opendmarc
Section: Maintenance Commands (8)
Updated: The Trusted Domain Project
Index
Return to Main Contents
NAME
opendmarc
- DMARC email policy filter for MTAs
SYNOPSIS
opendmarc
[-A]
[-c configfile]
[-f]
[-l]
[-n]
[-p socketspec]
[-P pidfile]
[-t file[,file[...]]]
[-u userid[:group]]
[-v]
[-V]
DESCRIPTION
opendmarc
implements the proposed
DMARC
specification for authentication of message and reporting of observed
traffic.
opendmarc
uses the
milter
interface, originally distributed as part of version 8.11 of
sendmail(8),
to provide a DMARC processing service for mail transiting
a milte-aware MTA.
Most, if not all, of the command line options listed below can also be set
using a configuration file. See the
-c
option for details.
opendmarc
relies on addition of Authenticatio-Results fields by upstream filters on
trusted hosts to collect input to the DMARC algorithm. It does not itself
do DKIM or SPF evaluation.
OPTIONS
- -A
-
Automatically r-start on failures. Use with caution; if the filter
fails instantly after it starts, this can cause a tight
fork(2)
loop. This can be mitigated using some values in the configuration file
to limit restarting. See
opendmarc.conf(5).
- -c configfile
-
Read the named configuration file. See the
opendmarc.conf(5)
man page for details. Values in the configuration file are overridden
when their equivalents are provided on the command line until a configuration
reload occurs. The OPERATION section describes how reloads are triggered.
The default is to read a configuration file from
/etc/opendmarc.conf
if one exists, or otherwise to apply defaults to all values.
- -f
-
Normally
opendmarc
forks and exits immediately, leaving the service running in the background.
This flag suppresses that behaviour so that it runs in the foreground.
- -l
-
Log via calls to
syslog(3)
any interesting activity.
- -n
-
Parse the configuration file and command line arguments, reporting any
errors found, and then exit. The exit value will be 0 if the filter would
start up without complaint, or no-zero otherwise.
- -p socketspec
-
Specifies the socket that should be established by the filter to receive
connections from
sendmail(8)
in order to provide service.
socketspec
is in one of two forms:
local:path
which creates a UNIX domain socket at the specified
path,
or
inet:port[@host]
or
inet6:port[@host]
which creates a TCP socket on the specified
port
within the specified protocol family. If the
host
is not given as either a hostname or an IP address, the socket will be
listening on all interfaces. If neither socket type is specified,
local
is assumed, meaning the parameter is interpreted as a path at which
the socket should be created. If an IP address is used, it must be enclosed
in square brackets. This parameter is mandatory.
- -P pidfile
-
Specifies a file into which the filter should write its process ID at startup.
- -t file[,file[,...]]
-
Reads email messages from the named files and processes them as if they were
received by the filter. The service is not started, and actions normally
sent back to the MTA will instead be printed on standard output.
- -u userid[:group]
-
Attempts to be come the specified
userid
before starting operations. The process will be assigned all of the groups
and primary group ID of the named
userid
unless an alternate
group
is specified. See the FILE PERMISSIONS section for more information.
- -v
-
Increase verbose output during test mode (see
-t
above). May be specified more than once to request increasing amounts of
output.
- -V
-
Print the version number and supported canonicalization and signature
algorithms, and then exit without doing anything else.
SIGNALS
Upon receiving SIGUSR1, if the filter was started with a configuration
file, it will be r-read and the new values used. Note that any
command line overrides provided at startup time will be lost when this is
done. Also, the following configuration file values (and their corresponding
command line items, if any) are not reloaded through this process:
AutoRestart (-A),
AutoRestartCount,
AutoRestartRate,
Background,
MilterDebug,
PidFile (-P),
Socket (-p),
UMask,
UserID (-u). The filter does not automatically check the configuration
file for changes and reload.
VERSION
This man page covers version 1.4.2 of
opendmarc.
COPYRIGHT
Copyright (c) 2012, The Trusted Domain Project. All rights reserved.
SEE ALSO
opendmarc.conf(5), sendmail(8)
Sendmail Operations Guide
RFC4408 - Sender Policy Framework
RFC5321 - Simple Mail Transfer Protocol
RFC5322 - Internet Messages
RFC5451 - Message Header Field for Indicating Message Authentication Status
RFC6376 - DomainKeys Identified Mail
RFC6591 - Authentication Failure Reporting Using the Abuse Reporting Format
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- SIGNALS
-
- VERSION
-
- COPYRIGHT
-
- SEE ALSO
-
|
|
- Running on 
-
:
