Uses horrible mysql (my blog) for a database so i just looked at the milter.
Spf needs an ar header so you need to read a man page although that seems to be a bit buggy in debian stable although amavis (my blog) does ar.
It lives on 127.0.0.1:8893 and it appears all those it bloggers do not run opendmarc so there are not many blogs with bad information like for dkim although to call some bloggers technical is perhaps stretching things and many just rehashing not there content only for the advert views.
In debian the conf file is simple and examples can be found however while the software works not all options work.
Using jessie defaults seem to want one host one email server so if like the zoo you have five mta’s hanging off one piece of hardware your doing to need to do some work.
In an hour i got a working opendkim instance and plumbed it in and checking the plumbing was able to get messages in and out as before so i left it like that and see what happens in a weeks time.
Examples include auth and forensicreports Here is one error line
postfix/smtpd: warning: connect to Milter service inet:127.0.0.1:8893: Connection refused
I also notice with Header_Type = AR you get no spf line appended in the email that’s an unrelated problem with postfix-policyd-spf (my blog) probably that hinders opendmarc.
One site suggested you use the backports repo a suggestion i did not take up and some changes to postfix with extra headers (not ar).
I also created a history file and enabled it and that stubbornly recorded nothing even with a restart.
I will take a another look at opendmarc in the future but it strikes me as not worth the bother inbound and the mysql is off-putting. Could be wrong but that was what a weeks worth of activity recorded.
Email was signed with dkim and was sent and received so our email server was working during the time with the new milter.
This might be a compile it yourself thing for all i know at this stage in Debian or maybe i do not need it.