|Patch: support for DMARC [message #347489]
||Fri, 04 July 2014 21:53
Registered: October 2010
I don't know if this is the right place to post it, but it has come to my attention that there was no single post in the forum about dmarc. If this is not the right place, please, let me know. I have tried to look in irc #dtc-dev but found no one.
I just added basic support for DMARC on dns zones generation. I think it would be interesting to add this to the main branch of dtc, as it looks like it will be the new standard (which I don't see the need as it does the same as dkim and spf and the postmaster@).
Anyway, they set the rules (google, paypal, microsoft...). If you want to send email to them, you have to set up dmarc.
A few links:
* https://dmarcian.com/dmarc-inspector/ - for checking it ( a simple "dig _dmarc.yourdomain.com txt" will do, but this is nice and looking and explains every parameter, though I don't understand their business model, maybe they parse the return xml for you)
* http://engineering.linkedin.com/email/dmarc-new-tool-detect- genuine-emails
* http://www.trusteddomain.org/opendmarc/ - a tool for checking dmarc ourselves as a filter for postfix, etc.
I only have added autogeneration of the dmarc register in the dns zones. I have separated the variables for customization. Maybe this should go into the database, etc, but honestly I do not think that you should mess around very much with that. Automatic generation like the dkim register should be enough.
I have version V0.36.3 R1, I don't know it this changes in newer versions.
This is the patch, I can't include the file (not allowed).
--- gen_named_files.php.orig 2014-07-04 22:15:13.720848457 +0200
+++ gen_named_files.php 2014-07-04 23:05:48.819196177 +0200
@@ -1370,6 +1370,15 @@
$this_site_file .= "$NSRECORDDEFAULT\n";
$this_site_file .= "$NSRECORD\n";
+ // add DMARC support http://www.dmarc.org/
+ // check with https://dmarcian.com/dmarc-inspector
+ $dmarc_policy = "reject"; // none, quarantine, reject
+ $dmarc_email = "postmaster@".$web_name; // email that will receive the reports
+ $dmarc_spf_policy = "s"; //s strict, r relaxed
+ $dmarc_dkim_policy = "s"; //s strict, r relaxed
+ $this_site_file .= "_dmarc IN TXT \"v=DMARC1;adkim=".$dmarc_dkim_policy.";aspf=".$dmarc_spf_policy.";p=".$dmarc_policy.";rua=mailto:".$dmarc_email.";\"\n";
// Add all subdomains to it !
Hope this helps.