Forked from riverans/gist:3b61ed80ef6cd74a6af944b771eb39bf
Created
October 16, 2023 12:28
-
-
Save 0x00dec0de/1eb2bf8ced5f37be449c2e67cbc07d7f to your computer and use it in GitHub Desktop.
Exim DMARC with configuration to send DMARC reports (but not forensic reports)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) Exim config | |
| a. Global settings: | |
| dmarc_history_file = /var/spool/exim/dmarc_history.txt | |
| dmarc_tld_file = /etc/exim/opendmarc.tlds | |
| b. Get the tld file (list of valid TLD's) from http://publicsuffix.org/list/ | |
| c. Somewhere early in the RCPT ACL I have: | |
| .include_if_exists /etc/exim/dmarc_acl_control.conf | |
| d. $ more /etc/exim/dmarc_acl_control.conf | |
| warn authenticated = * | |
| hosts = +our_internal_hosts : +relay_from_hosts | |
| control = dmarc_disable_verify | |
| warn !authenticated = * | |
| !hosts = +our_internal_hosts : +relay_from_hosts | |
| ## control = dmarc_enable_forensic | |
| 2) Cronjob | |
| MAILTO='[email protected]' | |
| 58 * * * * /usr/local/bin/dmarc_maint.sh -i | |
| 6 */6 * * * /usr/local/bin/dmarc_maint.sh -r | |
| @weekly /usr/local/bin/dmarc_maint.sh -e | |
| 3) Helper script | |
| $ more /usr/local/bin/dmarc_maint.sh | |
| #!/bin/bash | |
| DBHOST="db.example.com" | |
| DBNAME="dmarcExim" | |
| DBUSER="dmarc" | |
| DBPASS="DMARCpassword" | |
| REPORTEMAIL="[email protected]" | |
| REPORTORG="Your Org" | |
| statsfile="/var/spool/exim/dmarc_history.txt" | |
| ## No user changable code below ## | |
| DBINFO="--dbhost=$DBHOST --dbname=$DBNAME" | |
| DBINFO="$DBINFO --dbuser=$DBUSER --dbpasswd=$DBPASS" | |
| CONTACT="--report-email=$REPORTEMAIL --report-org=$REPORTORG" | |
| date=`date '+%Y%m%d%H%M'` | |
| if echo "$@" | grep -q -- "--verbose" ; then | |
| ARGS="--verbose" | |
| fi | |
| function usage() { | |
| prog=`basename $0` | |
| echo | |
| echo "Usage: $prog [ -e | -i | -r ]" | |
| echo | |
| echo "One of the following arguments are required" | |
| echo " -e Expire old entries" | |
| echo " -i Import from STDIN into database" | |
| echo " -r Send out reports" | |
| echo " -t Test mode for reports" | |
| echo | |
| exit | |
| } | |
| function restart_opendmarc() { | |
| if /sbin/pidof valgrind >/dev/null; then | |
| #echo "Not restarting OpenDMARC because valgrind is running" | |
| return | |
| fi | |
| echo "OpenDMARC daemon was down, restarting" | |
| /sbin/service opendmarc restart | |
| } | |
| if ! /sbin/pidof opendmarc >/dev/null; then | |
| if ! /sbin/pidof exim >/dev/null; then | |
| restart_opendmarc | |
| fi | |
| fi | |
| done=0 | |
| while getopts ":tire" opt; do | |
| case $opt in | |
| e) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| nice /usr/sbin/opendmarc-expire $DBINFO $ARGS --verbose | |
| ;; | |
| i) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| if [ -f $statsfile ]; then | |
| mv $statsfile $statsfile.$date | |
| nice /usr/sbin/opendmarc-import $DBINFO $ARGS < $statsfile.$date | |
| if [ $? = 0 ]; then | |
| rm -f $statsfile.$date | |
| else | |
| echo "Error importing $statsfile.$date" | |
| fi | |
| #else | |
| # echo "No stats file $statsfile, nothing to do" | |
| fi | |
| ;; | |
| r) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| #echo "Would Send Reports" | |
| nice /usr/sbin/opendmarc-reports $DBINFO $CONTACT $ARGS | |
| ;; | |
| t) if [ $done = 1 ]; then continue 3; fi; done=1 | |
| # echo "Would run reports in test mode" | |
| nice /usr/sbin/opendmarc-reports $DBINFO $CONTACT --test --verbose | |
| ;; | |
| *) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| usage | |
| exit | |
| ;; | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment