[FR] send automated DMARC reports to servers

[williamdes]

Feature Request

I would like my server to send dmarc reports like Google does each day. That would allow other admins to get reports for emails the server handles.

Context

Related to mailcow/mailcow-dockerized#3247

Is your Feature Request related to a Problem?

No

Describe the Solution you'd like

An ENV to enable the feature and the feature itself

Are you going to implement it?

No

What are you going to contribute??

Nothing

Additional context

Alternatives you've considered

None

Who will that Feature be useful to?

Domains that receive emails sent from the server

What have you done already?

Nothing

[github-actions]

This issue has become stale because it has been open for 20 days without activity.
This issue will be closed in 10 days automatically unless:

• a maintainer removes the meta/stale label or adds the stale-bot/ignore label
• new activity occurs, such as a new comment

[MexHigh]

I'd really like to help with this, because i would also like to have this feature. But I really don't know which component of docker-mailserver might be responsible for this. In Mailcow, it is rspamd, which is not used in docker-mailserver. Does SpamAssassin support this?

[williamdes]

I just browsed the page to compare rspamd and other ones

And it seems to say it supports sending dmarc reports

[williamdes]

I am closing this one, since I intend to change mail server software
https://stalw.art/docs/smtp/authentication/dmarc/

[MexHigh]

@williamdes Why are you closing this? There are still users wanting this feature (including me) in docker-mailserver.

[MexHigh]

So since I've moved to rspamd some time ago, I gave it another try. It is possible to setup DMARC reporting with the current state of docker-mailserver, but it requires some adjustments.

You first need to make sure, that you are using rspamd (ENABLE_RSPAMD=1) and the built-in redis instance, where the reports are stored (ENABLE_RSPAMD_REDIS=1).

Create a mailbox for DMARC reports

(I think) you need to create an own mailbox (or alias) for the DMARC reports, so that rspamd is able to authenticate itself with your mailserver. But this is just an assumption. I've created an alias for this.

./setup.sh alias add dmarc-reports@example.org admin@example.org

Configuring rspamd

You can configure rspamd from your host (persists container restarts and updates) using an override. You propably have a Docker bind mount to /tmp/docker-mailserver/. In it you need to create the file rspamd/override.d/dmarc.conf with the following content:

reporting {
  enabled = true;
  email = 'dmarc-reports@example.org';
  domain = 'example.org';
  org_name = 'example.org mail services';
  # optional
  bcc_addrs = ["admin@example.org"];
}

See the documentation for all options: https://rspamd.com/doc/modules/dmarc.html#reporting

This only configures COLLECTION of reports, but it does not send them. You need to do this periodically (see next heading).

Creating a crontab entry for sending the reports

You need to call the command rspamadm dmarc_report periodically (e.g. daily) to trigger the sending of all collected reports. This can be accomplished with the user-defined user-patches.sh script inside the same mail config directory, right next to the rspamd folder. The contents are executed once docker-mailserver starts up, so we can use it to add the crontab entry:

#!/bin/bash

set -e

CRONTAB_LINE="0 0 * * * rspamadm dmarc_report >/dev/null 2>&1" # send at 00:00 daily

(crontab -l 2>/dev/null; echo "$CRONTAB_LINE") | crontab -
echo "user-patches.sh successfully executed" # <-- this should be visible in the logs while docker-mailserver starts up

Important: In my case, rspamadm dmarc_report sends the reports of yesterday, but you can set a specific day for testing (see rspamadm dmarc_report --help). There is a bug report for this upstream, because this behaviour might not be expected: rspamd/rspamd#4062.

---

Hope this helps!