Hi everyone,
I'm currently giving DMARC a try and I'm wondering how to use it within
my setup.
The domains that are hosted on my exim4u based installation all use
mail.foo.tld as their imap and smtp server.
That is because I require my customers to use SSL/TLS connections and
this way I only have to manage one central certificate.
All domains have their SPF records and hostname.foo.tld has a valid DKIM
record.
So far so good.
But: DMARC (as far as I understand the whole process) seems to check
each _domain_'s DKIM, right?
And the way exim4u works (again: as far as I understand it) it's the
server's DKIM that used to sign outgoing mail.
I signed up for dmarcian.com's DMARC reports -a service that collects
and analyzes your DMARC reports- and it tells me that all domains (but
foo.tld) lack DKIM signature.
I've set the DMARC policy to "none" for every domain so that shouldn't
be a major problem for now.
Still I'm wondering if there's a way to setup exim4u to sign mails using
the domain's DKIM, not the server's.
Has anyone experience using DMARC? With or without exim4u?
Am I missing something?
Any tips or hints are highly appreciated.
thanks,
Mika
Right now I am using system filter to deal with some bad senders and
sender_domains, but I am wondering if we can have such functionality
included in the main exim.conf with the option of adding the sender
addresses and sender domains in files in /etc/exim/some-files.
I love keeping my exim.conf as close to the one in the distro as possible,
but for some reason I don't see the most appropriate place in exim.conf to
insert the rules, such as:
deny message = Users have complained that you send unsolicited
mail.\n\You're therefore blacklisted.\n\
Please contact abuse(a)crownkenya.com
senders = ${if exists
{/etc/exim/blacklisted_senders}{/etc/exim/blacklisted_senders}{}}
Thanks guys and have a great week.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
