]] [-v] [-V]
implements the proposed DMARC
authentication of message and reporting of observed traffic.
uses the milter
interface, originally distributed as
part of version 8.11 of sendmail(8),
to provide a DMARC processing
service for mail transiting a milter-aware MTA.
Most, if not all, of the command line options listed below can also be set using
a configuration file. See the -c
option for details.
relies on addition of Authentication-Results fields by upsteam
filters on trusted hosts to collect input to the DMARC algorithm. It does not
itself do DKIM or SPF evaluation.
- Automatically re-start on failures. Use with caution; if
the filter fails instantly after it starts, this can cause a tight
fork(2) loop. This can be mitigated using some values in the
configuration file to limit restarting. See opendmarc.conf(5).
- -c configfile
- Read the named configuration file. See the
opendmarc.conf(5) man page for details. Values in the configuration
file are overridden when their equivalents are provided on the command
line until a configuration reload occurs. The OPERATION section describes
how reloads are triggered. The default is to read a configuration file
from /etc/opendmarc.conf if one exists, or otherwise to apply
defaults to all values.
- Normally opendmarc forks and exits immediately,
leaving the service running in the background. This flag suppresses that
behaviour so that it runs in the foreground.
- Log via calls to syslog(3) any interesting
- Parse the configuration file and command line arguments,
reporting any errors found, and then exit. The exit value will be 0 if the
filter would start up without complaint, or non-zero otherwise.
- -p socketspec
- Specifies the socket that should be established by the
filter to receive connections from sendmail(8) in order to provide
service. socketspec is in one of two forms: local:path which
creates a UNIX domain socket at the specified path, or
inet:port[@host] or inet6:port[@host] which creates a TCP
socket on the specified port within the specified protocol family.
If the host is not given as either a hostname or an IP address, the
socket will be listening on all interfaces. If neither socket type is
specified, local is assumed, meaning the parameter is interpreted
as a path at which the socket should be created. If an IP address is used,
it must be enclosed in square brackets. This parameter is mandatory.
- -P pidfile
- Specifies a file into which the filter should write its
process ID at startup.
- -t file[,file[,...]]
- Reads email messages from the named files and processes
them as if they were received by the filter. The service is not started,
and actions normally sent back to the MTA will instead be printed on
- -u userid[:group]
- Attempts to be come the specified userid before
starting operations. The process will be assigned all of the groups and
primary group ID of the named userid unless an alternate
group is specified. See the FILE PERMISSIONS section for more
- Increase verbose output during test mode (see -t
above). May be specified more than once to request increasing amounts of
- Print the version number and supported canonicalization and
signature algorithms, and then exit without doing anything else.
Upon receiving SIGUSR1, if the filter was started with a configuration file, it
will be re-read and the new values used. Note that any command line overrides
provided at startup time will be lost when this is done. Also, the following
configuration file values (and their corresponding command line items, if any)
are not reloaded through this process: AutoRestart (-A), AutoRestartCount,
AutoRestartRate, Background, MilterDebug, PidFile (-P), Socket (-p), UMask,
UserID (-u). The filter does not automatically check the configuration file
for changes and reload.
This man page covers version 1.3.2 of opendmarc.
Copyright (c) 2012, The Trusted Domain Project. All rights reserved.
Sendmail Operations Guide
RFC4408 - Sender Policy Framework
RFC5321 - Simple Mail Transfer Protocol
RFC5322 - Internet Messages
RFC5451 - Message Header Field for Indicating Message Authentication Status
RFC6376 - DomainKeys Identified Mail
RFC6591 - Authentication Failure Reporting Using the Abuse Reporting