tempfail with opendkim and opendmark, and postfix

From: Steve Bergman <sbergman27_at_gmail.com>
Date: Thu, 6 Sep 2018 09:30:27 -0500

I've set up opendkim and opendmarc to integrate with postfix.  All stock
from Debian 9.

My question is... how does this combo handle "tempfail"? For example,
when the "OnSecurity" condition is triggered, which defaults to "tempfail"?
I have not been able to find an  answer in the documentation or by
Googling this mailing list.

Thanks for any insights,
Steve Bergman

-----

Versions:

postfix 3.1.8-0+deb9u1
opendkim 2.11.0~alpha-10+deb9u1
opendmarc 1.3.2-2+deb9u1

-----

/etc/opendkim.conf:

Syslog            yes
UMask            007
Mode              sv
KeyTable         /etc/opendkim/keytable
SigningTable   refile:/etc/opendkim/signingtable
Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock
PidFile            /var/run/opendkim/opendkim.pid
OversignHeaders  From
TrustAnchorFile     /usr/share/dns/root.key
UserID                  opendkim
On-BadSignature  r

-----

/etc/opendmarc.conf:

PidFile /var/run/opendmarc/opendmarc.pid
RejectFailures false
Socket local:/var/run/opendmarc/opendmarc.sock
Syslog true
UMask 0002
SPFSelfValidate true
UserID opendmarc
PublicSuffixList /usr/share/publicsuffix/
RejectFailures true
IgnoreAuthenticatedClients true

---
Relevant portion of postconf -n:
smtpd_milters = unix:/spamass/spamass.sock 
unix:/clamav/clamav-milter.ctl unix:/var/run/opendkim/opendkim.sock 
unix:/opendmarc/opendmarc.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock 
unix:/opendmarc/opendmarc.sock
---
Complete postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
message_size_limit = 30720000
milter_connect_macros = i j {daemon_name} v {if_name} _
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} 
{auth_authen} {auth_type}
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mydomain = domainconcealed.com
myhostname = mail.domainconcealed.com
mynetworks = 127.0.0.0/8, 192.168.214.0/24
myorigin = $mydomain
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock 
unix:/opendmarc/opendmarc.sock
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_milters = unix:/spamass/spamass.sock 
unix:/clamav/clamav-milter.ctl unix:/var/run/opendkim/opendkim.sock 
unix:/opendmarc/opendmarc.sock
smtpd_recipient_restrictions = 
permit_auth_destination,permit_sasl_authenticated,reject_unauth_destination
smtpd_relay_restrictions = permit_sasl_authenticated 
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
virtual_alias_domains = virtdomainconcealed.com
virtual_alias_maps = hash:/etc/postfix/virtual

Received on Thu Sep 06 2018 - 14:30:43 PST