opendmarc - DMARC email policy filter for MTAs
opendmarc [-A] [-c configfile] [-f] [-l] [-n] [-p socketspec] [-P
pidfile] [-t file[,file[...]]] [-u userid[:group]] [-v] [-V]
opendmarc implements the prooposed DMARC specification for
authentication of message and reporting of observed traffic.
opendmarc uses the milter interface, originally distributed as part of
version 8.11 of sendmail(8), to provide a DMARC processing service for
mail transiting a milter-aware MTA.
Most, if not all, of the command line options listed below can also be
set using a configuration file. See the -c option for details.
opendmarc relies on addition of Authentication-Results fields by
upsteam filters on trusted hosts to collect input to the DMARC
algorithm. It does not itself do DKIM or SPF evaluation.
-A Automatically re-start on failures. Use with caution; if the
filter fails instantly after it starts, this can cause a tight
fork(2) loop. This can be mitigated using some values in the
configuration file to limit restarting. See opendmarc.conf(5).
Read the named configuration file. See the opendmarc.conf(5)
man page for details. Values in the configuration file are
overridden when their equivalents are provided on the command
line until a configuration reload occurs. The OPERATION section
describes how reloads are triggered. The default is to read a
configuration file from /etc/opendmarc.conf if one exists, or
otherwise to apply defaults to all values.
-f Normally opendmarc forks and exits immediately, leaving the
service running in the background. This flag suppresses that
behaviour so that it runs in the foreground.
-l Log via calls to syslog(3) any interesting activity.
-n Parse the configuration file and command line arguments,
reporting any errors found, and then exit. The exit value will
be 0 if the filter would start up without complaint, or non-zero
Specifies the socket that should be established by the filter to
receive connections from sendmail(8) in order to provide
service. socketspec is in one of two forms: local:path which
creates a UNIX domain socket at the specified path, or
inet:port[@host] or inet6:port[@host] which creates a TCP socket
on the specified port within the specified protocol family. If
the host is not given as either a hostname or an IP address, the
socket will be listening on all interfaces. If neither socket
type is specified, local is assumed, meaning the parameter is
interpreted as a path at which the socket should be created. If
an IP address is used, it must be enclosed in square brackets.
This parameter is mandatory.
Specifies a file into which the filter should write its process
ID at startup.
Reads email messages from the named files and processes them as
if they were received by the filter. The service is not
started, and actions normally sent back to the MTA will instead
be printed on standard output.
Attempts to be come the specified userid before starting
operations. The process will be assigned all of the groups and
primary group ID of the named userid unless an alternate group
is specified. See the FILE PERMISSIONS section for more
-v Increase verbose output during test mode (see -t above). May be
specified more than once to request increasing amounts of
-V Print the version number and supported canonicalization and
signature algorithms, and then exit without doing anything else.
Upon receiving SIGUSR1, if the filter was started with a configuration
file, it will be re-read and the new values used. Note that any
command line overrides provided at startup time will be lost when this
is done. Also, the following configuration file values (and their
corresponding command line items, if any) are not reloaded through this
process: AutoRestart (-A), AutoRestartCount, AutoRestartRate,
Background, MilterDebug, PidFile (-P), Socket (-p), UMask, UserID (-u).
The filter does not automatically check the configuration file for
changes and reload.
This man page covers version 1.3.0 of opendmarc.
Copyright (c) 2012, The Trusted Domain Project. All rights reserved.
Sendmail Operations Guide
RFC4408 - Sender Policy Framework
RFC5321 - Simple Mail Transfer Protocol
RFC5322 - Internet Messages
RFC5451 - Message Header Field for Indicating Message Authentication
RFC6376 - DomainKeys Identified Mail
RFC6591 - Authentication Failure Reporting Using the Abuse Reporting
The Trusted Domain Project opendmarc(8)