Postfix: Installation et prise en main de opendmarc et SPF policy

  • Modifier la source list:

nano /etc/apt/sources.list

Ajouter:

deb http://deb.debian.org/debian jessie-backports main contrib non-free

Puis:

apt-get update

  • Installer opendmarc:

apt-get -t jessie-backports install opendmarc

  • Modifier le fichier /etc/opendmarc.conf

Ajouter:

UserID opendmarc:opendmarc
SoftwareHeader true

HistoryFile /var/log/opendmarc.log

mkdir /var/log/opendmarc.log

chown opendmarc:opendmarc /var/log/opendmarc.log

  • Modifier le fichier /etc/default/opendmarc

Ajouter:

SOCKET="inet:12345" # listen on all interfaces on port 12345

  • Modifier le fichier /etc/postfix/main.cf

Ajouter:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345

  • Installer postfix-policyd-spf

apt-get install postfix-policyd-spf-python

  • Modifier le fichier /etc/postfix/master.cf:

Ajouter:

policy-spf unix – n n – – spawn
user=nobody argv=/usr/bin/policyd-spf

  • Modifier le fichier /etc/postfix/main.cf

Ajouter sous smtpd_recipient_restrictions:

check_policy_service unix:private/policy-spf,

  • Redémarrer les services:

service postfix restart
service opendmarc restart

  • Pour tester opendmarc:

opendmarc-check google.com
DMARC record for google.com:
Sample percentage: 100
DKIM alignment: relaxed
SPF alignment: relaxed
Domain policy: reject
Subdomain policy: unspecified
Aggregate report URIs:
mailto:mailauth-reports@google.com
Forensic report URIs:
(none)

  • Outils pour générer les entrées SPF et Opendmarc

http://forum-informatique.tn/dmarc.php

http://forum-informatique.tn/spf.php