DMARC Reporting
+ +DMARC Reporting done via Rspamd DMARC Module.
+Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
+Important:
+-
+
-
+
Change
+example.com,mail.example.comandExampleto reflect your setup
+ -
+
DMARC reporting requires additional attention, especially over the first few days
+
+ -
+
All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your
+MAILCOW_HOSTNAME:-
+
- If your
MAILCOW_HOSTNAMEismail.example.comchange the following config todomain = "example.com";
+ - Set
emailequally, e.g.email = "noreply-dmarc@example.com";
+
+ - If your
-
+
It is optional but recommended to create an email user
+noreply-dmarcin mailcow to handle bounces.
+
Enable DMARC reporting¶
+-
+
- Create the file
data/conf/rspamd/local.d/dmarc.confand set the following content:
+
reporting {
+ enabled = true;
+ email = 'noreply-dmarc@example.com';
+ domain = 'example.com';
+ org_name = 'Example';
+ helo = 'rspamd';
+ smtp = 'postfix';
+ smtp_port = 25;
+ from_name = 'Example DMARC Report';
+ msgid_from = 'rspamd.mail.example.com';
+ max_entries = 2k;
+ keys_expire = 2d;
+}
+-
+
- Create or modify
docker-compose.override.ymlin the mailcow-dockerized base directory:
+
version: '2.1'
+
+services:
+ rspamd-mailcow:
+ environment:
+ - MASTER=${MASTER:-y}
+ labels:
+ ofelia.enabled: "true"
+ ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"
+ ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
+ ofelia-mailcow:
+ depends_on:
+ - rspamd-mailcow
+-
+
- Run
docker-compose up -d
+
Send a copy reports to yourself¶
+To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:
reporting {
+ enabled = true;
+ email = 'noreply-dmarc@example.com';
+ bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
+[...]
+Rspamd will load changes in real time, so you won't need to restart the container at this point.
+This can be useful if you...
+-
+
- ...want to check that your DMARC reports are sent correctly and authenticated. +
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems. +
Troubleshooting¶
+Check when the report schedule last ran:
+docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
+See the latest report output:
+docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
+Manually trigger a DMARC report:
+docker-compose exec rspamd-mailcow rspamadm dmarc_report
+Validate that Rspamd has recorded data in Redis:
+docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
+docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
+Change DMARC reporting frequency¶
+In the example above reports are sent once every 24 hours. You may want to change that interval:
+-
+
-
+
Edit
+docker-compose.override.ymland a djustofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"to a desired value.
+ -
+
Run
+docker-compose up -d
+ -
+
Run
+docker-compose restart ofelia-mailcow
+
Disable DMARC Reporting¶
+To disable reporting:
+-
+
-
+
Set
+enabledtofalseindata/conf/rspamd/local.d/dmarc.conf
+ -
+
Revert changes done to
+docker-compose.override.yml
+ -
+
Run
+docker-compose up -d
+