Update firststeps-dmarc_reporting.md
Dieser Commit ist enthalten in:
Ursprung
8ceb276495
Commit
28c3f0ffe0
1 geänderte Dateien mit 40 neuen und 24 gelöschten Zeilen
|
@ -3,18 +3,17 @@ DMARC Reporting done via Rspamd DMARC Module.
|
||||||
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
|
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
|
||||||
|
|
||||||
**Important:**
|
**Important:**
|
||||||
1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup
|
1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup
|
||||||
2. DMARC reporting requires additional attention, especially over the first few days
|
2. DMARC reporting requires additional attention, especially over the first few days
|
||||||
3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example:
|
3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`:
|
||||||
- if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";`
|
- If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";`
|
||||||
- set `email` from the same domain also, `email = "noreply-dmarc@example.com";`
|
- Set `email` equally, e.g. `email = "noreply-dmarc@example.com";`
|
||||||
4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces.
|
4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces.
|
||||||
- Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain
|
|
||||||
- In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter
|
## Enable DMARC reporting
|
||||||
- In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com`
|
|
||||||
|
1. Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content:
|
||||||
|
|
||||||
## Enable DMARC Reporting
|
|
||||||
1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to:
|
|
||||||
```
|
```
|
||||||
reporting {
|
reporting {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
|
@ -30,7 +29,9 @@ reporting {
|
||||||
keys_expire = 2d;
|
keys_expire = 2d;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
2. Create `docker-compose.override.yml` or merge with your existing one:
|
|
||||||
|
2. Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory:
|
||||||
|
|
||||||
```
|
```
|
||||||
version: '2.1'
|
version: '2.1'
|
||||||
|
|
||||||
|
@ -46,56 +47,71 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- rspamd-mailcow
|
- rspamd-mailcow
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Run `docker-compose up -d`
|
3. Run `docker-compose up -d`
|
||||||
|
|
||||||
## Send a copy reports to yourself
|
## Send a copy reports to yourself
|
||||||
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section.
|
|
||||||
|
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf`:
|
||||||
|
|
||||||
```
|
```
|
||||||
reporting {
|
reporting {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
email = 'noreply-dmarc@example.com';
|
email = 'noreply-dmarc@example.com';
|
||||||
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
|
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
|
||||||
...
|
[...]
|
||||||
```
|
```
|
||||||
|
|
||||||
Rspamd will load changes in real time, no need to restart it.
|
Rspamd will load changes in real time, so you won't need to restart the container at this point.
|
||||||
|
|
||||||
This useful in case:
|
This can be useful if you...
|
||||||
- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc.
|
|
||||||
- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system
|
- ...want to check that your DMARC reports are sent correctly and authenticated.
|
||||||
|
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
Check when the report schedule last ran
|
Check when the report schedule last ran:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
|
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
|
||||||
```
|
```
|
||||||
|
|
||||||
See last report output
|
See the latest report output:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
|
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
|
||||||
```
|
```
|
||||||
|
|
||||||
Manually Trigger DMARC report
|
Manually trigger a DMARC report:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose exec rspamd-mailcow rspamadm dmarc_report
|
docker-compose exec rspamd-mailcow rspamadm dmarc_report
|
||||||
```
|
```
|
||||||
|
|
||||||
Validate that Rspamd has recorded data in Redis
|
Validate that Rspamd has recorded data in Redis:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
|
docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
|
||||||
docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
|
docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Change DMARC Reporting Frequency
|
## Change DMARC reporting frequency
|
||||||
In the example above reports are send once a 24 hours. To change this behaviour:
|
|
||||||
1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml`
|
In the example above reports are sent once every 24 hours. You may want to change that interval:
|
||||||
|
|
||||||
|
1. Edit `docker-compose.override.yml` and a djust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to a desired value.
|
||||||
|
|
||||||
2. Run `docker-compose up -d`
|
2. Run `docker-compose up -d`
|
||||||
|
|
||||||
3. Run `docker-compose restart ofelia-mailcow`
|
3. Run `docker-compose restart ofelia-mailcow`
|
||||||
|
|
||||||
## Disable DMARC Reporting
|
## Disable DMARC Reporting
|
||||||
|
|
||||||
To disable reporting:
|
To disable reporting:
|
||||||
|
|
||||||
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
|
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
|
||||||
|
|
||||||
2. Revert changes done to `docker-compose.override.yml`
|
2. Revert changes done to `docker-compose.override.yml`
|
||||||
|
|
||||||
3. Run `docker-compose up -d`
|
3. Run `docker-compose up -d`
|
||||||
|
|
Laden …
In neuem Issue referenzieren