・OpenDMARC のインストール

[root@alma]# dnf -y install --enablerepo=epel opendmarc

・/etc/opendmarc.confの設定

[root@alma]# vi /etc/opendmarc.conf

≪ 途中省略 ≫

## AuthservID (string)
## defaults to MTA name
##
## Sets the "authserv-id" to use when generating the Authentication-Results:
## header field after verifying a message. If the string "HOSTNAME" is
## provided, the name of the host running the filter (as returned by the
## gethostname(3) function) will be used.
#
# AuthservID name
※以下追記（認証結果をメールヘッダーに記述する時の名前）
AuthservID HOSTNAME

≪ 途中省略 ≫

## RejectFailures { true | false }
## default "false"
##
## If set, messages will be rejected if they fail the DMARC evaluation, or
## temp-failed if evaluation could not be completed. By default, no message
## will be rejected or temp-failed regardless of the outcome of the DMARC
## evaluation of the message. Instead, an Authentication-Results header
## field will be added.
#
# RejectFailures false
↓※コメント解除して書き換え（ポリシーリジェクト設定）
RejectFailures true

≪ 途中省略 ≫

## Socket socketspec
## default (none)
##
## Specifies the socket that should be established by the filter to receive
## connections from sendmail(8) in order to provide service. socketspec is
## in one of two forms: local:path, which creates a UNIX domain socket at
## the specified path, or inet:port[@host] or inet6:port[@host] which creates
## a TCP socket on the specified port for the appropriate protocol family.
## If the host is not given as either a hostname or an IP address, the
## socket will be listening on all interfaces. This option is mandatory
## either in the configuration file or on the command line. If an IP
## address is used, it must be enclosed in square brackets.
#
Socket local:/run/opendmarc/opendmarc.sock
↓※書き換え（ソケット通信解除してポート指定）
Socket inet:8893@127.0.0.1

≪ 途中省略 ≫

## TrustedAuthservIDs string
## default HOSTNAME
## Specifies one or more "authserv-id" values to trust as relaying true
## upstream DKIM and SPF results. The default is to use the name of
## the MTA processing the message. To specify a list, separate each entry
## with a comma. The key word "HOSTNAME" will be replaced by the name of
## the host running the filter as reported by the gethostname(3) function.
#
# TrustedAuthservIDs HOSTNAME
↓※コメント解除して書き換え（メールサーバー名指定）
TrustedAuthservIDs mail.papa-net.com

≪ 以下文末に追記 ≫

# SPFの結果がヘッダーにない場合SPFチェックを実行
SPFSelfValidate true

# SMTP AUTHで認証済みのクライアントからのメールはDMARCのチェックを実行しない
IgnoreAuthenticatedClients true

# RFC5322に準拠していないメールヘッダーは拒否
RequiredHeaders true

・/etc/postfix/main.cf の設定

[root@alma]# vi /etc/postfix/main.cf

≪ 途中省略 ≫

virtual_maps = hash:/etc/postfix/virtual

smtpd_milters = inet:127.0.0.1:8891
↓※追記（ポートの追加）
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

≪ 以下省略 ≫