1opendmarc(8)                System Manager's Manual               opendmarc(8)
2
3
4

NAME

6       opendmarc - DMARC email policy filter for MTAs
7

SYNOPSIS

9       opendmarc  [-A] [-c configfile] [-f] [-l] [-n] [-p socketspec] [-P pid‐
10       file] [-t file[,file[...]]]  [-u userid[:group]] [-v] [-V]
11

DESCRIPTION

13       opendmarc implements the proposed DMARC specification  for  authentica‐
14       tion of message and reporting of observed traffic.
15
16       opendmarc  uses the milter interface, originally distributed as part of
17       version 8.11 of sendmail(8), to provide a DMARC processing service  for
18       mail transiting a milter-aware MTA.
19
20       Most,  if not all, of the command line options listed below can also be
21       set using a configuration file.  See the -c option for details.
22
23       opendmarc  relies  on  addition  of  Authentication-Results  fields  by
24       upsteam  filters  on  trusted hosts to collect input to the DMARC algo‐
25       rithm.  It does not itself do DKIM or SPF evaluation.
26

OPTIONS

28       -A     Automatically re-start on failures.  Use with  caution;  if  the
29              filter  fails  instantly after it starts, this can cause a tight
30              fork(2) loop.  This can be mitigated using some  values  in  the
31              configuration file to limit restarting.  See opendmarc.conf(5).
32
33       -c configfile
34              Read  the  named  configuration file.  See the opendmarc.conf(5)
35              man page for details.  Values  in  the  configuration  file  are
36              overridden  when  their  equivalents are provided on the command
37              line until a configuration reload occurs.  The OPERATION section
38              describes  how  reloads are triggered.  The default is to read a
39              configuration file from /etc/opendmarc.conf if  one  exists,  or
40              otherwise to apply defaults to all values.
41
42       -f     Normally opendmarc forks and exits immediately, leaving the ser‐
43              vice running in the background.  This flag suppresses  that  be‐
44              haviour so that it runs in the foreground.
45
46       -l     Log via calls to syslog(3) any interesting activity.
47
48       -n     Parse the configuration file and command line arguments, report‐
49              ing any errors found, and then exit.  The exit value will  be  0
50              if the filter would start up without complaint, or non-zero oth‐
51              erwise.
52
53       -p socketspec
54              Specifies the socket that should be established by the filter to
55              receive  connections  from  sendmail(8) in order to provide ser‐
56              vice.  socketspec is in one of two forms: local:path which  cre‐
57              ates   a   UNIX   domain   socket  at  the  specified  path,  or
58              inet:port[@host] or inet6:port[@host] which creates a TCP socket
59              on  the specified port within the specified protocol family.  If
60              the host is not given as either a hostname or an IP address, the
61              socket  will  be listening on all interfaces.  If neither socket
62              type is specified, local is assumed, meaning  the  parameter  is
63              interpreted as a path at which the socket should be created.  If
64              an IP address is used, it must be enclosed in  square  brackets.
65              This parameter is mandatory.
66
67       -P pidfile
68              Specifies  a file into which the filter should write its process
69              ID at startup.
70
71       -t file[,file[,...]]
72              Reads email messages from the named files and processes them  as
73              if  they  were  received  by  the  filter.   The  service is not
74              started, and actions normally sent back to the MTA will  instead
75              be printed on standard output.
76
77       -u userid[:group]
78              Attempts  to be come the specified userid before starting opera‐
79              tions.  The process will be assigned all of the groups and  pri‐
80              mary  group  ID of the named userid unless an alternate group is
81              specified.  See the FILE PERMISSIONS section for  more  informa‐
82              tion.
83
84       -v     Increase verbose output during test mode (see -t above).  May be
85              specified more than once to request increasing amounts  of  out‐
86              put.
87
88       -V     Print the version number and supported canonicalization and sig‐
89              nature algorithms, and then exit without doing anything else.
90

SIGNALS

92       Upon receiving SIGUSR1, if the filter was started with a  configuration
93       file,  it  will be re-read and the new values used.  Note that any com‐
94       mand line overrides provided at startup time will be lost when this  is
95       done.   Also, the following configuration file values (and their corre‐
96       sponding command line items, if any)  are  not  reloaded  through  this
97       process:  AutoRestart  (-A),  AutoRestartCount,  AutoRestartRate, Back‐
98       ground, MilterDebug, PidFile (-P), Socket  (-p),  UMask,  UserID  (-u).
99       The  filter  does  not  automatically  check the configuration file for
100       changes and reload.
101

VERSION

103       This man page covers version 1.3.2 of opendmarc.
104

COPYRIGHT

106       Copyright (c) 2012, The Trusted Domain Project.  All rights reserved.
107

SEE ALSO

109       opendmarc.conf(5), sendmail(8)
110
111       Sendmail Operations Guide
112
113       RFC4408 - Sender Policy Framework
114
115       RFC5321 - Simple Mail Transfer Protocol
116
117       RFC5322 - Internet Messages
118
119       RFC5451 - Message Header Field for  Indicating  Message  Authentication
120       Status
121
122       RFC6376 - DomainKeys Identified Mail
123
124       RFC6591  -  Authentication  Failure Reporting Using the Abuse Reporting
125       Format
126
127
128
129                          The Trusted Domain Project              opendmarc(8)