From 13ee064707a3b0771b527da3596dab171d7d3395 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Thu, 24 Sep 2020 19:44:28 +0300 Subject: [PATCH 01/12] Add DMARC Reporting --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index 92e56d69a..86d4f81fe 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -32,6 +32,7 @@ nav: - 'Untrust RFC 1918': 'firststeps-rfc-1918.md' - 'Advanced SSL': 'firststeps-ssl.md' - 'Rspamd UI': 'firststeps-rspamd_ui.md' + - 'DMARC Reporting': 'firststeps-dmarc_reporting.md' - 'Reverse Proxy': 'firststeps-rp.md' - 'SNAT': 'firststeps-snat.md' - 'Disable IPv6': 'firststeps-disable_ipv6.md' From 1f8f8ed98b8873838c719b5e26c776bad718f5b9 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Thu, 24 Sep 2020 21:49:33 +0300 Subject: [PATCH 02/12] Create firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 53 ++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 docs/firststeps-dmarc_reporting.md diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md new file mode 100644 index 000000000..d6727b48a --- /dev/null +++ b/docs/firststeps-dmarc_reporting.md @@ -0,0 +1,53 @@ +DMARC Reporting done via Rspamd DMARC Module. + +Offical configuration options and documentation can be found here: https://rspamd.com/doc/modules/dmarc.html + +**Important:** +1. Before use config examples from this document please adjust them, change `example.com` and `Example` to your actual data +2. DMARC reporting require additional attention, especially at first days +3. Your reports for all server will be send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, f.e: + - if your `MAILCOW_HOSTNAME=mail.example.com` then Reporting `domain = "example.com";` + - set `email` from same domain also, `email = "noreply-dmarc@example.com";` +4. This optional, but recomended step: create `noreply-dmarc` email user in mailcow to handle bounces. + - Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain + - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, f.e: `noreply` and add action: Discard the message and save filter + - In case you plan to resend a copy of reports to yourself: you need add condition to previous filter example `From is not noreply-dmarc@example.com` + +## Enable DMARC Reports +Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: +``` +reporting = true; +send_reports = true; +report_settings { + org_name = "Example"; + domain = "example.com"; + email = "noreply-dmarc@example.com"; + from_name = "Example DMARC Report"; + smtp = "postfix"; + smtp_port = 25; + helo = "rspamd"; + retries = 3; + hscan_count = 1500 +} +``` + +## Disable DMARC Reports +To disable reports set `send_reports` to `false` + +## Send a copy reports to yourself +To get copy of own generated reports you can add `additional_address = "noreply-dmarc@pnnsoft.com";` in `report_settings` section. +This useful in case: +- you want to check that your DMARC Reports send correctly, e.g.: check that they signed by DKIM, etc. +- you want to analyze own reports to get statics data, f.e: use with ParseDMARC or other analytic system + +## DMARC Force actions +This module also allows to enable force actions based on sender DMARC policy to reject or quarantine emails which has failed policy. +This good from security point, but not allow whitelist broken senders. This up to your choice enable it or not. + +To enable it, add to end of `data/conf/rspamd/local.d/dmarc.conf`: +``` +actions { + quarantine = "add_header"; + reject = "reject"; +} +``` From f86aed6d89580ba951e27410b74ef497a05c7b41 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 26 Sep 2020 12:23:14 +0300 Subject: [PATCH 03/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index d6727b48a..cedf5ce6e 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -40,6 +40,11 @@ This useful in case: - you want to check that your DMARC Reports send correctly, e.g.: check that they signed by DKIM, etc. - you want to analyze own reports to get statics data, f.e: use with ParseDMARC or other analytic system +**Important:** + +Future `additional_address_bcc` is broken, lead to not sending reports to `additional_address` even while it `false`. +Do not add this option to `dmarc.conf` till bug https://github.com/rspamd/rspamd/issues/3465 will be resolved and fixed version will be used in mailcow. + ## DMARC Force actions This module also allows to enable force actions based on sender DMARC policy to reject or quarantine emails which has failed policy. This good from security point, but not allow whitelist broken senders. This up to your choice enable it or not. From 6ef4a3099c4d85ea5436372c41fa2c86a835fdf6 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Wed, 2 Dec 2020 20:20:08 +0200 Subject: [PATCH 04/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index cedf5ce6e..3da9f813f 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -47,9 +47,9 @@ Do not add this option to `dmarc.conf` till bug https://github.com/rspamd/rspamd ## DMARC Force actions This module also allows to enable force actions based on sender DMARC policy to reject or quarantine emails which has failed policy. -This good from security point, but not allow whitelist broken senders. This up to your choice enable it or not. +This good from security point, but not allow whitelist broken senders. Better avoid using this option. -To enable it, add to end of `data/conf/rspamd/local.d/dmarc.conf`: +If you still want to enable it, add to end of `data/conf/rspamd/local.d/dmarc.conf`: ``` actions { quarantine = "add_header"; From cef82d96137568cd1da2d435b739fb15913f226e Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Fri, 4 Dec 2020 16:23:28 +0200 Subject: [PATCH 05/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 3da9f813f..8ce3d6144 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -14,7 +14,7 @@ Offical configuration options and documentation can be found here: https://rspam - In case you plan to resend a copy of reports to yourself: you need add condition to previous filter example `From is not noreply-dmarc@example.com` ## Enable DMARC Reports -Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: +1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: ``` reporting = true; send_reports = true; @@ -30,6 +30,8 @@ report_settings { hscan_count = 1500 } ``` +2. Create required `dmarc_reports_last_sent` file: +`docker-compose exec rspamd-mailcow bash -c "touch /var/lib/rspamd/dmarc_reports_last_sent; chown 101:101 /var/lib/rspamd/dmarc_reports_last_sent; chmod 644 /var/lib/rspamd/dmarc_reports_last_sent"` ## Disable DMARC Reports To disable reports set `send_reports` to `false` From a23fae01d52d98dcee4897fc7e8e404297f3bf3e Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Fri, 4 Dec 2020 16:25:04 +0200 Subject: [PATCH 06/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 8ce3d6144..d14a8a2a5 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -32,6 +32,8 @@ report_settings { ``` 2. Create required `dmarc_reports_last_sent` file: `docker-compose exec rspamd-mailcow bash -c "touch /var/lib/rspamd/dmarc_reports_last_sent; chown 101:101 /var/lib/rspamd/dmarc_reports_last_sent; chmod 644 /var/lib/rspamd/dmarc_reports_last_sent"` +3. Restart rspamd container: +`docker-compose restart rspamd-mailcow` ## Disable DMARC Reports To disable reports set `send_reports` to `false` From 68f269a96bfe145eaeccfd510fcc4427657a7efb Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Fri, 4 Dec 2020 16:25:40 +0200 Subject: [PATCH 07/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index d14a8a2a5..e142e7ffd 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -36,7 +36,7 @@ report_settings { `docker-compose restart rspamd-mailcow` ## Disable DMARC Reports -To disable reports set `send_reports` to `false` +To disable reporting set `send_reports` to `false` and restart rspamd container ## Send a copy reports to yourself To get copy of own generated reports you can add `additional_address = "noreply-dmarc@pnnsoft.com";` in `report_settings` section. From 7ad7193d028c449661326cb6762108a828e46b4b Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Fri, 4 Dec 2020 16:48:06 +0200 Subject: [PATCH 08/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index e142e7ffd..ad1336ab7 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -51,7 +51,7 @@ Do not add this option to `dmarc.conf` till bug https://github.com/rspamd/rspamd ## DMARC Force actions This module also allows to enable force actions based on sender DMARC policy to reject or quarantine emails which has failed policy. -This good from security point, but not allow whitelist broken senders. Better avoid using this option. +This good from security point, but it can lead of rejecting of forwarded email and not allow whitelist broken senders. Better **avoid** using this option. If you still want to enable it, add to end of `data/conf/rspamd/local.d/dmarc.conf`: ``` From 7c953ae4aa1c75dc9dceee820b8fa94061f323a1 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 28 Aug 2021 16:26:19 +0300 Subject: [PATCH 09/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 87 +++++++++++++++++------------- 1 file changed, 51 insertions(+), 36 deletions(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index ad1336ab7..5a78ddec0 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -1,62 +1,77 @@ DMARC Reporting done via Rspamd DMARC Module. -Offical configuration options and documentation can be found here: https://rspamd.com/doc/modules/dmarc.html +Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html **Important:** -1. Before use config examples from this document please adjust them, change `example.com` and `Example` to your actual data +1. Before use examples bellow, change `example.com`, `mail.example.com` and `Example` to your actual data 2. DMARC reporting require additional attention, especially at first days 3. Your reports for all server will be send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, f.e: - if your `MAILCOW_HOSTNAME=mail.example.com` then Reporting `domain = "example.com";` - set `email` from same domain also, `email = "noreply-dmarc@example.com";` -4. This optional, but recomended step: create `noreply-dmarc` email user in mailcow to handle bounces. +4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces. - Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, f.e: `noreply` and add action: Discard the message and save filter - In case you plan to resend a copy of reports to yourself: you need add condition to previous filter example `From is not noreply-dmarc@example.com` -## Enable DMARC Reports +## Enable DMARC Reporting 1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: ``` -reporting = true; -send_reports = true; -report_settings { - org_name = "Example"; - domain = "example.com"; - email = "noreply-dmarc@example.com"; - from_name = "Example DMARC Report"; - smtp = "postfix"; +reporting { + enabled = true; + email = 'noreply-dmarc@example.com'; + domain = 'example.com'; + org_name = 'Example'; + helo = 'rspamd'; + smtp = 'postfix'; smtp_port = 25; - helo = "rspamd"; - retries = 3; - hscan_count = 1500 + from_name = 'Example DMARC Report'; + msgid_from = 'rspamd.mail.example.com'; + max_entries = 2k; + keys_expire = 2d; } ``` -2. Create required `dmarc_reports_last_sent` file: -`docker-compose exec rspamd-mailcow bash -c "touch /var/lib/rspamd/dmarc_reports_last_sent; chown 101:101 /var/lib/rspamd/dmarc_reports_last_sent; chmod 644 /var/lib/rspamd/dmarc_reports_last_sent"` -3. Restart rspamd container: -`docker-compose restart rspamd-mailcow` +2. Create `docker-compose.override.yml` or merge with your existing one: +``` +version: '2.1' -## Disable DMARC Reports -To disable reporting set `send_reports` to `false` and restart rspamd container +services: + rspamd-mailcow: + environment: + - MASTER=${MASTER:-y} + labels: + ofelia.enabled: "true" + ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" + ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" + ofelia-mailcow: + depends_on: + - rspamd-mailcow +``` +3. Run `docker-compose up -d` ## Send a copy reports to yourself -To get copy of own generated reports you can add `additional_address = "noreply-dmarc@pnnsoft.com";` in `report_settings` section. +To recieve a hidden copy of reports generated by Rspamd you can set a list of comma-separated emails via `bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];` in `reporting` section. + +Rspamd will load changes in runtime, no need to restart it. + This useful in case: - you want to check that your DMARC Reports send correctly, e.g.: check that they signed by DKIM, etc. - you want to analyze own reports to get statics data, f.e: use with ParseDMARC or other analytic system -**Important:** +## Troubleshooting +You can check: +1. Run `docker-compose exec rspamd-mailcow ls -lah /var/lib/rspamd/dmarc_reports_last_log` to check when file was been modified last time +2. Do `docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log` to check last report output +3. Manually trigger sending of DMARC reports via `rspamd-mailcow rspamadm dmarc_report` and check the output +4. Validate that Rspamd has recorded data in Redis via `docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'` and then run `docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;date"` -Future `additional_address_bcc` is broken, lead to not sending reports to `additional_address` even while it `false`. -Do not add this option to `dmarc.conf` till bug https://github.com/rspamd/rspamd/issues/3465 will be resolved and fixed version will be used in mailcow. +## Change DMARC Reporting Frequency +In the example above reports are send once a 24 hours. To change this behaviour: +1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml` +2. Run `docker-compose up -d` +3. Run `docker-compose restart ofelia-mailcow` -## DMARC Force actions -This module also allows to enable force actions based on sender DMARC policy to reject or quarantine emails which has failed policy. -This good from security point, but it can lead of rejecting of forwarded email and not allow whitelist broken senders. Better **avoid** using this option. - -If you still want to enable it, add to end of `data/conf/rspamd/local.d/dmarc.conf`: -``` -actions { - quarantine = "add_header"; - reject = "reject"; -} -``` +## Disable DMARC Reporting +To disable reporting: +1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf` +2. Revert changes done to `docker-compose.override.yml` +3. Run `docker-compose up -d` From 8ceb2764959e1f00886c6116f2d2a052249cecc2 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 28 Aug 2021 19:23:49 +0300 Subject: [PATCH 10/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 58 +++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 5a78ddec0..7c78c201a 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -3,18 +3,18 @@ DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html **Important:** -1. Before use examples bellow, change `example.com`, `mail.example.com` and `Example` to your actual data -2. DMARC reporting require additional attention, especially at first days -3. Your reports for all server will be send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, f.e: - - if your `MAILCOW_HOSTNAME=mail.example.com` then Reporting `domain = "example.com";` - - set `email` from same domain also, `email = "noreply-dmarc@example.com";` +1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup +2. DMARC reporting requires additional attention, especially over the first few days +3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example: + - if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";` + - set `email` from the same domain also, `email = "noreply-dmarc@example.com";` 4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces. - Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain - - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, f.e: `noreply` and add action: Discard the message and save filter - - In case you plan to resend a copy of reports to yourself: you need add condition to previous filter example `From is not noreply-dmarc@example.com` + - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter + - In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com` ## Enable DMARC Reporting -1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: +1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to: ``` reporting { enabled = true; @@ -49,20 +49,44 @@ services: 3. Run `docker-compose up -d` ## Send a copy reports to yourself -To recieve a hidden copy of reports generated by Rspamd you can set a list of comma-separated emails via `bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];` in `reporting` section. +To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section. -Rspamd will load changes in runtime, no need to restart it. +``` +reporting { + enabled = true; + email = 'noreply-dmarc@example.com'; + bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; +... +``` + +Rspamd will load changes in real time, no need to restart it. This useful in case: -- you want to check that your DMARC Reports send correctly, e.g.: check that they signed by DKIM, etc. -- you want to analyze own reports to get statics data, f.e: use with ParseDMARC or other analytic system +- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc. +- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system ## Troubleshooting -You can check: -1. Run `docker-compose exec rspamd-mailcow ls -lah /var/lib/rspamd/dmarc_reports_last_log` to check when file was been modified last time -2. Do `docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log` to check last report output -3. Manually trigger sending of DMARC reports via `rspamd-mailcow rspamadm dmarc_report` and check the output -4. Validate that Rspamd has recorded data in Redis via `docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'` and then run `docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;date"` + +Check when the report schedule last ran +``` +docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log +``` + +See last report output +``` +docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log +``` + +Manually Trigger DMARC report +``` +docker-compose exec rspamd-mailcow rspamadm dmarc_report +``` + +Validate that Rspamd has recorded data in Redis +``` +docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' +docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231" +``` ## Change DMARC Reporting Frequency In the example above reports are send once a 24 hours. To change this behaviour: From 28c3f0ffe0df4a0ac6d12388ed8b37db213e652e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 18 Sep 2021 17:06:31 +0200 Subject: [PATCH 11/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 64 +++++++++++++++++++----------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 7c78c201a..263358efb 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -3,18 +3,17 @@ DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html **Important:** -1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup +1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup 2. DMARC reporting requires additional attention, especially over the first few days -3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example: - - if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";` - - set `email` from the same domain also, `email = "noreply-dmarc@example.com";` -4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces. - - Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain - - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter - - In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com` +3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`: + - If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";` + - Set `email` equally, e.g. `email = "noreply-dmarc@example.com";` +4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces. + +## Enable DMARC reporting + +1. Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content: -## Enable DMARC Reporting -1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to: ``` reporting { enabled = true; @@ -30,7 +29,9 @@ reporting { keys_expire = 2d; } ``` -2. Create `docker-compose.override.yml` or merge with your existing one: + +2. Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory: + ``` version: '2.1' @@ -46,56 +47,71 @@ services: depends_on: - rspamd-mailcow ``` + 3. Run `docker-compose up -d` ## Send a copy reports to yourself -To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section. + +To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf`: ``` reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; -... +[...] ``` -Rspamd will load changes in real time, no need to restart it. +Rspamd will load changes in real time, so you won't need to restart the container at this point. -This useful in case: -- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc. -- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system +This can be useful if you... + +- ...want to check that your DMARC reports are sent correctly and authenticated. +- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems. ## Troubleshooting -Check when the report schedule last ran +Check when the report schedule last ran: + ``` docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log ``` -See last report output +See the latest report output: + ``` docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log ``` -Manually Trigger DMARC report +Manually trigger a DMARC report: + ``` docker-compose exec rspamd-mailcow rspamadm dmarc_report ``` -Validate that Rspamd has recorded data in Redis +Validate that Rspamd has recorded data in Redis: + ``` docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231" ``` -## Change DMARC Reporting Frequency -In the example above reports are send once a 24 hours. To change this behaviour: -1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml` +## Change DMARC reporting frequency + +In the example above reports are sent once every 24 hours. You may want to change that interval: + +1. Edit `docker-compose.override.yml` and a djust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to a desired value. + 2. Run `docker-compose up -d` + 3. Run `docker-compose restart ofelia-mailcow` ## Disable DMARC Reporting + To disable reporting: + 1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf` + 2. Revert changes done to `docker-compose.override.yml` + 3. Run `docker-compose up -d` From 3421da47be3ffe5f7aeb2e64440e4124d0119257 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 18 Sep 2021 17:06:52 +0200 Subject: [PATCH 12/12] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 263358efb..aabfdb229 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -3,11 +3,15 @@ DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html **Important:** + 1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup + 2. DMARC reporting requires additional attention, especially over the first few days + 3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`: - If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";` - Set `email` equally, e.g. `email = "noreply-dmarc@example.com";` + 4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces. ## Enable DMARC reporting