Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
opendmarc(8)		    System Manager's Manual		  opendmarc(8)

       opendmarc - DMARC email policy filter for MTAs

       opendmarc  [-A] [-c configfile] [-f] [-l] [-n] [-p socketspec] [-P pid-
       file] [-t file[,file[...]]]  [-u	userid[:group]]	[-v] [-V]

       opendmarc implements the	proposed DMARC specification  for  authentica-
       tion of message and reporting of	observed traffic.

       opendmarc  uses the milter interface, originally	distributed as part of
       version 8.11 of sendmail(8), to provide a DMARC processing service  for
       mail transiting a milter-aware MTA.

       Most,  if not all, of the command line options listed below can also be
       set using a configuration file.	See the	-c option for details.

       opendmarc relies	on addition of Authentication-Results  fields  by  up-
       steam filters on	trusted	hosts to collect input to the DMARC algorithm.
       It does not itself do DKIM or SPF evaluation.

       -A     Automatically re-start on	failures.  Use with  caution;  if  the
	      filter  fails  instantly after it	starts,	this can cause a tight
	      fork(2) loop.  This can be mitigated using some  values  in  the
	      configuration file to limit restarting.  See opendmarc.conf(5).

       -c configfile
	      Read  the	 named	configuration file.  See the opendmarc.conf(5)
	      man page for details.  Values  in	 the  configuration  file  are
	      overridden  when	their  equivalents are provided	on the command
	      line until a configuration reload	occurs.	 The OPERATION section
	      describes	 how  reloads are triggered.  The default is to	read a
	      configuration file from /usr/local/etc/opendmarc.conf if one ex-
	      ists, or otherwise to apply defaults to all values.

       -f     Normally opendmarc forks and exits immediately, leaving the ser-
	      vice running in the background.  This flag suppresses  that  be-
	      haviour so that it runs in the foreground.

       -l     Log via calls to syslog(3) any interesting activity.

       -n     Parse the	configuration file and command line arguments, report-
	      ing any errors found, and	then exit.  The	exit value will	 be  0
	      if the filter would start	up without complaint, or non-zero oth-

       -p socketspec
	      Specifies	the socket that	should be established by the filter to
	      receive  connections  from  sendmail(8) in order to provide ser-
	      vice.  socketspec	is in one of two forms:	local:path which  cre-
	      ates   a	 UNIX	domain	 socket	 at  the  specified  path,  or
	      inet:port[@host] or inet6:port[@host] which creates a TCP	socket
	      on  the specified	port within the	specified protocol family.  If
	      the host is not given as either a	hostname or an IP address, the
	      socket  will  be listening on all	interfaces.  If	neither	socket
	      type is specified, local is assumed, meaning  the	 parameter  is
	      interpreted as a path at which the socket	should be created.  If
	      an IP address is used, it	must be	enclosed in  square  brackets.
	      This parameter is	mandatory.

       -P pidfile
	      Specifies	 a file	into which the filter should write its process
	      ID at startup.

       -t file[,file[,...]]
	      Reads email messages from	the named files	and processes them  as
	      if  they	were  received	by  the	 filter.   The	service	is not
	      started, and actions normally sent back to the MTA will  instead
	      be printed on standard output.

       -u userid[:group]
	      Attempts	to be come the specified userid	before starting	opera-
	      tions.  The process will be assigned all of the groups and  pri-
	      mary  group  ID of the named userid unless an alternate group is
	      specified.  See the FILE PERMISSIONS section for	more  informa-

       -v     Increase verbose output during test mode (see -t above).	May be
	      specified	more than once to request increasing amounts  of  out-

       -V     Print the	version	number and supported canonicalization and sig-
	      nature algorithms, and then exit without doing anything else.

       Upon receiving SIGUSR1, if the filter was started with a	 configuration
       file,  it  will be re-read and the new values used.  Note that any com-
       mand line overrides provided at startup time will be lost when this  is
       done.   Also, the following configuration file values (and their	corre-
       sponding	command	line items, if any)  are  not  reloaded	 through  this
       process:	 AutoRestart  (-A),  AutoRestartCount,	AutoRestartRate, Back-
       ground, MilterDebug, PidFile (-P), Socket  (-p),	 UMask,	 UserID	 (-u).
       The  filter  does  not  automatically  check the	configuration file for
       changes and reload.

       This man	page covers version 1.3.2 of opendmarc.

       Copyright (c) 2012, The Trusted Domain Project.	All rights reserved.

       opendmarc.conf(5), sendmail(8)

       Sendmail	Operations Guide

       RFC4408 - Sender	Policy Framework

       RFC5321 - Simple	Mail Transfer Protocol

       RFC5322 - Internet Messages

       RFC5451 - Message Header	Field for  Indicating  Message	Authentication

       RFC6376 - DomainKeys Identified Mail

       RFC6591	-  Authentication  Failure Reporting Using the Abuse Reporting

			  The Trusted Domain Project		  opendmarc(8)


Want to link to this manual page? Use this URL:

home | help