Automatically create DMARC records for new accounts
Is it possible to automatically create DMARC records for new accounts (like SPF)?
-
I'd think that would be next to impossible to do. You could default a policy, but without rua/ruf records you'd have no way of verifying the policy is working. rua/ruf records typically need a "mailto" in them and cPanel would have no idea how to set that. 0 -
Hi, I have been looking to do this via the use of a record in the zone file templates along the lines of: _dmarc IN TXT "v=DMARC1; p=none; sp=none; fo=1; ri=86400; rua=mailto:dmarc@%domain%; ruf=mailto:dmarc@%domain%" this seems to work for initial account creation however if the account domain is changed it only updates the rua=mailto and not the ruf=mailto and creates a new corrected copy of the record as well any suggestions on where I have gone wrong with this? additionally to implement this I need a wwwpostacc hook I think? this needs to setup an email forwarder from dmarc@%domain% to dmarc@server domain (this can be hard coded per server if needed rather than a variable) but I'm not a coder so struggling with this one any advice/help much appreciated. I know this isn't a solution for all providers but this works fine for some of our servers and I would like to implement it where I can to provide this record and reduce email delivery issues. 0 -
I can't tell you how to fix the zone file template, but I'm curious how many people actually want DMARC reports emailed to them? For the customers we've set this up for they are using 3rd party services to parse/analyze the reports. 0 -
So I have thought about this a little more and a few amendments to my original proposition, 1: Would also need a hook file to create forwards for addon/alias domains 2: Rather than creating a forwarder to dmarc@server domain could these reports be forwarded to the account default email address/catchall $user@$domain sort of thing? This would allow addon domains and root domains to be sent to a mailbox the users can access and deal with or not as they wish also once the account is setup these forwarders can be amended/added to to give third parties access/copies of these emails to analyze the results. This would also allow for a script that could be implemented across multiple servers without editing in a hardcoded email address or pulling the email from the server contact details email and forcing the server admins to deal with all of these (hint hint cPanel can implement this as part of the whole system maybe?) Additionally an option to purge these account default mailboxes of emails older than XX days to prevent disk usage creep would be nice. simple nightly cron might do this something like: for user in `/bin/ls -A /var/cpanel/users` ; do find /home/$user/mail/cur/ -mtime +14 -exec rm -rf {} \; done for user in `/bin/ls -A /var/cpanel/users` ; do find /home/$user/mail/new/ -mtime +14 -exec rm -rf {} \; done
(I need to check this code haven't tested yet but something like this) possibly have this as an option in tweak settings instead of just "system account" "fail" "black hole" have additional options under "system account" for "server wide" with number of days to retain for on a server wide setting or "user managed" to put this same option in the individual cPanel's for customers to decide the retention period themselves I agree not many users actually WANT the reports or know what to do with them if they had them but they do want the DMARC in place for email delivery/spam prevention and this is the best option I have come up with so far for automating this setup on a server wide scale0
Please sign in to leave a comment.
Comments
5 comments