2022-01-29 23:04:38 +01:00
DMARC Reporting done via Rspamd DMARC Module.
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
**Important:**
1. Change `example.com` , `mail.example.com` and `Example` to reflect your setup
2. DMARC reporting requires additional attention, especially over the first few days
3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME` :
- If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";`
- Set `email` equally, e.g. `email = "noreply-dmarc@example.com";`
4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces.
## Enable DMARC reporting
Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content:
```
reporting {
enabled = true;
email = 'noreply-dmarc@example.com';
domain = 'example.com';
org_name = 'Example';
helo = 'rspamd';
smtp = 'postfix';
smtp_port = 25;
from_name = 'Example DMARC Report';
msgid_from = 'rspamd.mail.example.com';
max_entries = 2k;
keys_expire = 2d;
}
```
2022-09-01 09:33:47 +02:00
Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory:
2022-01-29 23:04:38 +01:00
```
version: '2.1'
services:
rspamd-mailcow:
environment:
- MASTER=${MASTER:-y}
labels:
ofelia.enabled: "true"
2022-11-08 11:41:43 +01:00
ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "@every 24h"
ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>& 1 || exit 0\""
2022-01-29 23:04:38 +01:00
ofelia-mailcow:
depends_on:
- rspamd-mailcow
```
2023-01-09 15:44:30 +01:00
Start the mailcow stack with:
=== "docker compose (Plugin)"
``` bash
docker compose up -d
```
=== "docker-compose (Standalone)"
``` bash
docker-compose up -d
```
2022-01-29 23:04:38 +01:00
## Send a copy reports to yourself
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf` :
```
reporting {
enabled = true;
email = 'noreply-dmarc@example.com';
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
[...]
```
Rspamd will load changes in real time, so you won't need to restart the container at this point.
This can be useful if you...
- ...want to check that your DMARC reports are sent correctly and authenticated.
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
## Troubleshooting
Check when the report schedule last ran:
2023-01-09 15:44:30 +01:00
=== "docker compose (Plugin)"
``` bash
docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
```
=== "docker-compose (Standalone)"
``` bash
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
```
2022-01-29 23:04:38 +01:00
See the latest report output:
2023-01-09 15:44:30 +01:00
=== "docker compose (Plugin)"
``` bash
docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
```
=== "docker-compose (Standalone)"
``` bash
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
```
2022-01-29 23:04:38 +01:00
Manually trigger a DMARC report:
2023-01-09 15:44:30 +01:00
=== "docker compose (Plugin)"
2022-01-29 23:04:38 +01:00
2023-01-09 15:44:30 +01:00
``` bash
docker compose exec rspamd-mailcow rspamadm dmarc_report
```
=== "docker-compose (Standalone)"
``` bash
docker-compose exec rspamd-mailcow rspamadm dmarc_report
```
Validate that Rspamd has recorded data in Redis: Change `20220428` to date which you interested in.
=== "docker compose (Plugin)"
``` bash
docker compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
```
=== "docker-compose (Standalone)"
``` bash
docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
```
2022-01-29 23:04:38 +01:00
2022-04-28 09:50:13 +02:00
Take one of the lines from output you interested in and request it, f.e.:
2023-01-09 15:44:30 +01:00
=== "docker compose (Plugin)"
``` bash
docker compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
```
=== "docker-compose (Standalone)"
``` bash
docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
```
2022-01-29 23:04:38 +01:00
## Change DMARC reporting frequency
2022-11-09 01:01:48 +01:00
In the example above reports are sent once every 24 hours and send reports for yesterday. This will be okay for most setups.
2022-11-08 11:21:42 +01:00
2022-11-09 01:01:48 +01:00
If you have a large mail volume and want to run the DMARC reporting more than once a day you need create second schedule and run it with `dmarc_report $(date '+%Y%m%d')` to process the current day. You have to make sure that the first run on each day also processes the last report from the day before, so it needs to be started twice, one time with `$(date --date yesterday '+%Y%m%d')` at `0 5 0 * * *` (00:05 AM) and then with `$(date '+%Y%m%d')` with desired interval.
2022-01-29 23:04:38 +01:00
2022-10-23 16:41:00 +02:00
The Ofelia schedule has the same implementation as `cron` in Go, supported syntax described at [cron Documentation ](https://pkg.go.dev/github.com/robfig/cron )
2022-01-29 23:04:38 +01:00
To change schedule:
2022-11-08 11:21:42 +01:00
1. Edit `docker-compose.override.yml` :
```
version: '2.1'
services:
rspamd-mailcow:
environment:
- MASTER=${MASTER:-y}
labels:
ofelia.enabled: "true"
2022-11-09 01:01:48 +01:00
ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "0 5 0 * * *"
2022-11-08 11:41:43 +01:00
ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>& 1 || exit 0\""
2022-11-08 11:21:42 +01:00
ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: "@every 12h"
ofelia.job-exec.rspamd_dmarc_reporting_today.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>& 1 || exit 0\""
ofelia-mailcow:
depends_on:
- rspamd-mailcow
```
2022-01-29 23:04:38 +01:00
2023-01-09 15:44:30 +01:00
2. Restart the desired containers with:
=== "docker compose (Plugin)"
``` bash
docker compose up -d
```
2022-01-29 23:04:38 +01:00
2023-01-09 15:44:30 +01:00
=== "docker-compose (Standalone)"
``` bash
docker-compose up -d
```
3. Restart the ofelia container only:
=== "docker compose (Plugin)"
``` bash
docker compose restart ofelia-mailcow
```
=== "docker-compose (Standalone)"
``` bash
docker-compose restart ofelia-mailcow
```
2022-01-29 23:04:38 +01:00
## Disable DMARC Reporting
To disable reporting:
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
2022-09-01 09:33:47 +02:00
2. Revert changes done in `docker-compose.override.yml` to `rspamd-mailcow` and `ofelia-mailcow`
2022-01-29 23:04:38 +01:00
2023-01-09 15:44:30 +01:00
3. Restart the desired containers with:
=== "docker compose (Plugin)"
``` bash
docker compose up -d
```
=== "docker-compose (Standalone)"
``` bash
docker-compose up -d
```
