(Reposting something I posted to mailop, apologies for the duplication...but if
you're running milters you're either using Sendmail or Postfix)
All,
I've had some coffee, and done some work on OpenDKIM and OpenDMARC. I believe
I've gotten the "develop" branches of both tools into much better shape, with a
lot of feedback from the community. It's my plan (once I get the Trusted
Domain Project website fixed, waiting on a DNS change), to announce an alpha of
both projects. I've added github CI support, and have greatly reduced the open
issue count and open pr count for both projects, including a number of
autoconf/automake improvements, fixing the reload signal (SIGHUP, previously
this was a kill signal), documentation fixes. and other items.
OpenDKIM was largely a bug-fix and patch release, but with some quality of life
improvements such as better version reporting, Changes:
https://github.com/trusteddomainproject/OpenDKIM/blob/develop/CHANGES-202605.md
If you're able, please look at the bottom of that file to see if there's
something you can help with (LibreSSL, mysql and ldap edge cases, etc).
On OpenDMARC, the DMARC standard just had new RFC's released (RFC9989, RFC9990,
RFC9991; collectively known as DMARCbis). Full DMARCbis compliance is planned
before the next release. The full list of what is needed to get us inline with
DMARCbis is here: https://github.com/trusteddomainproject/OpenDMARC/issues/371
There's been a ton of rework on how the OpenDMARC reporting chain works (making
it cleaner for other DB implementations (Postgres, SQLite -- not included but
contributions welcome), there's other improvements such as: letting the rua log
tool send the forensic reports (so it can do StartTLS with the MTA, use SMTP
Auth, do VERP, etc), wrapping all the reporting into a single "run" script
versus the prior implementation of several loosely coupled cron jobs, full
(prior) RFC compliance in the Aggregate reports, and a bunch more. Changes:
https://github.com/trusteddomainproject/OpenDMARC/blob/develop/CHANGES-202605.md
I'm also considering ripping out OpenDMARC's internal SPF code for the sake of
simplification. LibSPF2 may be in hibernation mode but it's stable and I've
been in touch with the maintainer (Shevek) about any needed changes. A full
comparison of everything that exists in both implementations is here:
https://github.com/trusteddomainproject/OpenDMARC/issues/370
Neither of these are a full alpha (which would come with stable tarballs). In
order to build you'll need to grab it with "git" from the develop branch, and
run the usual autoreconf -fvi; ./configure; make; make install
Dependencies: libmilter, lua, optionally libspf2 and unbound, as well as
OpenSSL. You know all this if you're already a user, but it felt worth a
mention here.
Mailing lists are hopefully back up soon on a new host.
Feedback welcome on the respective githubs (trusteddomainproject/OpenDKIM or
trusteddomainproject/OpenDMARC).
-Dan
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
