NAME

Mail::Milter::Authentication::Handler::DMARC - Handler class for DMARC

VERSION

version 3.20210324

DESCRIPTION

Module implementing the DMARC standard checks.

This handler requires the SPF and DKIM handlers to be installed and active.

CONFIGURATION

        "DMARC" : {                                        | Config for the DMARC Module
                                                           | Requires DKIM and SPF
            "hard_reject"           : 0,                   | Reject mail which fails with a reject policy
            "no_reject_disposition" : "quarantine",        | What to report when hard_reject is 0
            "no_list_reject"        : 0,                   | Do not reject mail detected as mailing list
            "arc_before_list"       : 0,                   | Don't apply above list detection if we have trusted arc
            "no_list_reject_disposition" : "none",         | Disposition to use for mail detected as mailing list (defaults none)
            "reject_on_multifrom"     : 20,                | Reject mail if we detect more than X DMARC entities to process
            "quarantine_on_multifrom" : 15,                | Quarantine mail if we detect more than X DMARC entities to process
            "skip_on_multifrom"       : 10,                | Skip further processing if we detect more than X DMARC entities to process
            "whitelisted"           : [                    | A list of ip addresses or CIDR ranges, or dkim domains
                "10.20.30.40",                             | for which we do not want to hard reject mail on fail p=reject
                "dkim:bad.forwarder.com",                  | (valid) DKIM signing domains can also be whitelisted by
                "20.30.40.0/24"                            | having an entry such as "dkim:domain.com"
            ],
            "policy_rbl_lookup"     : {                    | Optionally lookup the from domain in a rbl and add a policy entry
              "foo" : {                                    | the policy to add, this will translate to policy.foo 
                "rbl" : "foo.rbl.example.com",             | The RBL to use for this lookup
                "results" : {                              | Mapping of rbl results to policy entries
                  "127.0.0.1" : "one",                     | A result of IP will give a corresponding policy entry
                  "127.0.0.2" : "two",
                  "*" : "star"                             | Fallback to the '*' entry if not found.
                                                           |   defaults to 'pass' if no entries and no fallback found
                }
              }
            },
            "use_arc"             : 1,                     | Use trusted ARC results if available
            "hide_none"           : 0,                     | Hide auth line if the result is 'none'
            "detect_list_id"      : "1",                   | Detect a list ID and modify the DMARC authentication header
                                                           | to note this, useful when making rules for junking email
                                                           | as mailing lists frequently cause false DMARC failures.
            "report_skip_to"     : [                       | Do not send DMARC reports for emails to these addresses.
                "dmarc@yourdomain.com",                    | This can be used to avoid report loops for email sent to
                "dmarc@example.com"                        | your report from addresses.
            ],
            "report_suppression_list" : "rbl.example.com", | RBL used to look Org domains for which we want to suppress reporting
            "no_report"          : "1",                    | If set then we will not attempt to store DMARC reports.
            "hide_report_to"     : "1",                    | If set, remove envelope_to from DMARC reports
            "config_file"        : "/etc/mail-dmarc.ini"   | Optional path to dmarc config file
        },

AUTHOR

Marc Bradshaw <marc@marcbradshaw.net>

COPYRIGHT AND LICENSE

This software is copyright (c) 2020 by Marc Bradshaw.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.