Adapt to changes in Rspamd
3,9 KiB
DMARC Reporting done via Rspamd DMARC Module.
Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html
Important:
-
Change
example.com
,mail.example.com
andExample
to reflect your setup -
DMARC reporting requires additional attention, especially over the first few days
-
All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your
MAILCOW_HOSTNAME
:- If your
MAILCOW_HOSTNAME
ismail.example.com
change the following config todomain = "example.com";
- Set
email
equally, e.g.email = "noreply-dmarc@example.com";
- If your
-
It is optional but recommended to create an email user
noreply-dmarc
in mailcow to handle bounces.
Enable DMARC reporting
Create the file data/conf/rspamd/local.d/dmarc.conf
and set the following content:
reporting {
enabled = true;
email = 'noreply-dmarc@example.com';
domain = 'example.com';
org_name = 'Example';
helo = 'rspamd';
smtp = 'postfix';
smtp_port = 25;
from_name = 'Example DMARC Report';
msgid_from = 'rspamd.mail.example.com';
max_entries = 2k;
keys_expire = 2d;
}
Create or modify docker-compose.override.yml
in the mailcow-dockerized base directory:
version: '2.1'
services:
rspamd-mailcow:
environment:
- MASTER=${MASTER:-y}
labels:
ofelia.enabled: "true"
ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"
ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
ofelia-mailcow:
depends_on:
- rspamd-mailcow
Run docker-compose up -d
Send a copy reports to yourself
To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs
list in the reporting
config section of data/conf/rspamd/local.d/dmarc.conf
:
reporting {
enabled = true;
email = 'noreply-dmarc@example.com';
bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
[...]
Rspamd will load changes in real time, so you won't need to restart the container at this point.
This can be useful if you...
- ...want to check that your DMARC reports are sent correctly and authenticated.
- ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
Troubleshooting
Check when the report schedule last ran:
docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
See the latest report output:
docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
Manually trigger a DMARC report:
docker-compose exec rspamd-mailcow rspamadm dmarc_report
Validate that Rspamd has recorded data in Redis:
Change 20220428
to date which you interested in.
docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
Take one of the lines from output you interested in and request it, f.e.:
docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
Change DMARC reporting frequency
In the example above reports are sent once every 24 hours.
Olefia schedule has same implementation as cron
in Go, supported syntax described at cron Documentation
To change schedule:
-
Edit
docker-compose.override.yml
and a djustofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h"
to a desired value, for example to"@midnight"
-
Run
docker-compose up -d
-
Run
docker-compose restart ofelia-mailcow
Disable DMARC Reporting
To disable reporting:
-
Set
enabled
tofalse
indata/conf/rspamd/local.d/dmarc.conf
-
Revert changes done in
docker-compose.override.yml
torspamd-mailcow
andofelia-mailcow
-
Run
docker-compose up -d