前提
Milterのインストール
pkg install -y opendmarc
sysrc opendmarc_enable=YES
sysrc opendmarc_socketspec=local:/var/run/opendmarc/socket
/usr/local/etc/mail/opendmarc.conf
--- opendmarc.conf.sample 2022-04-07 23:51:15.000000000 +0900
+++ opendmarc.conf 2023-02-24 01:43:31.524053000 +0900
@@ -26,6 +26,7 @@
## gethostname(3) function) will be used.
#
# AuthservID name
+AuthservID HOSTNAME
## AuthservIDWithJobID { true | false }
## default "false"
@@ -128,6 +129,7 @@
##
#
# DomainWhitelistFile /usr/local/etc/opendmarc/whitelist.domains
+DomainWhitelistFile /usr/local/etc/mail/opendmarc-whitelist.domains
## DomainWhitelistSize
## default 3000
@@ -167,6 +169,7 @@
## formatted per RFC6591.
#
# FailureReports false
+FailureReports true
## FailureReportsBcc (string)
## default (none)
@@ -178,6 +181,7 @@
## is no default.
#
# FailureReportsBcc postmaster@example.coom
+FailureReportsBcc postmaster@example.com
## FailureReportsOnNone { true | false }
## default "false"
@@ -199,6 +203,7 @@
## could not be determined.
#
# FailureReportsSentBy USER@HOSTNAME
+FailureReportsSentBy noreply-dmarc-report@example.com
## HistoryFile path
## default (none)
@@ -233,6 +238,7 @@
## SMTP AUTH) to be ignored by the filter.
#
# IgnoreAuthenticatedClients false
+IgnoreAuthenticatedClients true
## HoldQuarantinedMessages { true | false }
## default "false"
@@ -257,6 +263,7 @@
## to "127.0.0.1" only.
#
# IgnoreHosts /usr/local/etc/opendmarc/ignore.hosts
+IgnoreHosts /usr/local/etc/mail/opendmarc-ignore.hosts
## IgnoreMailFrom domain[,...]
## default (none)
@@ -315,6 +322,7 @@
## field will be added.
#
# RejectFailures false
+RejectFailures true
## RejectMultiValueFrom { true | false }
## default "false"
@@ -377,6 +385,7 @@
## itself, or because you don't trust the arriving header.
#
# SPFIgnoreResults false
+SPFIgnoreResults true
## SPFSelfValidate { true | false }
## default false
@@ -390,6 +399,7 @@
## always performs the SPF check itself when this is set.
#
# SPFSelfValidate false
+SPFSelfValidate true
## Syslog { true | false }
## default "false"
/usr/local/etc/mail/opendmarc-ignore.hosts
127.0.0.1
::1
192.168.1.0/24
2001:db8:1::/64
Sendmailの設定
/etc/mail/sendmail.cf
+ O InputMailFilters=dkim-milter, dmarc-milter
+ Xdmarc-milter, S=local:/var/run/opendmarc/socket, F=T, T=R:2m
DNSの設定
/usr/local/etc/namedb/primary/example.com.zone
+ _dmarc 3600 IN TXT "v=DMARC1; p=reject; pct=100; adkim=s; aspf=r; ruf=mailto:ruf@example.com; rua=mailto:rua@example.com"