CentOS 7にOpenDMARCをインストール

前回、DNSにDMARCレコードを追加しましたが、今回は自社メールサーバにOpenDMARCをインストールしてみました。

DNSにDMARCレコードを登録

OpenDMARC – Trusted Domain Project
http://www.trusteddomain.org/opendmarc/

インストールについては下記のサイトを参考に作業をしただけです(^^;
Installing OpenDMARC RPM via Yum with Postfix or Sendmail (for RHEL / CentOS / Fedora)
https://www.stevejenkins.com/blog/2015/03/installing-opendmarc-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/

環境
・CentOS Linux release 7.8.2003 (Core)
・Kernel 3.10.0-1127.19.1.el7.x86_64
・postfix-2.10.1-9

1. OpenDMARCのインストール
Shell

[root@centos7 ~]# yum info opendmarc Available Packages Name : opendmarc Arch : x86_64 Version : 1.3.2 Release : 1.el7 Size : 94 k Repo : epel/x86_64 Summary : A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and : library URL : http://www.trusteddomain.org/opendmarc.html License : BSD and Sendmail Description : OpenDMARC (Domain-based Message Authentication, Reporting & Conformance) : provides an open source library that implements the DMARC verification : service plus a milter-based filter application that can plug in to any : milter-aware MTA, including sendmail, Postfix, or any other MTA that supports : the milter protocol. : : The DMARC sender authentication system is still a draft standard, working : towards RFC status. : : The database schema required for some functions is provided in : /usr/share/opendmarc/db. The rddmarc tools are provided in : /usr/share/opendmarc/contrib/rddmarc. [root@centos7 ~]# yum install opendmarc Resolving Dependencies --> Running transaction check ---> Package opendmarc.x86_64 0:1.3.2-1.el7 will be installed --> Processing Dependency: libopendmarc(x86-64) = 1.3.2-1.el7 for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: perl(HTTP::Request) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: perl(Switch) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: libopendmarc.so.2()(64bit) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: libspf2.so.2()(64bit) for package: opendmarc-1.3.2-1.el7.x86_64 --> Running transaction check ---> Package libopendmarc.x86_64 0:1.3.2-1.el7 will be installed ---> Package libspf2.x86_64 0:1.2.10-5.20150405gitd57d79fd.el7 will be installed ---> Package perl-HTTP-Message.noarch 0:6.06-6.el7 will be installed --> Processing Dependency: perl(LWP::MediaTypes) >= 6 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(HTTP::Date) >= 6 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(Encode::Locale) >= 1 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(IO::HTML) for package: perl-HTTP-Message-6.06-6.el7.noarch ---> Package perl-Switch.noarch 0:2.16-7.el7 will be installed --> Running transaction check ---> Package perl-Encode-Locale.noarch 0:1.03-5.el7 will be installed ---> Package perl-HTTP-Date.noarch 0:6.02-8.el7 will be installed --> Processing Dependency: perl(Time::Zone) for package: perl-HTTP-Date-6.02-8.el7.noarch ---> Package perl-IO-HTML.noarch 0:1.00-2.el7 will be installed ---> Package perl-LWP-MediaTypes.noarch 0:6.02-2.el7 will be installed --> Running transaction check ---> Package perl-TimeDate.noarch 1:2.30-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: opendmarc x86_64 1.3.2-1.el7 epel 94 k Installing for dependencies: libopendmarc x86_64 1.3.2-1.el7 epel 30 k libspf2 x86_64 1.2.10-5.20150405gitd57d79fd.el7 epel 66 k perl-Encode-Locale noarch 1.03-5.el7 base 16 k perl-HTTP-Date noarch 6.02-8.el7 base 14 k perl-HTTP-Message noarch 6.06-6.el7 base 82 k perl-IO-HTML noarch 1.00-2.el7 base 23 k perl-LWP-MediaTypes noarch 6.02-2.el7 base 24 k perl-Switch noarch 2.16-7.el7 base 22 k perl-TimeDate noarch 1:2.30-2.el7 base 52 k Transaction Summary ==================================================================================================== Install 1 Package (+9 Dependent packages) Total download size: 422 k Installed size: 856 k Is this ok [y/d/N]: y Downloading packages: (1/10): libopendmarc-1.3.2-1.el7.x86_64.rpm | 30 kB 00:00:00 (2/10): libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64.rpm | 66 kB 00:00:00 (3/10): perl-Encode-Locale-1.03-5.el7.noarch.rpm | 16 kB 00:00:00 (4/10): opendmarc-1.3.2-1.el7.x86_64.rpm | 94 kB 00:00:00 (5/10): perl-LWP-MediaTypes-6.02-2.el7.noarch.rpm | 24 kB 00:00:00 (6/10): perl-HTTP-Message-6.06-6.el7.noarch.rpm | 82 kB 00:00:00 (7/10): perl-Switch-2.16-7.el7.noarch.rpm | 22 kB 00:00:00 (8/10): perl-TimeDate-2.30-2.el7.noarch.rpm | 52 kB 00:00:00 (9/10): perl-HTTP-Date-6.02-8.el7.noarch.rpm | 14 kB 00:00:01 (10/10): perl-IO-HTML-1.00-2.el7.noarch.rpm | 23 kB 00:00:01 ---------------------------------------------------------------------------------------------------- Total 169 kB/s | 422 kB 00:00:02 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64 1/10 Installing : libopendmarc-1.3.2-1.el7.x86_64 2/10 Installing : 1:perl-TimeDate-2.30-2.el7.noarch 3/10 Installing : perl-HTTP-Date-6.02-8.el7.noarch 4/10 Installing : perl-IO-HTML-1.00-2.el7.noarch 5/10 Installing : perl-LWP-MediaTypes-6.02-2.el7.noarch 6/10 Installing : perl-Encode-Locale-1.03-5.el7.noarch 7/10 Installing : perl-HTTP-Message-6.06-6.el7.noarch 8/10 Installing : perl-Switch-2.16-7.el7.noarch 9/10 Installing : opendmarc-1.3.2-1.el7.x86_64 10/10 Verifying : libopendmarc-1.3.2-1.el7.x86_64 1/10 Verifying : opendmarc-1.3.2-1.el7.x86_64 2/10 Verifying : perl-Switch-2.16-7.el7.noarch 3/10 Verifying : libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64 4/10 Verifying : perl-HTTP-Date-6.02-8.el7.noarch 5/10 Verifying : perl-HTTP-Message-6.06-6.el7.noarch 6/10 Verifying : perl-Encode-Locale-1.03-5.el7.noarch 7/10 Verifying : perl-LWP-MediaTypes-6.02-2.el7.noarch 8/10 Verifying : perl-IO-HTML-1.00-2.el7.noarch 9/10 Verifying : 1:perl-TimeDate-2.30-2.el7.noarch 10/10 Installed: opendmarc.x86_64 0:1.3.2-1.el7 Dependency Installed: libopendmarc.x86_64 0:1.3.2-1.el7 libspf2.x86_64 0:1.2.10-5.20150405gitd57d79fd.el7 perl-Encode-Locale.noarch 0:1.03-5.el7 perl-HTTP-Date.noarch 0:6.02-8.el7 perl-HTTP-Message.noarch 0:6.06-6.el7 perl-IO-HTML.noarch 0:1.00-2.el7 perl-LWP-MediaTypes.noarch 0:6.02-2.el7 perl-Switch.noarch 0:2.16-7.el7 perl-TimeDate.noarch 1:2.30-2.el7 Complete! [root@centos7 ~]# repoquery --list opendmarc /etc/opendmarc /etc/opendmarc.conf /etc/sysconfig/opendmarc /etc/tmpfiles.d/opendmarc.conf /usr/lib/systemd/system/opendmarc.service /usr/sbin/opendmarc /usr/sbin/opendmarc-check /usr/sbin/opendmarc-expire /usr/sbin/opendmarc-import /usr/sbin/opendmarc-importstats /usr/sbin/opendmarc-params /usr/sbin/opendmarc-reports /usr/share/doc/opendmarc-1.3.2 /usr/share/doc/opendmarc-1.3.2/README /usr/share/doc/opendmarc-1.3.2/RELEASE_NOTES /usr/share/licenses/opendmarc-1.3.2 /usr/share/licenses/opendmarc-1.3.2/LICENSE /usr/share/licenses/opendmarc-1.3.2/LICENSE.Sendmail /usr/share/man/man5/opendmarc.conf.5.gz /usr/share/man/man8/opendmarc-check.8.gz /usr/share/man/man8/opendmarc-expire.8.gz /usr/share/man/man8/opendmarc-import.8.gz /usr/share/man/man8/opendmarc-importstats.8.gz /usr/share/man/man8/opendmarc-params.8.gz /usr/share/man/man8/opendmarc-reports.8.gz /usr/share/man/man8/opendmarc.8.gz /usr/share/opendmarc /usr/share/opendmarc/contrib /usr/share/opendmarc/contrib/rddmarc /usr/share/opendmarc/contrib/rddmarc/README.rddmarc /usr/share/opendmarc/contrib/rddmarc/dmarcfail.py /usr/share/opendmarc/contrib/rddmarc/dmarcfail.pyc /usr/share/opendmarc/contrib/rddmarc/dmarcfail.pyo /usr/share/opendmarc/contrib/rddmarc/mkdmarc /usr/share/opendmarc/contrib/rddmarc/mysql_ip6.c /usr/share/opendmarc/contrib/rddmarc/rddmarc /usr/share/opendmarc/db /usr/share/opendmarc/db/README.schema /usr/share/opendmarc/db/README.update-db-schema.mysql /usr/share/opendmarc/db/schema.mysql /usr/share/opendmarc/db/update-db-schema.mysql /var/run/opendmarc /var/spool/opendmarc

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171

[root@centos7 ~]# yum info opendmarc Available Packages Name        : opendmarc Arch        : x86_64 Version     : 1.3.2 Release     : 1.el7 Size        : 94 k Repo        : epel/x86_64 Summary     : A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and             : library URL         : http://www.trusteddomain.org/opendmarc.html License     : BSD and Sendmail Description : OpenDMARC (Domain-based Message Authentication, Reporting & Conformance)             : provides an open source library that implements the DMARC verification             : service plus a milter-based filter application that can plug in to any             : milter-aware MTA, including sendmail, Postfix, or any other MTA that supports             : the milter protocol.             :             : The DMARC sender authentication system is still a draft standard, working             : towards RFC status.             :             : The database schema required for some functions is provided in             : /usr/share/opendmarc/db. The rddmarc tools are provided in             : /usr/share/opendmarc/contrib/rddmarc.   [root@centos7 ~]# yum install opendmarc Resolving Dependencies --> Running transaction check ---> Package opendmarc.x86_64 0:1.3.2-1.el7 will be installed --> Processing Dependency: libopendmarc(x86-64) = 1.3.2-1.el7 for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: perl(HTTP::Request) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: perl(Switch) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: libopendmarc.so.2()(64bit) for package: opendmarc-1.3.2-1.el7.x86_64 --> Processing Dependency: libspf2.so.2()(64bit) for package: opendmarc-1.3.2-1.el7.x86_64 --> Running transaction check ---> Package libopendmarc.x86_64 0:1.3.2-1.el7 will be installed ---> Package libspf2.x86_64 0:1.2.10-5.20150405gitd57d79fd.el7 will be installed ---> Package perl-HTTP-Message.noarch 0:6.06-6.el7 will be installed --> Processing Dependency: perl(LWP::MediaTypes) >= 6 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(HTTP::Date) >= 6 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(Encode::Locale) >= 1 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(IO::HTML) for package: perl-HTTP-Message-6.06-6.el7.noarch ---> Package perl-Switch.noarch 0:2.16-7.el7 will be installed --> Running transaction check ---> Package perl-Encode-Locale.noarch 0:1.03-5.el7 will be installed ---> Package perl-HTTP-Date.noarch 0:6.02-8.el7 will be installed --> Processing Dependency: perl(Time::Zone) for package: perl-HTTP-Date-6.02-8.el7.noarch ---> Package perl-IO-HTML.noarch 0:1.00-2.el7 will be installed ---> Package perl-LWP-MediaTypes.noarch 0:6.02-2.el7 will be installed --> Running transaction check ---> Package perl-TimeDate.noarch 1:2.30-2.el7 will be installed --> Finished Dependency Resolution   Dependencies Resolved   ==================================================================================================== Package                    Arch          Version                                 Repository   Size ==================================================================================================== Installing: opendmarc                  x86_64        1.3.2-1.el7                             epel         94 k Installing for dependencies: libopendmarc               x86_64        1.3.2-1.el7                             epel         30 k libspf2                    x86_64        1.2.10-5.20150405gitd57d79fd.el7        epel         66 k perl-Encode-Locale         noarch        1.03-5.el7                              base         16 k perl-HTTP-Date             noarch        6.02-8.el7                              base         14 k perl-HTTP-Message          noarch        6.06-6.el7                              base         82 k perl-IO-HTML               noarch        1.00-2.el7                              base         23 k perl-LWP-MediaTypes        noarch        6.02-2.el7                              base         24 k perl-Switch                noarch        2.16-7.el7                              base         22 k perl-TimeDate              noarch        1:2.30-2.el7                            base         52 k   Transaction Summary ==================================================================================================== Install  1 Package (+9 Dependent packages)   Total download size: 422 k Installed size: 856 k Is this ok [y/d/N]: y Downloading packages: (1/10): libopendmarc-1.3.2-1.el7.x86_64.rpm                                  |  30 kB  00:00:00 (2/10): libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64.rpm                  |  66 kB  00:00:00 (3/10): perl-Encode-Locale-1.03-5.el7.noarch.rpm                             |  16 kB  00:00:00 (4/10): opendmarc-1.3.2-1.el7.x86_64.rpm                                     |  94 kB  00:00:00 (5/10): perl-LWP-MediaTypes-6.02-2.el7.noarch.rpm                            |  24 kB  00:00:00 (6/10): perl-HTTP-Message-6.06-6.el7.noarch.rpm                              |  82 kB  00:00:00 (7/10): perl-Switch-2.16-7.el7.noarch.rpm                                    |  22 kB  00:00:00 (8/10): perl-TimeDate-2.30-2.el7.noarch.rpm                                  |  52 kB  00:00:00 (9/10): perl-HTTP-Date-6.02-8.el7.noarch.rpm                                 |  14 kB  00:00:01 (10/10): perl-IO-HTML-1.00-2.el7.noarch.rpm                                  |  23 kB  00:00:01 ---------------------------------------------------------------------------------------------------- Total                                                               169 kB/s | 422 kB  00:00:02 Running transaction check Running transaction test Transaction test succeeded Running transaction   Installing : libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64                                 1/10   Installing : libopendmarc-1.3.2-1.el7.x86_64                                                 2/10   Installing : 1:perl-TimeDate-2.30-2.el7.noarch                                               3/10   Installing : perl-HTTP-Date-6.02-8.el7.noarch                                                4/10   Installing : perl-IO-HTML-1.00-2.el7.noarch                                                  5/10   Installing : perl-LWP-MediaTypes-6.02-2.el7.noarch                                           6/10   Installing : perl-Encode-Locale-1.03-5.el7.noarch                                            7/10   Installing : perl-HTTP-Message-6.06-6.el7.noarch                                             8/10   Installing : perl-Switch-2.16-7.el7.noarch                                                   9/10   Installing : opendmarc-1.3.2-1.el7.x86_64                                                   10/10   Verifying  : libopendmarc-1.3.2-1.el7.x86_64                                                 1/10   Verifying  : opendmarc-1.3.2-1.el7.x86_64                                                    2/10   Verifying  : perl-Switch-2.16-7.el7.noarch                                                   3/10   Verifying  : libspf2-1.2.10-5.20150405gitd57d79fd.el7.x86_64                                 4/10   Verifying  : perl-HTTP-Date-6.02-8.el7.noarch                                                5/10   Verifying  : perl-HTTP-Message-6.06-6.el7.noarch                                             6/10   Verifying  : perl-Encode-Locale-1.03-5.el7.noarch                                            7/10   Verifying  : perl-LWP-MediaTypes-6.02-2.el7.noarch                                           8/10   Verifying  : perl-IO-HTML-1.00-2.el7.noarch                                                  9/10   Verifying  : 1:perl-TimeDate-2.30-2.el7.noarch                                              10/10   Installed:   opendmarc.x86_64 0:1.3.2-1.el7   Dependency Installed:   libopendmarc.x86_64 0:1.3.2-1.el7           libspf2.x86_64 0:1.2.10-5.20150405gitd57d79fd.el7   perl-Encode-Locale.noarch 0:1.03-5.el7      perl-HTTP-Date.noarch 0:6.02-8.el7   perl-HTTP-Message.noarch 0:6.06-6.el7       perl-IO-HTML.noarch 0:1.00-2.el7   perl-LWP-MediaTypes.noarch 0:6.02-2.el7     perl-Switch.noarch 0:2.16-7.el7   perl-TimeDate.noarch 1:2.30-2.el7   Complete! [root@centos7 ~]# repoquery --list opendmarc /etc/opendmarc /etc/opendmarc.conf /etc/sysconfig/opendmarc /etc/tmpfiles.d/opendmarc.conf /usr/lib/systemd/system/opendmarc.service /usr/sbin/opendmarc /usr/sbin/opendmarc-check /usr/sbin/opendmarc-expire /usr/sbin/opendmarc-import /usr/sbin/opendmarc-importstats /usr/sbin/opendmarc-params /usr/sbin/opendmarc-reports /usr/share/doc/opendmarc-1.3.2 /usr/share/doc/opendmarc-1.3.2/README /usr/share/doc/opendmarc-1.3.2/RELEASE_NOTES /usr/share/licenses/opendmarc-1.3.2 /usr/share/licenses/opendmarc-1.3.2/LICENSE /usr/share/licenses/opendmarc-1.3.2/LICENSE.Sendmail /usr/share/man/man5/opendmarc.conf.5.gz /usr/share/man/man8/opendmarc-check.8.gz /usr/share/man/man8/opendmarc-expire.8.gz /usr/share/man/man8/opendmarc-import.8.gz /usr/share/man/man8/opendmarc-importstats.8.gz /usr/share/man/man8/opendmarc-params.8.gz /usr/share/man/man8/opendmarc-reports.8.gz /usr/share/man/man8/opendmarc.8.gz /usr/share/opendmarc /usr/share/opendmarc/contrib /usr/share/opendmarc/contrib/rddmarc /usr/share/opendmarc/contrib/rddmarc/README.rddmarc /usr/share/opendmarc/contrib/rddmarc/dmarcfail.py /usr/share/opendmarc/contrib/rddmarc/dmarcfail.pyc /usr/share/opendmarc/contrib/rddmarc/dmarcfail.pyo /usr/share/opendmarc/contrib/rddmarc/mkdmarc /usr/share/opendmarc/contrib/rddmarc/mysql_ip6.c /usr/share/opendmarc/contrib/rddmarc/rddmarc /usr/share/opendmarc/db /usr/share/opendmarc/db/README.schema /usr/share/opendmarc/db/README.update-db-schema.mysql /usr/share/opendmarc/db/schema.mysql /usr/share/opendmarc/db/update-db-schema.mysql /var/run/opendmarc /var/spool/opendmarc

2. /etc/opendmarc.confの編集

AuthservID nameをAuthservID HOSTNAMEに変更しました。

/etc/opendmarc.conf

AuthservID HOSTNAME

1	AuthservID HOSTNAME

3. /etc/postfix/main.cfの編集

OpenDKIMがすでに設定してあるので、その後ろに追加します。

/etc/postfix/main.cf

Shell

# opendkim 2017.05.08/ opendmarc 2020.09.01 smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893 non_smtpd_milters = $smtpd_milters milter_default_action = accept

1 2 3 4

# opendkim 2017.05.08/ opendmarc 2020.09.01 smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893 non_smtpd_milters = $smtpd_milters milter_default_action = accept

4. opendmarcの起動
Shell

[root@centos7 ~]# systemctl start opendmarc [root@centos7 ~]# systemctl status opendmarc * opendmarc.service - Domain-based Message Authentication, Reporting & Conformance (DMARC) Milter Loaded: loaded (/usr/lib/systemd/system/opendmarc.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2020-09-01 17:24:38 JST; 6s ago Docs: man:opendmarc(8) man:opendmarc.conf(5) man:opendmarc-import(8) man:opendmarc-reports(8) http://www.trusteddomain.org/opendmarc/ Process: 8042 ExecStart=/usr/sbin/opendmarc $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 8043 (opendmarc) CGroup: /system.slice/opendmarc.service `-8043 /usr/sbin/opendmarc -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid Sep 01 17:24:38 centos7.rootlinks.net systemd[1]: Starting Domain-based Message Authentication, Rep...... Sep 01 17:24:38 centos7.rootlinks.net opendmarc[8043]: OpenDMARC Filter v1.3.2 starting (args: -c /e...d) Sep 01 17:24:38 centos7.rootlinks.net opendmarc[8043]: additional trusted authentication services: n...et Sep 01 17:24:38 centos7.rootlinks.net systemd[1]: Started Domain-based Message Authentication, Repo...er. Hint: Some lines were ellipsized, use -l to show in full.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[root@centos7 ~]# systemctl start opendmarc [root@centos7 ~]# systemctl status opendmarc * opendmarc.service - Domain-based Message Authentication, Reporting & Conformance (DMARC) Milter    Loaded: loaded (/usr/lib/systemd/system/opendmarc.service; disabled; vendor preset: disabled)    Active: active (running) since Tue 2020-09-01 17:24:38 JST; 6s ago      Docs: man:opendmarc(8)            man:opendmarc.conf(5)            man:opendmarc-import(8)            man:opendmarc-reports(8)            http://www.trusteddomain.org/opendmarc/   Process: 8042 ExecStart=/usr/sbin/opendmarc $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 8043 (opendmarc)    CGroup: /system.slice/opendmarc.service            `-8043 /usr/sbin/opendmarc -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid   Sep 01 17:24:38 centos7.rootlinks.net systemd[1]: Starting Domain-based Message Authentication, Rep...... Sep 01 17:24:38 centos7.rootlinks.net opendmarc[8043]: OpenDMARC Filter v1.3.2 starting (args: -c /e...d) Sep 01 17:24:38 centos7.rootlinks.net opendmarc[8043]: additional trusted authentication services: n...et Sep 01 17:24:38 centos7.rootlinks.net systemd[1]: Started Domain-based Message Authentication, Repo...er. Hint: Some lines were ellipsized, use -l to show in full.

5. opendmarcの自動起動設定
Shell

[root@centos7 ~]# systemctl enable opendmarc Created symlink from /etc/systemd/system/multi-user.target.wants/opendmarc.service to /usr/lib/systemd/system/opendmarc.service.

1 2	[root@centos7 ~]# systemctl enable  opendmarc Created symlink from /etc/systemd/system/multi-user.target.wants/opendmarc.service to /usr/lib/systemd/system/opendmarc.service.

6. Postfixのリロード
Shell

[root@centos7 ~]# postfix reload

1	[root@centos7 ~]# postfix reload

7. maillogの確認

ログは標準でSyslog経由、ファシリティmailで記録されるので通常は/var/log/maillogに記録されると思います。

Sep 1 17:24:38 ns opendmarc[8043]: OpenDMARC Filter v1.3.2 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) Sep 1 17:24:38 ns opendmarc[8043]: additional trusted authentication services: centos7.rootlinks.net

1 2	Sep  1 17:24:38 ns opendmarc[8043]: OpenDMARC Filter v1.3.2 starting (args: -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid) Sep  1 17:24:38 ns opendmarc[8043]: additional trusted authentication services: centos7.rootlinks.net

8. Gmailからテストメールを送信
Sep 1 17:27:07 ns opendmarc[8043]: A387CCBEE4: SPF(mailfrom): guest001@gmail.com pass Sep 1 17:27:07 ns opendmarc[8043]: A387CCBEE4: gmail.com pass

1 2	Sep  1 17:27:07 ns opendmarc[8043]: A387CCBEE4: SPF(mailfrom): guest001@gmail.com pass Sep  1 17:27:07 ns opendmarc[8043]: A387CCBEE4: gmail.com pass

9. Public Suffix Listのダウンロード

この作業はオプションで必要ないけど、推奨するとのこと。

Shell

[root@centos7 ~]# wget --no-check-certificate -q -N -P /etc/opendmarc https://publicsuffix.org/list/effective_tld_names.dat [root@centos7 ~]# chown opendmarc:opendmarc /etc/opendmarc/effective_tld_names.dat [root@centos7 ~]# ls -l /etc/opendmarc/ total 220 -rw-r--r-- 1 opendmarc opendmarc 224697 Aug 28 16:07 effective_tld_names.dat

1 2 3 4 5

[root@centos7 ~]# wget --no-check-certificate -q -N -P /etc/opendmarc https://publicsuffix.org/list/effective_tld_names.dat [root@centos7 ~]# chown opendmarc:opendmarc /etc/opendmarc/effective_tld_names.dat [root@centos7 ~]# ls -l /etc/opendmarc/ total 220 -rw-r--r-- 1 opendmarc opendmarc 224697 Aug 28 16:07 effective_tld_names.dat

10. /etc/opendmarc.confの編集
/etc/opendmarc.conf

Shell

[root@centos7 ~]# vi /etc/opendmarc.conf [root@centos7 ~]# grep PublicSuffixList /etc/opendmarc.conf ## PublicSuffixList path PublicSuffixList /etc/opendmarc/effective_tld_names.dat

1 2 3 4

[root@centos7 ~]# vi /etc/opendmarc.conf [root@centos7 ~]# grep PublicSuffixList /etc/opendmarc.conf ##  PublicSuffixList path PublicSuffixList /etc/opendmarc/effective_tld_names.dat

11. effective_tld_names.datの更新タスク

下記のスクリプトを作成して/etc/cron.weekly/に設置しました。opendmarcのrestartとかreloadは必要なのかな?

Shell

[root@centos7 ~]# vi /etc/cron.weekly/PublicSuffixList.sh [root@centos7 ~]# cat /etc/cron.weekly/PublicSuffixList.sh #!/bin/bash # wget --no-check-certificate -q -N -P /etc/opendmarc https://publicsuffix.org/list/effective_tld_names.dat [root@centos7 ~]# chmod u+x /etc/cron.weekly/PublicSuffixList.sh

1 2 3 4 5 6

[root@centos7 ~]# vi /etc/cron.weekly/PublicSuffixList.sh [root@centos7 ~]# cat /etc/cron.weekly/PublicSuffixList.sh #!/bin/bash # wget --no-check-certificate -q -N -P /etc/opendmarc https://publicsuffix.org/list/effective_tld_names.dat [root@centos7 ~]# chmod u+x /etc/cron.weekly/PublicSuffixList.sh

12. DMARC Reportingの設定

送信元のDNSにDMARCレコードがあり、レポートの送信先メールアドレスが記載されていれば送信する設定です。
データーベースが必要なのがちょっと面倒ですね。

13. /etc/opendmarc.confの編集
/etc/opendmarc.conf

Shell

[root@centos7 ~]# vi /etc/opendmarc.conf [root@centos7 ~]# grep HistoryFile /etc/opendmarc.conf ## HistoryFile path HistoryFile /var/spool/opendmarc/opendmarc.dat

1 2 3 4

[root@centos7 ~]# vi /etc/opendmarc.conf [root@centos7 ~]# grep HistoryFile /etc/opendmarc.conf ##  HistoryFile path HistoryFile /var/spool/opendmarc/opendmarc.dat

14. MySQL databaseの設定

DB名:opendmarcdb, USER:opendmarc PASSWD:secretpasswordでDBを作成しました。

MySQL

[root@centos7 ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 74470 Server version: 10.1.46-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE opendmarcdb; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON opendmarcdb.* TO opendmarc IDENTIFIED BY 'secretpassword'; Query OK, 0 rows affected (0.04 sec) MariaDB [(none)]> quit; Bye

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[root@centos7 ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor.  Commands end with ; or \g. Your MariaDB connection id is 74470 Server version: 10.1.46-MariaDB MariaDB Server   Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   MariaDB [(none)]> CREATE DATABASE opendmarcdb; Query OK, 1 row affected (0.01 sec)   MariaDB [(none)]> GRANT ALL PRIVILEGES ON opendmarcdb.* TO opendmarc IDENTIFIED BY 'secretpassword'; Query OK, 0 rows affected (0.04 sec)   MariaDB [(none)]> quit; Bye

15. default schemaをインポート

schema.mysqlはディストリビューションやバージョンで異なると思います。

Shell

[root@centos7 ~]# mysql -u opendmarc -p opendmarcdb < /usr/share/opendmarc/db/schema.mysql Enter password:

1 2	[root@centos7 ~]# mysql -u opendmarc -p opendmarcdb < /usr/share/opendmarc/db/schema.mysql Enter password:

16. メール送信スクリプトの作成

最後にopendmarc.datからデータベースにデータをインポートし、レポートを処理して送信、opendmarc.datファイルの内容を消去するスクリプトを作成します。
opendmarc-send-reports.shを環境に合わせて変更、利用するところが多そうです。

opendmarc-send-reports.sh
https://gist.github.com/stevejenkins/1b61d15cc5aaf3e6819f#file-opendmarc-send-reports-sh

今回は/etc/cron.daily/opendmarc-send-reports.shを作成しました。

Shell

[root@centos7 ~]# vi /etc/cron.daily/opendmarc-send-reports.sh #!/bin/bash # Imports data from OpenDMARC's opendmarc.dat file into a local MySQL DB # and sends DMARC failure reports to domain owners. # Based on a script from Hamzah Khan (http://blog.hamzahkhan.com/) set -e # Database and History File Info DBHOST='localhost' DBUSER='opendmarc' DBPASS='secretpassword' DBNAME='opendmarcdb' HISTDIR='/var/spool/opendmarc' HISTFILE='opendmarc' # Make sure history file exists touch ${HISTDIR}/${HISTFILE}.dat # Move history file temp dir for processing mv ${HISTDIR}/${HISTFILE}.dat /tmp/${HISTFILE}.$$ # Import temp history file data and send reports /usr/sbin/opendmarc-import -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose < /tmp/${HISTFILE}.$$ /usr/sbin/opendmarc-reports -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose -interval=86400 -report-email 'dmarc@rootlinks.net' -report-org 'rootlinks.net' /usr/sbin/opendmarc-expire -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose # Delete temp history file rm -rf *.$$ [root@centos7 ~]# chmod u+x /etc/cron.daily/opendmarc-send-reports.sh

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

[root@centos7 ~]# vi /etc/cron.daily/opendmarc-send-reports.sh #!/bin/bash # Imports data from OpenDMARC's opendmarc.dat file into a local MySQL DB # and sends DMARC failure reports to domain owners. # Based on a script from Hamzah Khan (http://blog.hamzahkhan.com/)   set -e   # Database and History File Info DBHOST='localhost' DBUSER='opendmarc' DBPASS='secretpassword' DBNAME='opendmarcdb' HISTDIR='/var/spool/opendmarc' HISTFILE='opendmarc'   # Make sure history file exists touch ${HISTDIR}/${HISTFILE}.dat   # Move history file temp dir for processing mv ${HISTDIR}/${HISTFILE}.dat /tmp/${HISTFILE}.$$   # Import temp history file data and send reports /usr/sbin/opendmarc-import -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose < /tmp/${HISTFILE}.$$ /usr/sbin/opendmarc-reports -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose -interval=86400 -report-email 'dmarc@rootlinks.net' -report-org 'rootlinks.net' /usr/sbin/opendmarc-expire -dbhost=${DBHOST} -dbuser=${DBUSER} -dbpasswd=${DBPASS} -dbname=${DBNAME} -verbose   # Delete temp history file rm -rf *.$$ [root@centos7 ~]# chmod u+x /etc/cron.daily/opendmarc-send-reports.sh

まだ運用を始めたばかりなので暫く様子をみます。今のところメール送受信に不具合は無さそうですが。