From 8ceb2764959e1f00886c6116f2d2a052249cecc2 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 28 Aug 2021 19:23:49 +0300 Subject: [PATCH] Update firststeps-dmarc_reporting.md --- docs/firststeps-dmarc_reporting.md | 58 +++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/docs/firststeps-dmarc_reporting.md b/docs/firststeps-dmarc_reporting.md index 5a78ddec0..7c78c201a 100644 --- a/docs/firststeps-dmarc_reporting.md +++ b/docs/firststeps-dmarc_reporting.md @@ -3,18 +3,18 @@ DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html **Important:** -1. Before use examples bellow, change `example.com`, `mail.example.com` and `Example` to your actual data -2. DMARC reporting require additional attention, especially at first days -3. Your reports for all server will be send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, f.e: - - if your `MAILCOW_HOSTNAME=mail.example.com` then Reporting `domain = "example.com";` - - set `email` from same domain also, `email = "noreply-dmarc@example.com";` +1. Before you use the examples below, change `example.com`, `mail.example.com` and `Example` to reflect your setup +2. DMARC reporting requires additional attention, especially over the first few days +3. All receiving domains hosted on mailcow send from one reporting domain. Recommended to use parent domain of your `MAILCOW_HOSTNAME`, for example: + - if your `MAILCOW_HOSTNAME=mail.example.com` then change your reporting config to match `domain = "example.com";` + - set `email` from the same domain also, `email = "noreply-dmarc@example.com";` 4. This optional, but recommended step: create `noreply-dmarc` email user in mailcow to handle bounces. - Go to mailcow admin UI → Configuration → Mail Setup → Mailboxes → Add mailbox → Create mailbox `noreply-dmarc`, please choose correct domain - - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, f.e: `noreply` and add action: Discard the message and save filter - - In case you plan to resend a copy of reports to yourself: you need add condition to previous filter example `From is not noreply-dmarc@example.com` + - In case you want silently discard bounces: login in SOGo from this account and go to Preferences → Mail → Filters → Create Filter → Add action → Provide name, enter `noreply` and add action: Discard the message and save filter + - In case you plan to resend a copy of reports to yourself, you need to add a condition to previous filter example `From is not noreply-dmarc@example.com` ## Enable DMARC Reporting -1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set content to: +1. Create or edit file in `data/conf/rspamd/local.d/dmarc.conf` and set contents to: ``` reporting { enabled = true; @@ -49,20 +49,44 @@ services: 3. Run `docker-compose up -d` ## Send a copy reports to yourself -To recieve a hidden copy of reports generated by Rspamd you can set a list of comma-separated emails via `bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];` in `reporting` section. +To receive a hidden copy of reports generated by Rspamd you can set a `bcc_addrs` list in `reporting` section. -Rspamd will load changes in runtime, no need to restart it. +``` +reporting { + enabled = true; + email = 'noreply-dmarc@example.com'; + bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; +... +``` + +Rspamd will load changes in real time, no need to restart it. This useful in case: -- you want to check that your DMARC Reports send correctly, e.g.: check that they signed by DKIM, etc. -- you want to analyze own reports to get statics data, f.e: use with ParseDMARC or other analytic system +- you want to check that your DMARC Reports send correctly, check that they signed by DKIM, etc. +- you want to analyze own reports to get statics data, for example use with ParseDMARC or other analytic system ## Troubleshooting -You can check: -1. Run `docker-compose exec rspamd-mailcow ls -lah /var/lib/rspamd/dmarc_reports_last_log` to check when file was been modified last time -2. Do `docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log` to check last report output -3. Manually trigger sending of DMARC reports via `rspamd-mailcow rspamadm dmarc_report` and check the output -4. Validate that Rspamd has recorded data in Redis via `docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'` and then run `docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;date"` + +Check when the report schedule last ran +``` +docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log +``` + +See last report output +``` +docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log +``` + +Manually Trigger DMARC report +``` +docker-compose exec rspamd-mailcow rspamadm dmarc_report +``` + +Validate that Rspamd has recorded data in Redis +``` +docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' +docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231" +``` ## Change DMARC Reporting Frequency In the example above reports are send once a 24 hours. To change this behaviour: