Update firststeps-dmarc_reporting.md
Dieser Commit ist enthalten in:
André Peters
GitHub
Ursprung
8ceb276495
Commit
28c3f0ffe0
1 geänderte Dateien mit 40 neuen und 24 gelöschten Zeilen
|
|
@ -3,18 +3,17 @@ DMARC Reporting done via Rspamd DMARC Module.
|
|||
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
|
||||
|
||||
**Important:**
|
||||
1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup
|
||||
1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup
|
||||
2. DMARC reporting requires additional attention, especially over the first few days
|
||||
3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example:
|
||||
- if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";`
|
||||
- set `email` from the same domain also, `email = "noreply-dmarc@example.com";`
|
||||
4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces.
|
||||
- Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain
|
||||
- In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter
|
||||
- In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com`
|
||||
3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`:
|
||||
- If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";`
|
||||
- Set `email` equally, e.g. `email = "noreply-dmarc@example.com";`
|
||||
4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces.
|
||||
|
||||
## Enable DMARC reporting
|
||||
|
||||
1. Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content:
|
||||
|
||||
## Enable DMARC Reporting
|
||||
1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to:
|
||||
```
|
||||
reporting {
|
||||
enabled = true;
|
||||
|
|
@ -30,7 +29,9 @@ reporting {
|
|||
keys_expire = 2d;
|
||||
}
|
||||
```
|
||||
2. Create `docker-compose.override.yml` or merge with your existing one:
|
||||
|
||||
2. Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory:
|
||||
|
||||
```
|
||||
version: '2.1'
|
||||
|
||||
|
|
@ -46,56 +47,71 @@ services:
|
|||
depends_on:
|
||||
- rspamd-mailcow
|
||||
```
|
||||
|
||||
3. Run `docker-compose up -d`
|
||||
|
||||
## Send a copy reports to yourself
|
||||
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section.
|
||||
|
||||
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf`:
|
||||
|
||||
```
|
||||
reporting {
|
||||
enabled = true;
|
||||
email = 'noreply-dmarc@example.com';
|
||||
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
|
||||
...
|
||||
[...]
|
||||
```
|
||||
|
||||
Rspamd will load changes in real time, no need to restart it.
|
||||
Rspamd will load changes in real time, so you won't need to restart the container at this point.
|
||||
|
||||
This useful in case:
|
||||
- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc.
|
||||
- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system
|
||||
This can be useful if you...
|
||||
|
||||
- ...want to check that your DMARC reports are sent correctly and authenticated.
|
||||
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
Check when the report schedule last ran
|
||||
Check when the report schedule last ran:
|
||||
|
||||
```
|
||||
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
|
||||
```
|
||||
|
||||
See last report output
|
||||
See the latest report output:
|
||||
|
||||
```
|
||||
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
|
||||
```
|
||||
|
||||
Manually Trigger DMARC report
|
||||
Manually trigger a DMARC report:
|
||||
|
||||
```
|
||||
docker-compose exec rspamd-mailcow rspamadm dmarc_report
|
||||
```
|
||||
|
||||
Validate that Rspamd has recorded data in Redis
|
||||
Validate that Rspamd has recorded data in Redis:
|
||||
|
||||
```
|
||||
docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
|
||||
docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
|
||||
```
|
||||
|
||||
## Change DMARC Reporting Frequency
|
||||
In the example above reports are send once a 24 hours. To change this behaviour:
|
||||
1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml`
|
||||
## Change DMARC reporting frequency
|
||||
|
||||
In the example above reports are sent once every 24 hours. You may want to change that interval:
|
||||
|
||||
1. Edit `docker-compose.override.yml` and a djust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to a desired value.
|
||||
|
||||
2. Run `docker-compose up -d`
|
||||
|
||||
3. Run `docker-compose restart ofelia-mailcow`
|
||||
|
||||
## Disable DMARC Reporting
|
||||
|
||||
To disable reporting:
|
||||
|
||||
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
|
||||
|
||||
2. Revert changes done to `docker-compose.override.yml`
|
||||
|
||||
3. Run `docker-compose up -d`
|
||||
|
|
|
|||
Laden …
In neuem Issue referenzieren