diff options
Diffstat (limited to 'roles/MX/files/etc/opendmarc.conf')
| -rw-r--r-- | roles/MX/files/etc/opendmarc.conf | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/roles/MX/files/etc/opendmarc.conf b/roles/MX/files/etc/opendmarc.conf new file mode 100644 index 0000000..ebbc850 --- /dev/null +++ b/roles/MX/files/etc/opendmarc.conf @@ -0,0 +1,116 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see openmarc.conf(5) and/or +# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample. + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +PublicSuffixList /usr/share/publicsuffix/public_suffix_list.dat + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +RejectFailures false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +Socket local:/run/opendmarc/opendmarc.sock + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +Syslog true + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## SPFIgnoreResults { true | false } +## default "false" +## +## Causes the filter to ignore any SPF results in the header of the message. +## This is useful if you want the filter to perfrom SPF checks itself, or +## because you don't trust the arriving header. +# +SPFIgnoreResults true + +## SPFSelfValidate { true | false } +## default "false" +## +## Causes the filter to perform a fallback SPF check itself when it can +## find no SPF results in the message header. If SPFIgnoreResults is also +## set, it never looks for SPF results in headers and always performs the +## SPF check itself when this is set. +# +SPFSelfValidate true + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +UMask 0007 |