- added DMARC (opendmarc) support with basic setup

Dockerfile

@@ -7,7 +7,7 @@ RUN apt-get -y upgrade
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
     courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
     pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
-    opendkim opendkim-tools 
+    opendkim opendkim-tools opendmarc
 RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
 
 # Configures Saslauthd
@@ -40,6 +40,10 @@ ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
 ADD postfix/opendkim.conf /etc/opendkim.conf
 ADD postfix/default-opendkim /etc/default/opendkim
 
+# Configure DMARC (opendmarc)
+ADD postfix/opendmarc.conf /etc/opendmarc.conf
+ADD postfix/default-opendmarc /etc/default/opendmarc
+
 
 # Configures Postfix
 ADD postfix/main.cf /etc/postfix/main.cf

README.md

@@ -14,6 +14,7 @@ Includes:
 - spamassasin
 - clamav with automatic updates
 - opendkim
+- opendmarc (basic setup)
 - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates
 - optional pop3 server (add `-e ENABLE_POP3=1` to enable pop3 server)
 

postfix/default-opendmarc

@@ -0,0 +1,11 @@
+# Command-line options specified here will override the contents of
+# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options.
+#DAEMON_OPTS=""
+#
+# Uncomment to specify an alternate socket
+# Note that setting this will override any Socket value in opendkim.conf
+#SOCKET="local:/var/run/opendmarc/opendmarc.sock" # default
+#SOCKET="inet:54321" # listen on all interfaces on port 54321
+#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
+#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
+SOCKET="inet:54321@localhost"

postfix/main.cf

@@ -61,5 +61,5 @@ content_filter = smtp-amavis:[127.0.0.1]:10024
 # Milters used by DKIM
 milter_protocol = 2
 milter_default_action = accept
-smtpd_milters = inet:localhost:12301
-non_smtpd_milters = inet:localhost:12301
+smtpd_milters = inet:localhost:12301,inet:localhost:54321
+non_smtpd_milters = inet:localhost:12301,inet:localhost:54321

postfix/opendmarc.conf

@@ -0,0 +1,8 @@
+
+PidFile /var/run/opendmarc.pid
+RejectFailures false
+Syslog true
+UMask 0002
+UserID opendmarc:opendmarc
+IgnoreHosts /etc/opendmarc/ignore.hosts
+HistoryFile /var/run/opendmarc/opendmarc.dat

start-mailserver.sh

@@ -97,6 +97,20 @@ chown -R opendkim:opendkim /etc/opendkim/
 # And make sure permissions are right
 chmod -R 0700 /etc/opendkim/keys/
 
+# DMARC
+# if ther is no AuthservID create it
+if [ `cat /etc/opendmarc.conf | grep AuthservID | wc -l` -gt 0 ]; then
+  echo "AuthservID $hostname" >> /etc/opendmarc.conf
+fi
+if [ `cat /etc/opendmarc.conf | grep TrustedAuthservIDs | wc -l` -gt 0 ]; then
+  echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf
+fi
+if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
+  mkdir -p /etc/opendmarc/
+  echo "localhost" >> /etc/opendmarc/ignore.hosts
+fi
+
+
 
 # SSL Configuration
 case $DMS_SSL in
@@ -188,6 +202,7 @@ fi
 /etc/init.d/clamav-daemon start
 /etc/init.d/amavis start
 /etc/init.d/opendkim start
+/etc/init.d/opendmarc start
 /etc/init.d/postfix start
 
 echo "Listing SASL users"