Update firststeps-dmarc_reporting.md

Dieser Commit ist enthalten in:
André Peters 2021-09-18 17:06:31 +02:00 committet von GitHub
Ursprung 8ceb276495
Commit 28c3f0ffe0
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 4AEE18F83AFDEB23

Datei anzeigen

@ -3,18 +3,17 @@ DMARC Reporting done via Rspamd DMARC Module.
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
**Important:** **Important:**
1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup 1. Change `example.com`, `mail.example.com` and `Example` to reflect your setup
2. DMARC reporting requires additional attention, especially over the first few days 2. DMARC reporting requires additional attention, especially over the first few days
3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example: 3. All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your `MAILCOW_HOSTNAME`:
- if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";` - If your `MAILCOW_HOSTNAME` is `mail.example.com` change the following config to `domain = "example.com";`
- set `email` from the same domain also, `email = "noreply-dmarc@example.com";` - Set `email` equally, e.g. `email = "noreply-dmarc@example.com";`
4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces. 4. It is optional but recommended to create an email user `noreply-dmarc` in mailcow to handle bounces.
- Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain
- In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter ## Enable DMARC reporting
- In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com`
1. Create the file `data/conf/rspamd/local.d/dmarc.conf` and set the following content:
## Enable DMARC Reporting
1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to:
``` ```
reporting { reporting {
enabled = true; enabled = true;
@ -30,7 +29,9 @@ reporting {
keys_expire = 2d; keys_expire = 2d;
} }
``` ```
2. Create `docker-compose.override.yml` or merge with your existing one:
2. Create or modify `docker-compose.override.yml` in the mailcow-dockerized base directory:
``` ```
version: '2.1' version: '2.1'
@ -46,56 +47,71 @@ services:
depends_on: depends_on:
- rspamd-mailcow - rspamd-mailcow
``` ```
3. Run `docker-compose up -d` 3. Run `docker-compose up -d`
## Send a copy reports to yourself ## Send a copy reports to yourself
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section.
To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in the `reporting` config section of `data/conf/rspamd/local.d/dmarc.conf`:
``` ```
reporting { reporting {
enabled = true; enabled = true;
email = 'noreply-dmarc@example.com'; email = 'noreply-dmarc@example.com';
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
... [...]
``` ```
Rspamd will load changes in real time, no need to restart it. Rspamd will load changes in real time, so you won't need to restart the container at this point.
This useful in case: This can be useful if you...
- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc.
- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system - ...want to check that your DMARC reports are sent correctly and authenticated.
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
## Troubleshooting ## Troubleshooting
Check when the report schedule last ran Check when the report schedule last ran:
``` ```
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
``` ```
See last report output See the latest report output:
``` ```
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
``` ```
Manually Trigger DMARC report Manually trigger a DMARC report:
``` ```
docker-compose exec rspamd-mailcow rspamadm dmarc_report docker-compose exec rspamd-mailcow rspamadm dmarc_report
``` ```
Validate that Rspamd has recorded data in Redis Validate that Rspamd has recorded data in Redis:
``` ```
docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231" docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
``` ```
## Change DMARC Reporting Frequency ## Change DMARC reporting frequency
In the example above reports are send once a 24 hours. To change this behaviour:
1. Adjust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to desired value in `docker-compose.override.yml` In the example above reports are sent once every 24 hours. You may want to change that interval:
1. Edit `docker-compose.override.yml` and a djust `ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"` to a desired value.
2. Run `docker-compose up -d` 2. Run `docker-compose up -d`
3. Run `docker-compose restart ofelia-mailcow` 3. Run `docker-compose restart ofelia-mailcow`
## Disable DMARC Reporting ## Disable DMARC Reporting
To disable reporting: To disable reporting:
1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf` 1. Set `enabled` to `false` in `data/conf/rspamd/local.d/dmarc.conf`
2. Revert changes done to `docker-compose.override.yml` 2. Revert changes done to `docker-compose.override.yml`
3. Run `docker-compose up -d` 3. Run `docker-compose up -d`