[opendmarc-users] Setting up with multiple domains

Mick debacletw8 at rs432.net
Wed Sep 2 03:24:43 PDT 2015 

Hi Christoph,

Thank you so much for your reply.
> the information about the sender in an aggregate report (org_name-tag 
> and email-tag in XML) is generated using the domain of the hostname of 
> the server which runs opendmarc. Please have a look at line 188 and 
> 189 of 
> http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in. 
>
   'report-email=s' => \$repemail,
   'report-org=s' => \$repdom,

Are the above the two lines you mean?... I've read on and see these are 
the two lines you refer to.

  I've already had a poke around in that particular file as the 
otherwise great tutorial I was following (DMARC only)  from ;
https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/
failed with 'can't create report file'.  It was obviously a permissions 
issue and easily resolved by running the script as root and not 
'opendmarc'. I temporarily killed my mail server in the process  as I 
forgot to make the new 'opendmarc.dat' writable by 'opendmarc'. Resolved 
script with the following ;

su -c "cat /dev/null > /run/opendmarc/opendmarc.dat" -s /bin/bash opendmarc
chmod 750 /run/opendmarc/opendmarc.dat


> I guess in your case this name is equivalent to one of your mailing 
> domains.
Yes. There doesn't seem to be a choice here as all domains are served by 
the same mail server and IP so  no way of differentiating domains  until 
the 'RCPT TO: <'  so far as I can see.  You will see the primary domain 
and this domain in the headers.

Oh? I see that DKIM has failed due to an insecure key? I've got a lot to 
learn (sigh)


> The help command shows how (see --report-email and --report-org):
I was thinking of cheating in this way by having a report script for 
each domain, and rotating them.

/usr/sbin/opendmarc-reports --dbhost=${DB_SERVER} --dbuser=${DB_USER} --dbpasswd=${DB_PASS} --dbname=${DB_NAME} --verbose -interval=86400 --report-email 'dmarc at domainA.uk' --report-org 'domainA.uk'


Then some time later later repeat the above replacing domainA with B and 
so on.  It would still means that the feedback from all my domains are 
grouped together therefore sent together, but would look like each 
domain is conforming.  Ideally, each domain would save it's own reports 
separately, but it doesn't seem possible at the moment


Thanks again for your help,


Mick.



>> $ opendmarc-reports --help
>> opendmarc-reports: usage: opendmarc-reports
>>  --day send yesterday's data
>>  --dbhost=host database host
>>  --dbname=name database name
>>  --dbpasswd=passwd database password
>>  --dbport=port database port
>>  --dbuser=user database user
>>  --domain=name force a report for named domain
>>  --help print help and exit
>>  --interval=secs report interval
>>  --keepfiles keep xml files (in local directory)
>>   -n synonym for --test
>>  --nodomain=name omit a report for named domain
>>  --noupdate don't record report transmission
>>  --report-email reporting contact [postmaster at example.com]
>>  --report-org reporting organization [example.com]
>>  --smtp-port smtp server port
>>  --smtp-server smtp server
>>  --test don't send reports
>>  --utc operate in UTC
>>                     (implies --keepfiles --noupdate)
>>  --verbose verbose output
>>                     (repeat for increased output)
>>  --version print version and exit
>
> The domain in your opendmarc.dat is not used directly in the generated 
> aggregate report. It represents the hostname of the machine which 
> receives the message (for the case of multiple MXs) and is only used 
> to distinguish them when the data gets imported into the DB using 
> http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-import.in.
>
> Probably you can play around with opendmarc-import and 
> opendmarc-reports to get it working for your setup.
>
> Cheers,
> Christoph
>
> Am Mit, 2. Sep, 2015 um 12:37 schrieb Mick <debacletw8 at rs432.net>:
>> Hi all, I guess this is a dead list. Seems more questions are asked 
>> than answered at least. Perhaps everyone is on holiday in Blackpool? 
>> I hoped at worse for a retort 'Read the documentation' with a link to 
>> the relevant section of incoherent text, but alas no, not even that. 
>> Abandon hope all ye who ask here! :'( Best wishes to everyone, Mick. 
>> On 31/08/2015 00:58, Mick wrote:
>>
>>     Hi all, I'm new to opendmarc and this list, so apologies if this
>>     has been asked before. Over the past few days, I've set up
>>     opendmarc, but am holding back on the feedback reports as I'm
>>     sure they won't conform. I have 4 domains that each receive email
>>     through the same postfix MTA instance, so regardless of which
>>     domain messages are destined for, they all get labelled as a
>>     report from the primary domain in opendmarc.dat. Is it okay to
>>     report if not everything in that report applies to the domain it
>>     is said to be received for? I'm sure it isn't and I can't think
>>     of a way round this so thought I'd ask. Many thanks, Mick.
>>     _______________________________________________ opendmarc-users
>>     mailing list opendmarc-users at trusteddomain.org
>>     <mailto:opendmarc-users at trusteddomain.org>
>>     http://www.trusteddomain.org/mailman/listinfo/opendmarc-users 
>>
>> _______________________________________________ opendmarc-users 
>> mailing list opendmarc-users at trusteddomain.org 
>> <mailto:opendmarc-users at trusteddomain.org> 
>> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20150902/80d31295/attachment-0001.htm>

More information about the opendmarc-users mailing list