Hello. These are the top lines of my master.cf:
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtp inet n - y - 400 smtpd # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes Submission is not enabled.. what happens if I enable it? What are the changes that I have to do? Regards, RS -----Messaggio originale----- Da: [email protected] [mailto:[email protected]] Per conto di David Bürgin Inviato: lunedì 4 luglio 2022 14:23 A: [email protected] Oggetto: Re: DMARC milter question ATTENZIONE: Questa email ha origine esterna all’organizzazione. Non selezionare link o scaricare allegati, a meno di riconoscere il mittente e di sapere che il contenuto è sicuro. Scappatura Rocco: > I have one postfix server (say, 'myserver.domain.tld') acting as MX for some > domains and as SMTP relay for the SASL authenticated user from the same > domains. > > On that server I have enabled DMARC milter (other than I have set up DKIM, > and it works fine): > > milter_protocol = 2 > milter_default_action = accept > smtpd_milters = inet:localhost:12301,local:opendmarc/opendmarc.sock > non_smtpd_milters = > inet:localhost:12301,local:opendmarc/opendmarc.sock > > But after that, all authenticated user that use 'myserver.domain.tld' as > outgoing mail server (Port TCP25 or TCP465 with SSL), can't send messages > because receive messages like this: > > Jun 8 16:49:59 av6 postfix/cleanup[3049167]: E7A75D6564: > milter-reject: END-OF-MESSAGE from > host-79-3-222-54.business.telecomitalia.it[79.3.222.54]: 5.7.1 > rejected by DMARC policy for inframail.it; from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<DESKTOPT41K2DB> > > This is correct because doesn't satisfy for sure SPF policy.. So I think that > I have to enable DMARC on for incoming email (email destined to domain whose > value of MX record is 'myserver.domain.tld').. > > If I'm right, how I configure DMARC milter in postfix to get this? Otherwise, > how I have to use DMARC to limit SPAM? You can override the smtpd_milters setting from /etc/postfix/main.cf, for example, smtpd_milters = unix:spf/spf-milter.sock unix:opendkim/opendkim.sock unix:openarc/openarc.sock unix:opendmarc/opendmarc.sock unix:spamassassin/spamassassin-milter.sock ... by specifying just a subset of milters for mail submission in /etc/postfix/master.cf, for example: submission inet n - y - - smtpd ... -o smtpd_milters=unix:opendkim/opendkim.sock ...
