Last active
July 15, 2022 02:53
-
-
Save mrballcb/74b1955a6d9731e0d2c7 to your computer and use it in GitHub Desktop.
Exim DMARC with configuration to send DMARC reports (but not forensic reports)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) Exim config | |
| a. Global settings: | |
| dmarc_history_file = /var/spool/exim/dmarc_history.txt | |
| dmarc_tld_file = /etc/exim/opendmarc.tlds | |
| b. Get the tld file (list of valid TLD's) from http://publicsuffix.org/list/ | |
| c. Somewhere early in the RCPT ACL I have: | |
| .include_if_exists /etc/exim/dmarc_acl_control.conf | |
| d. $ more /etc/exim/dmarc_acl_control.conf | |
| warn authenticated = * | |
| hosts = +our_internal_hosts : +relay_from_hosts | |
| control = dmarc_disable_verify | |
| warn !authenticated = * | |
| !hosts = +our_internal_hosts : +relay_from_hosts | |
| ## control = dmarc_enable_forensic | |
| 2) Cronjob | |
| MAILTO='[email protected]' | |
| 58 * * * * /usr/local/bin/dmarc_maint.sh -i | |
| 6 */6 * * * /usr/local/bin/dmarc_maint.sh -r | |
| @weekly /usr/local/bin/dmarc_maint.sh -e | |
| 3) Helper script | |
| $ more /usr/local/bin/dmarc_maint.sh | |
| #!/bin/bash | |
| DBHOST="db.example.com" | |
| DBNAME="dmarcExim" | |
| DBUSER="dmarc" | |
| DBPASS="DMARCpassword" | |
| REPORTEMAIL="[email protected]" | |
| REPORTORG="Your Org" | |
| statsfile="/var/spool/exim/dmarc_history.txt" | |
| ## No user changable code below ## | |
| DBINFO="--dbhost=$DBHOST --dbname=$DBNAME" | |
| DBINFO="$DBINFO --dbuser=$DBUSER --dbpasswd=$DBPASS" | |
| CONTACT="--report-email=$REPORTEMAIL --report-org=$REPORTORG" | |
| date=`date '+%Y%m%d%H%M'` | |
| if echo "$@" | grep -q -- "--verbose" ; then | |
| ARGS="--verbose" | |
| fi | |
| function usage() { | |
| prog=`basename $0` | |
| echo | |
| echo "Usage: $prog [ -e | -i | -r ]" | |
| echo | |
| echo "One of the following arguments are required" | |
| echo " -e Expire old entries" | |
| echo " -i Import from STDIN into database" | |
| echo " -r Send out reports" | |
| echo " -t Test mode for reports" | |
| echo | |
| exit | |
| } | |
| function restart_opendmarc() { | |
| if /sbin/pidof valgrind >/dev/null; then | |
| #echo "Not restarting OpenDMARC because valgrind is running" | |
| return | |
| fi | |
| echo "OpenDMARC daemon was down, restarting" | |
| /sbin/service opendmarc restart | |
| } | |
| if ! /sbin/pidof opendmarc >/dev/null; then | |
| if ! /sbin/pidof exim >/dev/null; then | |
| restart_opendmarc | |
| fi | |
| fi | |
| done=0 | |
| while getopts ":tire" opt; do | |
| case $opt in | |
| e) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| nice /usr/sbin/opendmarc-expire $DBINFO $ARGS --verbose | |
| ;; | |
| i) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| if [ -f $statsfile ]; then | |
| mv $statsfile $statsfile.$date | |
| nice /usr/sbin/opendmarc-import $DBINFO $ARGS < $statsfile.$date | |
| if [ $? = 0 ]; then | |
| rm -f $statsfile.$date | |
| else | |
| echo "Error importing $statsfile.$date" | |
| fi | |
| #else | |
| # echo "No stats file $statsfile, nothing to do" | |
| fi | |
| ;; | |
| r) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| #echo "Would Send Reports" | |
| nice /usr/sbin/opendmarc-reports $DBINFO $CONTACT $ARGS | |
| ;; | |
| t) if [ $done = 1 ]; then continue 3; fi; done=1 | |
| # echo "Would run reports in test mode" | |
| nice /usr/sbin/opendmarc-reports $DBINFO $CONTACT --test --verbose | |
| ;; | |
| *) | |
| if [ $done = 1 ]; then continue 3; fi; done=1 | |
| usage | |
| exit | |
| ;; | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment