[opendmarc-users] Setting up with multiple domains
Mick
debacletw8 at rs432.net
Wed Sep 2 12:54:57 PDT 2015
> Of course lines 19, 131 and 132 are also relevant:
> use Net::Domain qw(hostfqdn hostdomain);
> my $repdom = hostdomain();
> my $repemail = "postmaster@" . $repdom;
>
I see that they are.
>>
>> Oh? I see that DKIM has failed due to an insecure key? I've got a lot
>> to learn (sigh)
> For configuring DKIM I often used http://dkimvalidator.com/. Probably
> it is useful for you as well.
Thanks for this tool tip. I've just had a play with that and
SpamAssassin reports for this secondary domain that 'From address
appears to be a throwaway domain'. That's not good. I guess that is
because the domain obtained from 'mail from' doesn't match the 'HELO'
which uses the primary domain as its greeting.
>
>> Then some time later later repeat the above replacing domainA with B
>> and so on. It would still means that the feedback from all my
>> domains are grouped together therefore sent together, but would look
>> like each domain is conforming. Ideally, each domain would save it's
>> own reports separately, but it doesn't seem possible at the moment
> I think this won't work due to another reason. After you processed
> your data on behalf of domainA the messages are marked as (already)
> reported. In the next iteration for domainB there won't be anything
> else to report.
I was thinking of doing them 6 hours hours apart so there would be
something to report each time... Maybe? Most of my mail server activity
are inbound SPAM attempts to one particular domain especially. I bar
these attacks using fail2ban regExp rules since I spotted 1658 attempts
to connect in 4 minutes!
>
> From my point of view there are two potential solutions, which both
> require some effort:
> 1. You know how to get one opendmarc.dat file for each receiving
> domain (eg. opendmarc_domainA.dat, opendmarc_domainB.dat, ...) and
> import it to different databases, like "cat opendmarc_domainA.dat |
> opendmarc-import --dbname=dmarc_domainA && cat opendmarc_domainB.dat |
> opendmarc-import --dbname=dmarc_domainB ...". Afterwards you do the
> reporting for each domain like "opendmarc-reports
> --dbname=dmarc_domainA --report-org=domainA
> --report-email=postmaster at domainA && opendmarc-reports
> --dbname=dmarc_domainB --report-org=domainB
> --report-email=postmaster at domainB ...".
>
> 2. You are able to differentiate between the receiving domains in one
> opendmarc.dat file. Then you have to adapt the opendmarc-import script
> that it writes the data to different DBs based on the /reporter /value
> in opendmarc.dat and finally you have to send the reports with a
> similar command like for the first case.
The opendmard.dat file doesn't show the destination domain only the
origin, the reporter field always shows the primary domain name. If it
did, I would have a go at your suggestion. AuthservID only takes one
domain name according to opendmarc.conf.sample.
Thanks for your help and ideas. I appreciate it.
Best regards,
Mick.
>
> Regards,
> Christoph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20150902/c9427f6d/attachment.htm>
More information about the opendmarc-users
mailing list