Docker Hub | GitHub Container Registry | Quay.io
OpenDMARC is a free open source software implementation of the DMARC (Domain-based Message Authentication, Reporting and Conformance) specification.
The OpenDMARC Docker image provides a milter-based filter application that can plug in to any milter-aware MTA to provide that service to sufficiently recent sendmail MTAs and other MTAs that support the milter protocol.
OpenDMARC is a unit of The Trusted Domain Project.
To run OpenDMARC milter application just start the container:
docker run -d -p 8893:8893 instrumentisto/opendmarc
To configure OpenDMARC you may use one of the following ways (but not both at the same time):
-
Drop-in files.
Put your configuration files (must end with.conf
) into/etc/opendmarc/conf.d/
directory. These files will be applied to default OpenDMARC configuration when container starts.docker run -d -p 8893:8893 \ -v /my/custom.conf:/etc/opendmarc/conf.d/10-custom.conf:ro \ instrumentisto/opendmarc
This way is convenient if you need only few changes to default configuration, or you want to keep different parts of configuration in different files.
-
Specify whole configuration.
Put your configuration fileopendmarc.conf
into/etc/opendmarc/
directory, so fully replace the default configuration file provided by image.docker run -d -p 8893:8893 \ -v /my/custom.conf:/etc/opendmarc/opendmarc.conf:ro \ instrumentisto/opendmarc
This way is convenient when it's easier to specify the whole configuration at once, rather than reconfigure default options.
To see default OpenDMARC configuration of this Docker image just run:
docker run --rm instrumentisto/opendmarc cat /etc/opendmarc/opendmarc.conf
This image comes with msmtp
MTA preinstalled, which can be used to send reports when requested via the ruf
tag inside a DMARC record.
For this to happen, in opendmarc.conf
set FailureReports true
and FailureReportsSentBy
to your (probably noreply
) sender address. Then, put an /etc/msmtprc
configuration file that looks like this:
defaults
logfile -
account default
host <SMTP host>
port <SMTP port>
from <sender address>
Apart from substituting your MTA hostname/port and your sender address (again), consider adding TLS and authentication if you're touching untrusted network. See the msmtp
man page for details.
Make sure to avoid mail loops, which can happen if processing a report mails violates its own DMARC rules, causing more reports.
As far as OpenDMARC writes its logs only to syslog
, the syslogd
process runs inside container as second side-process and is supervised with s6
supervisor provided by s6-overlay
project.
The syslogd
process of this image is configured to write everything to /dev/stdout
.
To change this behaviour just mount your own /etc/syslog.conf
file with desired log rules.
This image contains s6-overlay
inside. So you may use all the features it provides if you need to.
Latest tag of the latest major X
OpenDMARC version.
Latest tag of the latest minor X.Y
OpenDMARC version.
Latest tag of the concrete X.Y.Z
OpenDMARC version.
Concrete N
image revision tag of the concrete X.Y.Z
OpenDMARC version.
Once built, it's never updated.
This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.
This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.
OpenDMARC is licensed under BSD license.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
The sources for producing instrumentisto/opendmarc
Docker images are licensed under Blue Oak Model License 1.0.0.
We can't notice comments in the DockerHub (or other container registries) so don't use them for reporting issue or asking question.
If you have any problems with or questions about this image, please contact us through a GitHub issue.