<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Christoph,<br>
<br>
Thank you so much for your reply. <br>
</div>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at"
type="cite">
<div>the information about the sender in an aggregate report
(org_name-tag and email-tag in XML) is generated using the
domain of the hostname of the server which runs opendmarc.
Please have a look at line 188 and 189 of <a
class="moz-txt-link-freetext"
href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in"><a class="moz-txt-link-freetext" href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in">http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in</a></a>.
</div>
</blockquote>
'report-email=s' => \$repemail,<br>
'report-org=s' => \$repdom,<br>
<br>
Are the above the two lines you mean?... I've read on and see these
are the two lines you refer to.<br>
<br>
I've already had a poke around in that particular file as the
otherwise great tutorial I was following (DMARC only) from ;<br>
<a class="moz-txt-link-freetext"
href="https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/">https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/</a><br>
failed with 'can't create report file'. It was obviously a
permissions issue and easily resolved by running the script as root
and not 'opendmarc'. I temporarily killed my mail server in the
process as I forgot to make the new 'opendmarc.dat' writable by
'opendmarc'. Resolved script with the following ;<br>
<br>
<pre>su -c "cat /dev/null > /run/opendmarc/opendmarc.dat" -s /bin/bash opendmarc
chmod 750 /run/opendmarc/opendmarc.dat
</pre>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at"
type="cite">
<div>I guess in your case this name is equivalent to one of your
mailing domains. </div>
</blockquote>
Yes. There doesn't seem to be a choice here as all domains are
served by the same mail server and IP so no way of differentiating
domains until the 'RCPT TO: <' so far as I can see. You will
see the primary domain and this domain in the headers. <br>
<br>
Oh? I see that DKIM has failed due to an insecure key? I've got a
lot to learn (sigh)<br>
<br>
<br>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at"
type="cite">
<div> The help command shows how (see --report-email and
--report-org):</div>
</blockquote>
I was thinking of cheating in this way by having a report script for
each domain, and rotating them. <br>
<br>
<pre>/usr/sbin/opendmarc-reports --dbhost=${DB_SERVER} --dbuser=${DB_USER} --dbpasswd=${DB_PASS} --dbname=${DB_NAME} --verbose -interval=86400 --report-email '<a class="moz-txt-link-abbreviated" href="mailto:dmarc@domainA.uk">dmarc@domainA.uk</a>' --report-org 'domainA.uk'</pre>
<br>
Then some time later later repeat the above replacing domainA with B
and so on. It would still means that the feedback from all my
domains are grouped together therefore sent together, but would look
like each domain is conforming. Ideally, each domain would save
it's own reports separately, but it doesn't seem possible at the
moment<br>
<br>
<br>
Thanks again for your help,<br>
<br>
<br>
Mick. <br>
<br>
<br>
<br>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at"
type="cite">
<blockquote type="cite">
<div>$ opendmarc-reports --help</div>
<div>opendmarc-reports: usage: opendmarc-reports </div>
<div> --day send yesterday's data</div>
<div> --dbhost=host database host </div>
<div> --dbname=name database name </div>
<div> --dbpasswd=passwd database password </div>
<div> --dbport=port database port </div>
<div> --dbuser=user database user </div>
<div> --domain=name force a report for named domain</div>
<div> --help print help and exit</div>
<div> --interval=secs report interval </div>
<div> --keepfiles keep xml files (in local directory)</div>
<div> -n synonym for --test</div>
<div> --nodomain=name omit a report for named domain</div>
<div> --noupdate don't record report transmission</div>
<div> --report-email reporting contact [<a
class="moz-txt-link-abbreviated"
href="mailto:postmaster@example.com"><a class="moz-txt-link-abbreviated" href="mailto:postmaster@example.com">postmaster@example.com</a></a>]</div>
<div> --report-org reporting organization [example.com]</div>
<div> --smtp-port smtp server port </div>
<div> --smtp-server smtp server </div>
<div> --test don't send reports</div>
<div> --utc operate in UTC</div>
<div> (implies --keepfiles --noupdate)</div>
<div> --verbose verbose output</div>
<div> (repeat for increased output)</div>
<div> --version print version and exit</div>
</blockquote>
<div><br>
</div>
<div>The domain in your opendmarc.dat is not used directly in the
generated aggregate report. It represents the hostname of the
machine which receives the message (for the case of multiple
MXs) and is only used to distinguish them when the data gets
imported into the DB using <a moz-do-not-send="true"
href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-import.in">http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-import.in</a>.</div>
<div><br>
</div>
<div>Probably you can play around with opendmarc-import and
opendmarc-reports to get it working for your setup.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Christoph<br>
<br>
Am Mit, 2. Sep, 2015 um 12:37 schrieb Mick <a
class="moz-txt-link-rfc2396E"
href="mailto:debacletw8@rs432.net"><a class="moz-txt-link-rfc2396E" href="mailto:debacletw8@rs432.net"><debacletw8@rs432.net></a></a>:<br>
<blockquote type="cite">
<div class="plaintext" style="white-space: pre-wrap;">Hi all,
I guess this is a dead list. Seems more questions are asked than answered at least. Perhaps everyone is on holiday in Blackpool? I hoped at worse for a retort 'Read the documentation' with a link to the relevant section of incoherent text, but alas no, not even that. Abandon hope all ye who ask here! :'(
Best wishes to everyone,
Mick.
On 31/08/2015 00:58, Mick wrote:
<blockquote>Hi all,
I'm new to opendmarc and this list, so apologies if this has been asked before. Over the past few days, I've set up opendmarc, but am holding back on the feedback reports as I'm sure they won't conform. I have 4 domains that each receive email through the same postfix MTA instance, so regardless of which domain messages are destined for, they all get labelled as a report from the primary domain in opendmarc.dat. Is it okay to report if not everything in that report applies to the domain it is said to be received for? I'm sure it isn't and I can't think of a way round this so thought I'd ask.
Many thanks,
Mick.
_______________________________________________
opendmarc-users mailing list
<a moz-do-not-send="true" href="mailto:opendmarc-users@trusteddomain.org">opendmarc-users@trusteddomain.org</a>
<a moz-do-not-send="true" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a>
</blockquote>
_______________________________________________
opendmarc-users mailing list
<a moz-do-not-send="true" href="mailto:opendmarc-users@trusteddomain.org">opendmarc-users@trusteddomain.org</a>
<a moz-do-not-send="true" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a></div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>