NAME
Mail::Milter::Authentication::Handler::DMARC - Handler class for DMARC
VERSION
version 3.20241024
DESCRIPTION
Module implementing the DMARC standard checks.
This handler requires the SPF and DKIM handlers to be installed and active.
CONFIGURATION
"DMARC" : { | Config for the DMARC Module
| Requires DKIM and SPF
"hard_reject" : 0, | Reject mail which fails with a reject policy
"no_reject_disposition" : "quarantine", | What to report when hard_reject is 0
"no_list_reject" : 0, | Do not reject mail detected as mailing list
"arc_before_list" : 0, | Don't apply above list detection if we have trusted arc
"no_list_reject_disposition" : "none", | Disposition to use for mail detected as mailing list (defaults none)
"reject_on_multifrom" : 20, | Reject mail if we detect more than X DMARC entities to process
"quarantine_on_multifrom" : 15, | Quarantine mail if we detect more than X DMARC entities to process
"strict_multifrom" : 1, | If set, reject/quarantine (based on hard_reject) when there are multiple
| rfc5322 domains present. DMARC processing/reporting will continue as usual
| as defined by *_on_multifrom settings above.
"skip_on_multifrom" : 10, | Skip further processing if we detect more than X DMARC entities to process
"whitelisted" : [ | A list of ip addresses or CIDR ranges, or dkim domains
"10.20.30.40", | for which we do not want to hard reject mail on fail p=reject
"dkim:bad.forwarder.com", | (valid) DKIM signing domains can also be whitelisted by
"20.30.40.0/24" | having an entry such as "dkim:domain.com"
],
"policy_rbl_lookup" : { | Optionally lookup the from domain in a rbl and add a policy entry
"foo" : { | the policy to add, this will translate to policy.foo
"rbl" : "foo.rbl.example.com", | The RBL to use for this lookup
"results" : { | Mapping of rbl results to policy entries
"127.0.0.1" : "one", | A result of IP will give a corresponding policy entry
"127.0.0.2" : "two",
"*" : "star" | Fallback to the '*' entry if not found.
| defaults to 'pass' if no entries and no fallback found
}
}
},
"use_arc" : 1, | Use trusted ARC results if available
"hide_none" : 0, | Hide auth line if the result is 'none'
"detect_list_id" : "1", | Detect a list ID and modify the DMARC authentication header
| to note this, useful when making rules for junking email
| as mailing lists frequently cause false DMARC failures.
"report_skip_to" : [ | Do not send DMARC reports for emails to these addresses.
"dmarc@yourdomain.com", | This can be used to avoid report loops for email sent to
"dmarc@example.com" | your report from addresses.
],
"report_suppression_list" : "rbl.example.com", | RBL used to look up Org domains for which we want to suppress reporting
"report_suppression_email_list" : "rbl.examp", | RBL used to look up hashed email addresses for which we want to suppress reporting
"no_report" : "1", | If set then we will not attempt to store DMARC reports.
"hide_report_to" : "1", | If set, remove envelope_to from DMARC reports
"config_file" : "/etc/mail-dmarc.ini" | Optional path to dmarc config file
},
AUTHOR
Marc Bradshaw <marc@marcbradshaw.net>
COPYRIGHT AND LICENSE
This software is copyright (c) 2020 by Marc Bradshaw.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.