[opendmarc-users] Setting up with multiple domains

Mick debacletw8 at rs432.net
Wed Sep 2 12:54:57 PDT 2015


> Of course lines 19, 131 and 132 are also relevant:
> use Net::Domain qw(hostfqdn hostdomain);
> my $repdom = hostdomain();
> my $repemail = "postmaster@" . $repdom;
>
I see that they are.
>>
>> Oh? I see that DKIM has failed due to an insecure key? I've got a lot 
>> to learn (sigh)
> For configuring DKIM I often used http://dkimvalidator.com/. Probably 
> it is useful for you as well.
Thanks for this tool tip. I've just had a play with that and 
SpamAssassin reports for this secondary domain that  'From address 
appears to be a throwaway domain'. That's not good.  I guess that is 
because the domain obtained from 'mail from' doesn't match the 'HELO' 
which uses the primary domain as its greeting.



>
>> Then some time later later repeat the above replacing domainA with B 
>> and so on.  It would still means that the feedback from all my 
>> domains are grouped together therefore sent together, but would look 
>> like each domain is conforming.  Ideally, each domain would save it's 
>> own reports separately, but it doesn't seem possible at the moment
> I think this won't work due to another reason. After you processed 
> your data on behalf of domainA the messages are marked as (already) 
> reported. In the next iteration for domainB there won't be anything 
> else to report.
I was thinking of doing them 6 hours hours apart so there would be 
something to report each time... Maybe? Most of my mail server activity 
are inbound SPAM attempts to one particular domain especially. I bar 
these attacks using fail2ban regExp rules since I spotted 1658 attempts 
to connect in 4 minutes!



>
> From my point of view there are two potential solutions, which both 
> require some effort:
> 1. You know how to get one opendmarc.dat file for each receiving 
> domain (eg. opendmarc_domainA.dat, opendmarc_domainB.dat, ...) and 
> import it to different databases, like "cat opendmarc_domainA.dat | 
> opendmarc-import --dbname=dmarc_domainA && cat opendmarc_domainB.dat | 
> opendmarc-import --dbname=dmarc_domainB ...". Afterwards you do the 
> reporting for each domain like "opendmarc-reports 
> --dbname=dmarc_domainA --report-org=domainA 
> --report-email=postmaster at domainA && opendmarc-reports 
> --dbname=dmarc_domainB --report-org=domainB 
> --report-email=postmaster at domainB ...".
>
> 2. You are able to differentiate between the receiving domains in one 
> opendmarc.dat file. Then you have to adapt the opendmarc-import script 
> that it writes the data to different DBs based on the /reporter /value 
> in opendmarc.dat and finally you have to send the reports with a 
> similar command like for the first case.

The opendmard.dat file doesn't show the destination domain only the 
origin, the reporter field always shows the primary domain name.  If it 
did, I would have a go at your suggestion.  AuthservID only takes one 
domain name according to opendmarc.conf.sample.


Thanks for your help and ideas. I appreciate it.


Best regards,

Mick.


>
> Regards,
> Christoph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20150902/c9427f6d/attachment.htm>


More information about the opendmarc-users mailing list