I activated opendmarc on my server but it rejects all emails. I've tried sending with emails from google and yahoo and it doesn't work
Any idea what could be wrong?
5.7.1 rejected by DMARC policy for remoteserver.domain.ltd
5.7.1 rejected by DMARC policy for yahoo.com
...
/etc/postfix/main.cf
allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
dmarc_milter = , inet:localhost:8893
#dmarc_milter =
smtpd_milters = inet:localhost:8891 $dmarc_milter
non_smtpd_milters = $smtpd_milters
/etc/opendmarc.conf
AuthservID OpenDMARC
IgnoreHosts /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc.pid
RejectFailures true
RequiredHeaders true
Socket inet:8893@localhost
SoftwareHeader true
Syslog true
SyslogFacility mail
UMask 0002
UserID opendmarc:opendmarc
#SPFSelfValidate true
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat
/etc/opendmarc/ignore.hosts
127.0.0.0/8
::1/128
localhost
192.168.0.0/24
/var/log/mail.log
Oct 16 22:40:14 myserver postfix/smtpd[25265]: connect from remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/smtpd[25265]: Anonymous TLS connection established from remoteserver.domain.ltd[22.22.22.22]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver policyd-spf[25268]: None; identity=helo; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; [email protected]; [email protected]
Oct 16 22:40:14 myserver policyd-spf[25268]: Pass; identity=mailfrom; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; [email protected]; [email protected]
Oct 16 22:40:14 myserver postgrey[2548]: action=pass, reason=client AWL, client_name=remoteserver.domain.ltd, client_address=22.22.22.22, [email protected], [email protected]
Oct 16 22:40:14 myserver postfix/smtpd[25265]: C878281433: client=remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: replace: header Message-ID: <[email protected]> from remoteserver.domain.ltd[22.22.22.22]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<remoteserver.domain.ltd>: Message-ID: <[email protected]>
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: message-id=<[email protected]>
Oct 16 22:40:14 myserver opendkim[4159]: C878281433: s=mail d=remoteserver.domain.ltd SSL
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433 ignoring Authentication-Results at 0 from myserver.myserver.ltd
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433: remoteserver.domain.ltd fail
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: milter-reject: END-OF-MESSAGE from remoteserver.domain.ltd[22.22.22.22]: 5.7.1 rejected by DMARC policy for remoteserver.domain.ltd; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/smtpd[25265]: disconnect from remoteserver.domain.ltd[22.22.22.22]
/var/run/opendmarc/opendmarc.dat
job 0EC0180962
reporter ptr_remoteserver.ltd
received 1602938133
ipaddr 22.22.22.22
from remoteserver.domain.ltd
mfrom remoteserver.domain.ltd
spf -1
pdomain remoteserver.domain.ltd
policy 16
rua -
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 0
netstat -ltnp | grep :8893
tcp 0 0 127.0.0.1:8893 0.0.0.0:* LISTEN 14990/opendmarc
It seems you are using CentOS.
Make sure you have SPF and DKIM set up properly. You can follow this guide: https://www.linuxbabe.com/redhat/set-up-spf-dkim-postfix-centos
Then follow this guide to set up OpenDMARC. https://www.linuxbabe.com/redhat/opendmarc-postfix-centos-rhel
It's recommended to set SPFSelfValidate to true in /etc/opendmarc.conf file, so OpenDMARC will perform SPF checks when it can’t find SPF results in the headers.
It's also recommended to set the TrustedAuthservIDs in /etc/opendmarc.conf file.
Replace the hostname with your real Postfix hostname. This tells OpenDMARC to trust authentication result with mail.yourdomain.com in the ID. This is needed when you have OpenDKIM running to do DKIM verification. If the Postfix hostname isn’t included in the TrustedAuthservIDs, then OpenDMARC might ignore the Authentication-Results header generated by OpenDKIM.