Update OpenDMARC to ensure that mail is quarantined or rejected

python-discord · Aug 4, 2024 · 210974d · 210974d
1 parent 09982a6
commit 210974d
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/ansible/roles/opendmarc/handlers/main.yml b/ansible/roles/opendmarc/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: Reload OpenDMARC
+- name: Restart OpenDMARC
   service:
     name: opendmarc
-    state: reloaded
+    state: restarted
diff --git a/ansible/roles/opendmarc/tasks/main.yml b/ansible/roles/opendmarc/tasks/main.yml
@@ -27,4 +27,4 @@
   tags:
     - role::opendmarc
   notify:
-    - Reload OpenDMARC
+    - Restart OpenDMARC
diff --git a/ansible/roles/opendmarc/templates/opendmarc.conf.j2 b/ansible/roles/opendmarc/templates/opendmarc.conf.j2
@@ -17,17 +17,17 @@ IgnoreAuthenticatedClients true
 # IgnoreHosts /etc/opendmarc/ignore.hosts
 
 RejectFailures true
+HoldQuarantinedMessages true
+
 ReportCommand /usr/sbin/sendmail -t
 RequiredHeaders true
 Socket inet:8893@localhost
 SoftwareHeader true
 SPFIgnoreResults false
-TrustedAuthservIDs HOSTNAME
+TrustedAuthservIDs {{ opendmarc_authserv_id }}
 PidFile /run/opendmarc/opendmarc.pid
 
 PublicSuffixList /usr/share/publicsuffix/public_suffix_list.dat
 
-TrustedAuthservIDs HOSTNAME
-
 UMask 0002
 UserID opendmarc
diff --git a/ansible/roles/opendmarc/vars/main.yml b/ansible/roles/opendmarc/vars/main.yml
@@ -2,4 +2,4 @@
 opendmarc_failures: "[email protected]"
 opendmarc_failure_reports: "[email protected]"
 opendmarc_failure_reports_from: "[email protected]"
-opendmarc_authserv_id: "PyDisDMARC"
+opendmarc_authserv_id: "mail.pydis.wtf"