opendmarc bien configuré

docker-compose/mail.yml

@@ -24,7 +24,7 @@ services:
       - mail
     volumes:
       - /var/lib/docker/volumes/mail-mta-log/_data:/var/log
-      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
+#      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
     environment:
       - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
     labels:

pica-mail-mta/Dockerfile

@@ -52,6 +52,8 @@ COPY spam/opendmarc.conf /etc/
 COPY spam/dkimkeys/* /etc/dkimkeys/
 COPY spam/opendkim /etc/default/opendkim
 COPY spam/opendmarc /etc/default/opendmarc
+COPY --chown=opendkim:opendkim spam/nov2018.picasoft.net.rsa /etc/dkimkeys/nov2018.picasoft.net.rsa
+COPY --chown=opendmarc:opendmarc spam/ignore.hosts /etc/opendmarc/ignore.hosts
 
 COPY saslauthd-postfix /etc/default/
 COPY entrypoint.sh /

pica-mail-mta/entrypoint.sh

@@ -102,6 +102,8 @@ postconf -e "non_smtpd_milters = local:/opendkim/opendkim.sock, local:/opendmarc
 #création des répertoires où transiteront les sockets + gestion des permissions
 mkdir /var/spool/postfix/opendkim
 mkdir /var/spool/postfix/opendmarc
+mkdir /etc/opendmarc
+chown -R opendmarc:opendmarc /etc/opendmarc
 chown -R opendkim:opendkim /etc/opendkim.conf /etc/dkimkeys
 chown opendmarc:opendmarc /etc/opendmarc.conf
 chown opendkim:postfix /var/spool/postfix/opendkim

pica-mail-mta/spam/ignore.hosts

+localhost
+192.168.0.0/24

pica-mail-mta/spam/nov2018.picasoft.net.rsa

+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEA0LZPCh8GyDn1loMJs0IDfWVc6hJKnrDIQaUmcaBxtAoZUyEf
+TBdGIYaqswC/xCMa/ov01QCFP293RD1caN8h45CaArwoiPIjmM0xnq1YmSVRjABB
+ozUVk6o8F08W9XzwO5iolWLfuMA+oiFnIyhH+ATcb8DxBvBTa8AUwCs6fEvfdSfI
+PlJNHhymWIbg2rWD01klOY36J0OZC1p12Fl1fkUU5jNMcJZOezwrqbQqbqZQOF5+
+1BY/Wx2xWmjdlyn9OR4nE5046pF7l5/yOQr8EPVnrFK3dx2SNiJuOSj1qs56CAIN
+kytvOoZEH65sULwh/HrQjvVvUYQjwYpVl3cOVLGIybo8n6ArsCUMcBiBjBHJRb6v
+UI7GM9gilZM17wOTDKL6ncxQPlya5DvmQCuf+2Kaz8HZAG/lAYHUqZ2+YaKDcR8k
+/xz9dQazqNqXSMvLn/DbisUDd21vhfSJxEfW4FKQmJ6g9YSJCyzyKuvI8lyiwuXE
+TM/dJI47Y3nlYJjJtIlxPn7MTvPyh5qByr1C3LrjEVFIe2dhA3C105PAkFMCpG7d
+ut8l1nyxBUmJW1qmJ4dR/EHzwVfMnkcZPi/V8+6BUCT2hg95/rUTtwSD1JTTJduu
+vkAtrLSOaus35p0wsmmqU/glNDF3H9ARqJnAs/5UgEB+zOBs8fZuI/bcxCkCAwEA
+AQKCAgALzWNm1R5TEEP9AOf5hRAhdSvt6J7jnmeUnrwvzLzhS3jnJIZajS5gEvdw
+K+isNLgAEPYFXYQrdCgwaa/iFkwaTEEJSo6YP+kXaPMXYAIUlvGnkxQjIItZ0FSZ
+lNVdiHUlSZqu5+pyzhw8mtr0OADp24yDnUuD8u8ktrX1r/wcr0WxoFBIherqewBF
+HUt10rHjr7TVLlwpAD+VTsY/N7/XJhzqb5gw/a7udRabAB8uJqV+qolNgPyQMHuo
++ykctTkmk7ft+gQP764ngtn1s9NROi9kpUDOsZNlEElfXhuWTxrDfSo7Wkdt7c3I
+ZNqnLhxV5LQKgYKL/4buGN6CNC9RLI0vFAUe+GZqxD3ViFRd7qxBxzOpRwu+XOQ+
+ZDhS8Bcmbb+xMjVasSUki8DGZdiglpugmA0PJu4506fUebDpo95MOsitK6VmdZdI
+qej/Odf4wGuOO1qxKYs9ArWcTiSJan03x9mqgJO44x71tl0ksVyYMmjzQT1i5xZo
+IsGLUd+EEuzIXCxbqvzRMfzy/0LiiSyVsA5BxP2wfJbx3t9YO9Pz/+6p3T/bDDO8
+28DxUhftqpfGqxhdLU311Q2uvCCvCON32YSntAYcO3lceWqu/EejbWtN+WZZ7Cl6
+D1jiQHWw/38cmkkF9blaMvDktbi57MVmEB9MZjSovxZks1cGoQKCAQEA90VUyJrc
+yDmndZ7TmLntbZmYm8lSjN7PkSWHPcBvuUR17Tr3rkgQXlRhKPDsp046k+lJ9Rva
+LQ0wTqEQ1j8TSDMRqrR/3/8k7vT2ewGtdxyeJzIVDKCMSTDNwySpwurSQBlySO0r
+xstffHt7hJ0gSxTt8K9tWs3b9Z7YjsaN1socW5YddsLXvlIZVhZMl7v4W9gb7leo
+eVL46tjsDaHw8KV8OMIfFbwIKLRF0Kn48DPClEX5+GRyZfv6EarB9GgjZB/J/kJq
+HTCDlbJh64+aDz/7pPw5Jf8klvXzYbzhbKO5cS3JnbPsJkJ7uUzGZeWMuQrzhxr9
+G4xGZ04WK45AnQKCAQEA2BSCibnepUj9lmF4JzrSg/uy+efBTw/GC/Rm29VvPFjq
+F9Rx5t7PL1TmwnYTXs8HdQQxr5y8/PrbJ8IpvHy6MoeguiURYh4UwY3pI19fLPNa
+LfDXMcKfsWk7lNK6YX8U6LLzsk3OSJINB6ZKdXro96FXlPwqmaBV9uFlrLJd62MR
+uXiJRZqtReU4Dh2BcqAM2K3rz0HuwDmYhrsptmPC8nIrHtojLx0/ePVaPXrfPFrs
+uBfw9Tbe7J/uvfYq31H3HXsIFhcU2omRHio2X5vrkbB5TZSVFFtXLGtpzYaDyMz5
+t688edRSNy+sOEPfHuVDWcfnP5T1YZwUb4wa7++9/QKCAQAi5nQ7BDCZShnqrgor
+ikKKr50sj9PI8kHVuLhH7PtX6OPEIgiHXsCAr+QuxSKB0rbN3aWEpPO8XBovXuhj
+dO+hxyN9NpC96uMpnwWTAv+ayj1ARv9Vkut6ARtpqakUS9R1G6JXzLHbEyVdCoi6
+hPrj3gZfbENBB8E9/7eNH1UxtcEe5CcwdfvBbxEIZ4lT+UHqpKv8jf7HcQCVFRzs
+J6k8Lf9Ee5GrnaiBJkCcXQE31fZmuyG2/2ZuIox/JdzOREyKezolWvZjPE+2N0E+
+4DvcXymDdd4TENn3PKunZeNjVBB+evnz+ksgc03HL6DpDOc5zuPkc9i5pKjjN9BF
+QYS5AoIBAHkwv6opUmOXlYsDbdVq22llARPC1RvXt/c6g3omsjXBlMH6yEt5ifB9
+CNPmT6TsLr2FtaxOF3034TTiZHAv8GqowQ/F/ILwZinMwwaw1furHVgI7VkeVFy3
+rdAhhKFsGjkNLTtDAkCXkbFJphdP8Vv55NpNuELjt3M5JcJ/Y8fCj81benpMb4R1
+NERObizw8WOR4GElFJhBdXeTf6ipOUyrld2+8N7a45+e1JcI1C3QvVXfL6kItm02
+ojtu1srb+OJS/80L8wlDAN5PRKHJHI1g0hgeDqMVO8ZRFE1OdZloxWItaZjW6anE
+Fi6Ueo6kfWrcgKmbjSjK1ndduDn8V60CggEANBpFf0bH4iUop8rBL5Dz6saJQHgD
+41vDIRdNxDGZfa91rNax9npiaL4r4e6e/QKNYmiXBdSVNgKi74IL34Dpn0sOzUjV
+hB1CGpIJh1fAXLQY8yZ0RMXC7MJ+CCFWZ6SNRDwWSz/sIkIcD6ZuDZ7jUBQHJbN3
+MNifhfJxIIv/8iC3Zf1ol9nwPNBL/VGWRWRGe2/XqQvNGipa08djRSocg1ofJyrU
+ep2L09eYmSYAtwAzkYgbOfCDW5x6wciFCVgClsZm+7ztGXZDKlSFqzqVUwhtT7Q4
+32qMQf8rWLLOR/6whzc4rtm0NQJCzEJQ5Mlk+jNKlwcf6CStWeoLjmEtGQ==
+-----END RSA PRIVATE KEY-----

pica-mail-mta/spam/opendmarc.conf

@@ -5,14 +5,14 @@
 ##  AuthservID (string)
 ##  	defaults to MTA name
 #
-# AuthservID name
+AuthservID mail.test.picasoft.net
 
 ##  FailureReports { true | false }
 ##  	default "false"
 ##
-# FailureReports false
+FailureReports true
 
-PidFile /var/run/opendmarc/opendmarc.pid
+PidFile /var/spool/postifx/opendmarc/opendmarc.pid
 
 ##  RejectFailures { true | false }
 ##  	default "false"
@@ -32,7 +32,7 @@ RejectFailures false
 ##  either in the configuration file or on the command line.  If an IP
 ##  address is used, it must be enclosed in square brackets.
 #
-Socket local:/var/run/opendmarc/opendmarc.sock
+Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
 
 ##  Syslog { true | false }
 ##  	default "false"
@@ -58,7 +58,7 @@ Syslog true
 ##  with a comma.  The key word "HOSTNAME" will be replaced by the name of
 ##  the host running the filter as reported by the gethostname(3) function.
 #
-# TrustedAuthservIDs HOSTNAME
+TrustedAuthservIDs mail.test.picasoft.net
 
 
 ##  UMask mask
@@ -85,3 +85,7 @@ UserID opendmarc
 ## Path to system copy of PSL (needed to determine organizational domain)
 #
 PublicSuffixList /usr/share/publicsuffix/
+
+HistoryFile /var/log/opendmarc.log
+
+IgnoreHosts /etc/opendmarc/ignore.hosts