前提
- OS: FreeBSD
- MTA: Sendmail
- OpenDKIM稼働済み
Milterのインストール
pkg install -y openarc
sysrc milteropenarc_enable=YES
/usr/local/etc/mail/openarc.conf
--- /usr/local/share/doc/openarc/openarc.conf.sample 2026-02-04 13:39:15.000000000 +0900
+++ openarc.conf 2026-02-25 14:46:25.758365392 +0900
@@ -13,7 +13,7 @@
## Defines the "authserv-id" token to be used when generating
## Authentication-Results headers after message verification.
-# AuthservID example.com
+AuthservID mail.example.net
## AutoRestart { yes | no }
## default "no"
@@ -54,7 +54,7 @@
## operation. Thus, cores will be dumped here and configuration files
## are read relative to this location.
-# BaseDirectory /var/run/opendkim
+BaseDirectory /var/run/milteropendkim
## Canonicalization hdrcanon[/bodycanon]
## default "simple/simple"
@@ -63,7 +63,7 @@
## omitted, "simple" is used. Valid values for each are "simple" and
## "relaxed".
-# Canonicalization simple/simple
+Canonicalization relaxed/relaxed
## ChangeRootDirectory directory
##
@@ -77,7 +77,7 @@
## Specify the domain to use when generating ARC header fields. Must
## be specified for signing.
-Domain example.com
+Domain example.net
## EnableCoredumps { yes | no }
## default "no"
@@ -121,7 +121,7 @@
## SigningTable and KeyTable are used. No default; must be specified for
## signing if SigningTable/KeyTable are not in use.
-KeyFile /var/db/dkim/example.private
+KeyFile /var/db/dkim/mail.private
## FinalReceiver { yes | no }
## default "no"
@@ -129,7 +129,7 @@
## If set, causes this filter to pass chain signatory information downstream for
## local policy evaluation in the event of an authentication failure.
-FinalReceiver { yes | no }
+FinalReceiver yes
## MaximumHeaders n
##
@@ -157,7 +157,7 @@
## InternalHosts list; connections from internal hosts will be assigned to
## signing mode, and all others will be assigned to verify mode.
-# Mode sv
+Mode sv
## OversignHeaders (string)
## default (none)
@@ -175,7 +175,7 @@
## or domain names whose mail should be neither signed nor verified by this
## filter. See man page for file format.
-# PeerList filename
+PeerList /usr/local/etc/mail/PeerList
## PidFile filename
## default (none)
@@ -183,7 +183,7 @@
## Name of the file where the filter should write its pid before beginning
## normal operations.
-# PidFile filename
+PidFile /var/run/milteropenarc/pid
## SealHeaderChecks filename
## default (none)
@@ -207,7 +207,7 @@
## The name of the selector to use when signing. No default; must be
## specified for signing.
-Selector my-selector-name
+Selector mail
## SignatureAlgorithm signalg
## default "rsa-sha256"
@@ -235,7 +235,7 @@
## inet:port to listen on all interfaces
## local:/path/to/socket to listen on a UNIX domain socket
-Socket inet:port@localhost
+Socket local:/var/run/milteropenarc/socket
## SoftwareHeader { yes | no }
## default "no"
@@ -277,4 +277,4 @@
## Change to user "userid" before starting normal operation? May include
## a group ID as well, separated from the userid by a colon.
-# UserID userid
+UserID mailnull:mailnull
Sendmailの設定
/etc/mail/sendmail.cf
- O InputMailFilters=dkim-milter, dmarc-milter
+ O InputMailFilters=dkim-milter, arc-milter, dmarc-milter
+ Xarc-milter, S=local:/var/run/milteropenarc/socket, F=T, T=R:2m
参考
