dnl dnl Поддержка DMARC (Domain-based Message Authentication, Reporting & Conformance) dnl dnl NO - отключить поддержку DMARC dnl YES - включить поддержку DMARC dnl define(`confDMARC', `NO')dnl dnl dnl путь к файлу со списком доменов верхнего уровня для проверки DMARC dnl define(`condDMARC_TLDS', `/var/cache/exim/opendmarc.tlds')dnl dnl файл можно получить по ссылке dnl https://publicsuffix.org/list/public_suffix_list.dat dnl обновлять файл можно скриптом util/renew-opendmarc-tlds.sh из каталога dnl исходных текстов exim dnl dnl отсылать отчёты DMARC Forensic Report средствами exim dnl NO - не отсылать отчёты dnl YES - отсылать отчёты dnl define(`confDMARC_FORENSIC', `NO')dnl dnl dnl адрес отправителя для отчётов DMARC Forensic Report dnl define(`confDMARC_FORENSIC_SENDER', `postmaster@confQUALIFY_DOMAIN')dnl dnl define(`confDMARC_FORENSIC_SENDER', `noreply-dmarc@confQUALIFY_DOMAIN')dnl dnl define(`confDMARC_FORENSIC_SENDER', `DMARC Forensic Report ')dnl dnl dnl путь к файлу с данными проверки DMARC политик для импорта в opemdmarc dnl define(`confDMARC_OPENDMARC_DATA', `/var/cache/exim/opendmarc_history_file.dat')dnl dnl define(`confDMARC_OPENDMARC_DATA', `confSPOOLDIR/db/opendmarc.dat')dnl dnl ifelse(SECTION, `MAIN', `dnl dmarc_tld_file = condDMARC_TLDS ifdef(`confDMARC_OPENDMARC_DATA', `dnl dmarc_history_file = confDMARC_OPENDMARC_DATA ')dnl ifdef(`confDMARC_FORENSIC_SENDER', `dnl dmarc_forensic_sender = confDMARC_FORENSIC_SENDER ')dnl ') dnl ifelse(SECTION, `MAIN', `') ifelse(SECTION, `ACL_CHECK_RCPT', `dnl # DMARC verify warn set acl_m0 = warn hosts = +relay_from_hosts set acl_m0 = skip warn hosts = +private_networks set acl_m0 = skip warn authenticated = * set acl_m0 = skip warn condition = ${if eq{$acl_m0}{skip}{yes}{no}} control = dmarc_disable_verify # set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=skip ifelse_strstr(confDMARC_FORENSIC, `NO', `', `dnl warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} control = dmarc_enable_forensic ') dnl ifelse_strstr(confDMARC_FORENSIC, `NO', `', `') ') dnl ifelse(SECTION, `ACL_CHECK_RCPT', `') ifelse(SECTION, `ACL_CHECK_DATA_TOP', `dnl # DMARC verify warn condition = ${if eq{$spf_result}{}{yes}{no}} condition = ${if match{$acl_m_auth_results}{\Nspf=\N}{no}{yes}} set acl_m_auth_results = ${acl_m_auth_results};\n\tspf=skip warn condition = ${if eq{$spf_result}{}{yes}{no}} spf = fail warn ! authenticated = * ! hosts = +relay_from_hosts dmarc_status = accept ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=pass${if eq{$dmarc_domain_policy}{}{}{ (p=$dmarc_domain_policy)}} header.from=$dmarc_used_domain ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') log_message = DMARC status: $dmarc_status ($dmarc_status_text) for $dmarc_used_domain${if eq{$dmarc_domain_policy}{}{}{ (policy: $dmarc_domain_policy)}} # deny condition = ${if eq{$dmarc_domain_policy}{reject}} # condition = ${if eq{$acl_m_mailing_list}{1}} # message = Messages from $dmarc_used_domain break mailing lists # deny ! authenticated = * # dmarc_status = reject # message = Message from $dmarc_used_domain failed sender-s DMARC policy, REJECT warn ! authenticated = * ! hosts = +relay_from_hosts dmarc_status = reject ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=$dmarc_status${if eq{$dmarc_domain_policy}{}{}{ (p=$dmarc_domain_policy)}} header.from=$dmarc_used_domain ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') log_message = DMARC status: $dmarc_status ($dmarc_status_text); Message from $dmarc_used_domain failed sender-s DMARC policy, REJECT warn ! authenticated = * ! hosts = +relay_from_hosts dmarc_status = quarantine ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=fail${if eq{$dmarc_domain_policy}{}{}{ (p=$dmarc_domain_policy)}} header.from=$dmarc_used_domain ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') log_message = DMARC status: $dmarc_status ($dmarc_status_text) for $dmarc_used_domain${if eq{$dmarc_domain_policy}{}{}{ (policy: $dmarc_domain_policy)}} set acl_m_quarantine = 1 # Do something in a transport with this flag variable warn ! authenticated = * ! hosts = +relay_from_hosts dmarc_status = none : off ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=$dmarc_status header.from=$dmarc_used_domain ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') log_message = DMARC status: $dmarc_status ($dmarc_status_text) for $dmarc_used_domain${if eq{$dmarc_domain_policy}{}{}{ (policy: $dmarc_domain_policy)}} #norecord No policy section in the DMARC record for this RFC5322.From field #nofrom Unable to determine the domain of the sender. #temperror Library error or dns error. warn ! authenticated = * ! hosts = +relay_from_hosts dmarc_status = !accept : !reject : !quarantine : !none : !off ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdmarc=$dmarc_status${if eq{$dmarc_domain_policy}{}{}{ (p=$dmarc_domain_policy)}} header.from=$dmarc_used_domain ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') log_message = DMARC status: $dmarc_status ($dmarc_status_text) for $dmarc_used_domain${if eq{$dmarc_domain_policy}{}{}{ (policy: $dmarc_domain_policy)}} ') dnl ifelse(SECTION, `ACL_CHECK_DATA', `')