Update firststeps-dmarc_reporting.md

Dieser Commit ist enthalten in:
André Peters 2021-09-18 17:06:31 +02:00 committet von GitHub
Ursprung 8ceb276495
Commit 28c3f0ffe0
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 4AEE18F83AFDEB23

Datei anzeigen

@ -3,18 +3,17 @@ DMARC Reporting done via Rspamd DMARC Module.
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
**Important:**
1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup
1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup
2. DMARC reporting requires additional attention, especially over the first few days
3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example:
- if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";`
- set `email` from the same domain also, `email = "noreply-dmarc@example.com";`
4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces.
- Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain
- In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter
- In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com`
3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`:
- If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";`
- Set `email` equally, e.g. `email = "noreply-dmarc@example.com";`
4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces.
## Enable DMARC reporting
1. Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content:
## Enable DMARC Reporting
1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to:
```
reporting {
enabled = true;
@ -30,7 +29,9 @@ reporting {
keys_expire = 2d;
}
```
2. Create `docker-compose.override.yml` or merge with your existing one:
2. Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory:
```
version: '2.1'
@ -46,56 +47,71 @@ services:
depends_on:
- rspamd-mailcow
```
3. Run `docker-compose up -d`
## Send a copy reports to yourself
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section.
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf`:
```
reporting {
enabled = true;
email = 'noreply-dmarc@example.com';
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
...
[...]
```
Rspamd will load changes in real time, no need to restart it.
Rspamd will load changes in real time, so you won't need to restart the container at this point.
This useful in case:
- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc.
- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system
This can be useful if you...
- ...want to check that your DMARC reports are sent correctly and authenticated.
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
## Troubleshooting
Check when the report schedule last ran
Check when the report schedule last ran:
```
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
```
See last report output
See the latest report output:
```
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
```
Manually Trigger DMARC report
Manually trigger a DMARC report:
```
docker-compose exec rspamd-mailcow rspamadm dmarc_report
```
Validate that Rspamd has recorded data in Redis
Validate that Rspamd has recorded data in Redis:
```
docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
```
## Change DMARC Reporting Frequency
In the example above reports are send once a 24 hours. To change this behaviour:
1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml`
## Change DMARC reporting frequency
In the example above reports are sent once every 24 hours. You may want to change that interval:
1. Edit `docker-compose.override.yml` and a djust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to a desired value.
2. Run `docker-compose up -d`
3. Run `docker-compose restart ofelia-mailcow`
## Disable DMARC Reporting
To disable reporting:
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
2. Revert changes done to `docker-compose.override.yml`
3. Run `docker-compose up -d`