{"id":1643,"date":"2023-02-21T20:54:38","date_gmt":"2023-02-21T11:54:38","guid":{"rendered":"https:\/\/www.next-hop.net\/blog\/hiraga\/?p=1643"},"modified":"2026-02-25T05:01:09","modified_gmt":"2026-02-24T20:01:09","slug":"dmarc","status":"publish","type":"post","link":"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/dmarc\/","title":{"rendered":"DMARC\u3092\u5c0e\u5165\u3059\u308b"},"content":{"rendered":"<h2>\u524d\u63d0<\/h2>\n<ul>\n<li>FreeBSD 12.4<\/li>\n<li>DKIM\u5c0e\u5165\u6e08\u307f<\/li>\n<\/ul>\n<h3>Milter\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\npkg install -y opendmarc\r\nsysrc opendmarc_enable=YES\r\nsysrc opendmarc_socketspec=local:\/var\/run\/opendmarc\/socket\r\n<\/pre>\n<h4>\/usr\/local\/etc\/mail\/opendmarc.conf<\/h4>\n<pre class=\"brush: diff; title: ; notranslate\" title=\"\">\r\n--- opendmarc.conf.sample       2024-01-16 04:50:56.000000000 +0900\r\n+++ opendmarc.conf      2024-02-20 15:15:37.950471878 +0900\r\n@@ -25,7 +25,7 @@\r\n ##  provided, the name of the host running the filter (as returned by the\r\n ##  gethostname(3) function) will be used.\r\n #\r\n-# AuthservID name\r\n+AuthservID mail.example.net\r\n\r\n ##  AuthservIDWithJobID { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -127,7 +127,7 @@\r\n ##  This list will be concatenated with DomainWhitelist (if provided).\r\n ##\r\n #\r\n-# DomainWhitelistFile \/usr\/local\/etc\/opendmarc\/whitelist.domains\r\n+DomainWhitelistFile \/usr\/local\/etc\/mail\/opendmarc-whitelist.domains\r\n\r\n ##  DomainWhitelistSize\r\n ##     default 3000\r\n@@ -166,7 +166,7 @@\r\n ##  purported sender of the message has requested such reports.  Reports are\r\n ##  formatted per RFC6591.\r\n #\r\n-# FailureReports false\r\n+FailureReports true\r\n\r\n ##  FailureReportsBcc (string)\r\n ##     default (none)\r\n@@ -177,7 +177,7 @@\r\n ##  If no request is made, they address(es) are used in a To: field.  There\r\n ##  is no default.\r\n #\r\n-# FailureReportsBcc postmaster@example.coom\r\n+FailureReportsBcc postmaster@example.net\r\n\r\n ##  FailureReportsOnNone { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -198,7 +198,7 @@\r\n ##  email address.  &quot;postmaster&quot; is used in place of the userid if a name\r\n ##  could not be determined.\r\n #\r\n-# FailureReportsSentBy USER@HOSTNAME\r\n+FailureReportsSentBy noreply-dmarc-report@example.net\r\n\r\n ##  HistoryFile path\r\n ##     default (none)\r\n@@ -211,7 +211,7 @@\r\n ##  rather periodically imported into a relational database from which the\r\n ##  aggregate reports can be extracted by a tool such as opendmarc-import(8).\r\n #\r\n-# HistoryFile \/var\/run\/opendmarc.dat\r\n+HistoryFile \/var\/run\/opendmarc\/opendmarc.dat\r\n\r\n ##  HoldQuarantinedMessages { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -232,7 +232,7 @@\r\n ##  If set, causes mail from authenticated clients (i.e., those that used\r\n ##  SMTP AUTH) to be ignored by the filter.\r\n #\r\n-# IgnoreAuthenticatedClients false\r\n+IgnoreAuthenticatedClients true\r\n\r\n ## HoldQuarantinedMessages { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -256,7 +256,7 @@\r\n ##  connections are to be ignored by the filter.  If not specified, defaults\r\n ##  to &quot;127.0.0.1&quot; only.\r\n #\r\n-# IgnoreHosts \/usr\/local\/etc\/opendmarc\/ignore.hosts\r\n+IgnoreHosts \/usr\/local\/etc\/mail\/opendmarc-ignore.hosts\r\n\r\n ##  IgnoreMailFrom domain&#x5B;,...]\r\n ##     default (none)\r\n@@ -281,7 +281,7 @@\r\n ##  Specifies the path to a file that should be created at process start\r\n ##  containing the process ID.\r\n #\r\n-# PidFile \/var\/run\/opendmarc.pid\r\n+PidFile \/var\/run\/opendmarc\/pid\r\n\r\n ##  PublicSuffixList path\r\n ##     default (none)\r\n@@ -315,7 +315,7 @@\r\n ##  evaluation of the message.  Instead, an Authentication-Results header\r\n ##  field will be added.\r\n #\r\n-# RejectFailures false\r\n+RejectFailures true\r\n\r\n ##  RejectMultiValueFrom { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -358,7 +358,7 @@\r\n ##  either in the configuration file or on the command line.  If an IP\r\n ##  address is used, it must be enclosed in square brackets.\r\n #\r\n-# Socket inet:8893@localhost\r\n+Socket local:\/var\/run\/opendmarc\/socket\r\n\r\n ##  SoftwareHeader { true | false }\r\n ##     default &quot;false&quot;\r\n@@ -377,7 +377,7 @@\r\n ##  message.  This is useful if you want the filter to perform SPF checks\r\n ##  itself, or because you don&#039;t trust the arriving header.\r\n #\r\n-# SPFIgnoreResults false\r\n+SPFIgnoreResults true\r\n\r\n ##  SPFSelfValidate { true | false }\r\n ##     default false\r\n@@ -390,14 +390,14 @@\r\n ##  is also set, it never looks for SPF results in headers and\r\n ##  always performs the SPF check itself when this is set.\r\n #\r\n-# SPFSelfValidate false\r\n+SPFSelfValidate true\r\n\r\n ##  Syslog { true | false }\r\n ##     default &quot;false&quot;\r\n ##\r\n ##  Log via calls to syslog(3) any interesting activity.\r\n #\r\n-# Syslog false\r\n+Syslog true\r\n\r\n ##  SyslogFacility facility-name\r\n ##     default &quot;mail&quot;\r\n@@ -416,7 +416,7 @@\r\n ##  with a comma.  The key word &quot;HOSTNAME&quot; will be replaced by the name of\r\n ##  the host running the filter as reported by the gethostname(3) function.\r\n #\r\n-# TrustedAuthservIDs HOSTNAME\r\n+TrustedAuthservIDs mail.example.net,mail2.example.net\r\n\r\n ##  UMask mask\r\n ##     default (none)\r\n@@ -437,4 +437,4 @@\r\n ##  The process will be assigned all of the groups and primary group ID of\r\n ##  the named userid unless an alternate group is specified.\r\n #\r\n-# UserID opendmarc\r\n+UserID mailnull:mailnul\r\n<\/pre>\n<h4>\/usr\/local\/etc\/mail\/opendmarc-ignore.hosts<\/h4>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n127.0.0.1\r\n::1\r\n192.168.1.0\/24\r\n2001:db8:1::\/64\r\n<\/pre>\n<h4>\/usr\/local\/etc\/mail\/opendmarc-whitelist.domains<\/h4>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nexample.com\r\nmail.example.com\r\n<\/pre>\n<h3>Sendmail\u306e\u8a2d\u5b9a<\/h3>\n<h4>\/etc\/mail\/sendmail.cf<\/h4>\n<pre class=\"brush: diff; title: ; notranslate\" title=\"\">\r\n+ O InputMailFilters=dkim-milter, dmarc-milter\r\n+ Xdmarc-milter, S=local:\/var\/run\/opendmarc\/socket, F=T, T=R:2m\r\n<\/pre>\n<h3>DNS\u306e\u8a2d\u5b9a<\/h3>\n<h4>\/usr\/local\/etc\/namedb\/primary\/example.com.zone<\/h4>\n<pre class=\"brush: diff; title: ; notranslate\" title=\"\">\r\n+ _dmarc          3600    IN      TXT     &quot;v=DMARC1; p=reject; pct=100; adkim=s; aspf=r; ruf=mailto:ruf@example.com; rua=mailto:rua@example.com&quot;\r\n+ _dmarc.mail     3600    IN      TXT     &quot;v=DMARC1; p=reject; pct=100; adkim=s; aspf=r; ruf=mailto:ruf@example.com; rua=mailto:rua@example.com&quot;\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u524d\u63d0 FreeBSD 12.4 DKIM\u5c0e\u5165\u6e08\u307f Milter\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb pkg install -y opendmarc sysrc opendmarc_enable=YES sysrc opendmarc_soc\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/dmarc\/\">\u7d9a\u304d\u3092\u8aad\u3080 &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1643","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1643"}],"collection":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/comments?post=1643"}],"version-history":[{"count":22,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1643\/revisions"}],"predecessor-version":[{"id":3141,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1643\/revisions\/3141"}],"wp:attachment":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/media?parent=1643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/categories?post=1643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/tags?post=1643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}