Hey,<div><br><br>Am Mit, 2. Sep, 2015 um 12:24 schrieb Mick <debacletw8@rs432.net>:<br>
<blockquote type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Christoph,<br>
<br>
Thank you so much for your reply. <br>
</div>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at" type="cite">
<div>the information about the sender in an aggregate report
(org_name-tag and email-tag in XML) is generated using the
domain of the hostname of the server which runs opendmarc.
Please have a look at line 188 and 189 of <a class="moz-txt-link-freetext" href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in"></a><a class="moz-txt-link-freetext" href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in">http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-reports.in</a>.
</div>
</blockquote>
'report-email=s' => \$repemail,<br>
'report-org=s' => \$repdom,<br></blockquote><div>Of course lines 19, 131 and 132 are also relevant:</div><div>use Net::Domain qw(hostfqdn hostdomain);</div><div>my $repdom = hostdomain();</div><div>my $repemail = "postmaster@" . $repdom;</div><br><blockquote type="cite">
<br>
Are the above the two lines you mean?... I've read on and see these
are the two lines you refer to.<br>
<br>
I've already had a poke around in that particular file as the
otherwise great tutorial I was following (DMARC only) from ;<br>
<a class="moz-txt-link-freetext" href="https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/">https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/</a><br>
failed with 'can't create report file'. It was obviously a
permissions issue and easily resolved by running the script as root
and not 'opendmarc'. I temporarily killed my mail server in the
process as I forgot to make the new 'opendmarc.dat' writable by
'opendmarc'. Resolved script with the following ;<br>
<br>
<pre>su -c "cat /dev/null > /run/opendmarc/opendmarc.dat" -s /bin/bash opendmarc
chmod 750 /run/opendmarc/opendmarc.dat
</pre>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at" type="cite">
<div>I guess in your case this name is equivalent to one of your
mailing domains. </div>
</blockquote>
Yes. There doesn't seem to be a choice here as all domains are
served by the same mail server and IP so no way of differentiating
domains until the 'RCPT TO: <' so far as I can see. You will
see the primary domain and this domain in the headers. <br>
<br>
Oh? I see that DKIM has failed due to an insecure key? I've got a
lot to learn (sigh)</blockquote>For configuring DKIM I often used <a href="http://dkimvalidator.com/">http://dkimvalidator.com/</a>. Probably it is useful for you as well.</div><div><br><blockquote type="cite"><br>
<br>
<br>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at" type="cite">
<div> The help command shows how (see --report-email and
--report-org):</div>
</blockquote>
I was thinking of cheating in this way by having a report script for
each domain, and rotating them. <br>
<br>
<pre>/usr/sbin/opendmarc-reports --dbhost=${DB_SERVER} --dbuser=${DB_USER} --dbpasswd=${DB_PASS} --dbname=${DB_NAME} --verbose -interval=86400 --report-email '<a class="moz-txt-link-abbreviated" href="mailto:dmarc@domainA.uk">dmarc@domainA.uk</a>' --report-org 'domainA.uk'</pre>
<br>
Then some time later later repeat the above replacing domainA with B
and so on. It would still means that the feedback from all my
domains are grouped together therefore sent together, but would look
like each domain is conforming. Ideally, each domain would save
it's own reports separately, but it doesn't seem possible at the
moment</blockquote>I think this won't work due to another reason. After you processed your data on behalf of domainA the messages are marked as (already) reported. In the next iteration for domainB there won't be anything else to report.</div><div><br></div><div>From my point of view there are two potential solutions, which both require some effort:</div><div>1. You know how to get one opendmarc.dat file for each receiving domain (eg. opendmarc_domainA.dat, opendmarc_domainB.dat, ...) and import it to different databases, like "cat opendmarc_domainA.dat | opendmarc-import --dbname=dmarc_domainA && cat opendmarc_domainB.dat | opendmarc-import --dbname=dmarc_domainB ...". Afterwards you do the reporting for each domain like "opendmarc-reports --dbname=dmarc_domainA --report-org=domainA --report-email=postmaster@domainA && opendmarc-reports --dbname=dmarc_domainB --report-org=domainB --report-email=postmaster@domainB ...".</div><div><br></div><div>2. You are able to differentiate between the receiving domains in one opendmarc.dat file. Then you have to adapt the opendmarc-import script that it writes the data to different DBs based on the <i>reporter </i>value in opendmarc.dat and finally you have to send the reports with a similar command like for the first case.</div><div><br></div><div>Regards,</div><div>Christoph<br><blockquote type="cite"><br>
<br>
<br>
Thanks again for your help,<br>
<br>
<br>
Mick. <br>
<br>
<br>
<br>
<blockquote cite="mid:1441151059.2365.1@mail.univie.ac.at" type="cite">
<blockquote type="cite">
<div>$ opendmarc-reports --help</div>
<div>opendmarc-reports: usage: opendmarc-reports </div>
<div> --day send yesterday's data</div>
<div> --dbhost=host database host </div>
<div> --dbname=name database name </div>
<div> --dbpasswd=passwd database password </div>
<div> --dbport=port database port </div>
<div> --dbuser=user database user </div>
<div> --domain=name force a report for named domain</div>
<div> --help print help and exit</div>
<div> --interval=secs report interval </div>
<div> --keepfiles keep xml files (in local directory)</div>
<div> -n synonym for --test</div>
<div> --nodomain=name omit a report for named domain</div>
<div> --noupdate don't record report transmission</div>
<div> --report-email reporting contact [<a class="moz-txt-link-abbreviated" href="mailto:postmaster@example.com"></a><a class="moz-txt-link-abbreviated" href="mailto:postmaster@example.com">postmaster@example.com</a>]</div>
<div> --report-org reporting organization [example.com]</div>
<div> --smtp-port smtp server port </div>
<div> --smtp-server smtp server </div>
<div> --test don't send reports</div>
<div> --utc operate in UTC</div>
<div> (implies --keepfiles --noupdate)</div>
<div> --verbose verbose output</div>
<div> (repeat for increased output)</div>
<div> --version print version and exit</div>
</blockquote>
<div><br>
</div>
<div>The domain in your opendmarc.dat is not used directly in the
generated aggregate report. It represents the hostname of the
machine which receives the message (for the case of multiple
MXs) and is only used to distinguish them when the data gets
imported into the DB using <a moz-do-not-send="true" href="http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-import.in">http://sourceforge.net/p/opendmarc/code/ci/master/tree/reports/opendmarc-import.in</a>.</div>
<div><br>
</div>
<div>Probably you can play around with opendmarc-import and
opendmarc-reports to get it working for your setup.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Christoph<br>
<br>
Am Mit, 2. Sep, 2015 um 12:37 schrieb Mick <a class="moz-txt-link-rfc2396E" href="mailto:debacletw8@rs432.net"></a><a class="moz-txt-link-rfc2396E" href="mailto:debacletw8@rs432.net"><debacletw8@rs432.net></a>:<br>
<blockquote type="cite">
<div class="plaintext" style="white-space: pre-wrap;">Hi all,
I guess this is a dead list. Seems more questions are asked than answered at least. Perhaps everyone is on holiday in Blackpool? I hoped at worse for a retort 'Read the documentation' with a link to the relevant section of incoherent text, but alas no, not even that. Abandon hope all ye who ask here! :'(
Best wishes to everyone,
Mick.
On 31/08/2015 00:58, Mick wrote:
<blockquote>Hi all,
I'm new to opendmarc and this list, so apologies if this has been asked before. Over the past few days, I've set up opendmarc, but am holding back on the feedback reports as I'm sure they won't conform. I have 4 domains that each receive email through the same postfix MTA instance, so regardless of which domain messages are destined for, they all get labelled as a report from the primary domain in opendmarc.dat. Is it okay to report if not everything in that report applies to the domain it is said to be received for? I'm sure it isn't and I can't think of a way round this so thought I'd ask.
Many thanks,
Mick.
_______________________________________________
opendmarc-users mailing list
<a moz-do-not-send="true" href="mailto:opendmarc-users@trusteddomain.org">opendmarc-users@trusteddomain.org</a>
<a moz-do-not-send="true" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a>
</blockquote>
_______________________________________________
opendmarc-users mailing list
<a moz-do-not-send="true" href="mailto:opendmarc-users@trusteddomain.org">opendmarc-users@trusteddomain.org</a>
<a moz-do-not-send="true" href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a></div>
</blockquote>
</div>
</blockquote>
<br>
</blockquote></div>