tachtler:postfix_centos_7_-_opendmarc_anbinden_opendmarc-milter
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungLetzte ÜberarbeitungBeide Seiten der Revision | ||
tachtler:postfix_centos_7_-_opendmarc_anbinden_opendmarc-milter [2017/10/20 09:33] – klaus | tachtler:postfix_centos_7_-_opendmarc_anbinden_opendmarc-milter [2021/06/12 08:20] – [/usr/share/opendmarc/db/schema.mysql] klaus | ||
---|---|---|---|
Zeile 19: | Zeile 19: | ||
===== Voraussetzungen ==== | ===== Voraussetzungen ==== | ||
- | Die Instalaltion | + | Die Installation |
* [[http:// | * [[http:// | ||
* Siehe auch nachfolgenden internen Link: [[tachtler: | * Siehe auch nachfolgenden internen Link: [[tachtler: | ||
Zeile 48: | Zeile 48: | ||
Resolving Dependencies | Resolving Dependencies | ||
--> Running transaction check | --> Running transaction check | ||
- | ---> Package opendmarc.x86_64 0:1.3.1-13.el7 will be installed | + | ---> Package opendmarc.x86_64 0:1.4.1-1.el7 will be installed |
- | --> Processing Dependency: libopendmarc(x86-64) = 1.3.1-13.el7 for package: opendmarc-1.3.1-13.el7.x86_64 | + | --> Processing Dependency: libopendmarc(x86-64) = 1.4.1-1.el7 for package: opendmarc-1.4.1-1.el7.x86_64 |
- | --> Processing Dependency: perl(Switch) for package: opendmarc-1.3.1-13.el7.x86_64 | + | --> Processing Dependency: perl(Switch) for package: opendmarc-1.4.1-1.el7.x86_64 |
- | --> Processing Dependency: perl(DBD:: | + | --> Processing Dependency: perl(DBD:: |
- | --> Processing Dependency: libopendmarc.so.2()(64bit) for package: opendmarc-1.3.1-13.el7.x86_64 | + | --> Processing Dependency: libopendmarc.so.2()(64bit) for package: opendmarc-1.4.1-1.el7.x86_64 |
--> Running transaction check | --> Running transaction check | ||
- | ---> Package libopendmarc.x86_64 0:1.3.1-13.el7 will be installed | + | ---> Package libopendmarc.x86_64 0:1.4.1-1.el7 will be installed |
---> Package perl-DBD-MySQL.x86_64 0: | ---> Package perl-DBD-MySQL.x86_64 0: | ||
---> Package perl-Switch.noarch 0: | ---> Package perl-Switch.noarch 0: | ||
Zeile 68: | Zeile 68: | ||
================================================================================ | ================================================================================ | ||
Installing: | Installing: | ||
- | | + | |
Installing for dependencies: | Installing for dependencies: | ||
- | | + | |
| | ||
| | ||
Zeile 82: | Zeile 82: | ||
Is this ok [y/d/N]: y | Is this ok [y/d/N]: y | ||
Downloading packages: | Downloading packages: | ||
- | (1/4): libopendmarc-1.3.1-13.el7.x86_64.rpm | + | (1/4): libopendmarc-1.4.1-1.el7.x86_64.rpm |
- | (2/4): opendmarc-1.3.1-13.el7.x86_64.rpm | + | (2/4): opendmarc-1.4.1-1.el7.x86_64.rpm |
(3/4): perl-DBD-MySQL-4.023-5.el7.x86_64.rpm | (3/4): perl-DBD-MySQL-4.023-5.el7.x86_64.rpm | ||
(4/4): perl-Switch-2.16-7.el7.noarch.rpm | (4/4): perl-Switch-2.16-7.el7.noarch.rpm | ||
Zeile 93: | Zeile 93: | ||
Running transaction | Running transaction | ||
Installing : perl-Switch-2.16-7.el7.noarch | Installing : perl-Switch-2.16-7.el7.noarch | ||
- | Installing : libopendmarc-1.3.1-13.el7.x86_64 | + | Installing : libopendmarc-1.4.1-1.el7.x86_64 |
Installing : perl-DBD-MySQL-4.023-5.el7.x86_64 | Installing : perl-DBD-MySQL-4.023-5.el7.x86_64 | ||
- | Installing : opendmarc-1.3.1-13.el7.x86_64 | + | Installing : opendmarc-1.4.1-1.el7.x86_64 |
Verifying | Verifying | ||
- | Verifying | + | Verifying |
- | Verifying | + | Verifying |
Verifying | Verifying | ||
Installed: | Installed: | ||
- | opendmarc.x86_64 0:1.3.1-13.el7 | + | opendmarc.x86_64 0:1.4.1-1.el7 |
Dependency Installed: | Dependency Installed: | ||
- | libopendmarc.x86_64 0:1.3.1-13.el7 | + | libopendmarc.x86_64 0:1.4.1-1.el7 |
perl-Switch.noarch 0: | perl-Switch.noarch 0: | ||
Zeile 115: | Zeile 115: | ||
# rpm -qil opendmarc | # rpm -qil opendmarc | ||
Name : opendmarc | Name : opendmarc | ||
- | Version | + | Version |
- | Release | + | Release |
Architecture: | Architecture: | ||
- | Install Date: Wed 21 Oct 2015 02:44:46 PM CEST | + | Install Date: Mon 07 Jun 2021 03:08:31 PM CEST |
- | Group : | + | Group : |
- | Size : 356054 | + | Size : 250395 |
License | License | ||
- | Signature | + | Signature |
- | Source RPM : opendmarc-1.3.1-13.el7.src.rpm | + | Source RPM : opendmarc-1.4.1-1.el7.src.rpm |
- | Build Date : Thu 30 Apr 2015 02:54:59 AM CEST | + | Build Date : Sat 22 May 2021 08:44:46 PM CEST |
- | Build Host : buildvm-17.phx2.fedoraproject.org | + | Build Host : buildhw-x86-06.iad2.fedoraproject.org |
Relocations : (not relocatable) | Relocations : (not relocatable) | ||
Packager | Packager | ||
Vendor | Vendor | ||
URL : http:// | URL : http:// | ||
+ | Bug URL : https:// | ||
Summary | Summary | ||
Description : | Description : | ||
Zeile 140: | Zeile 141: | ||
The DMARC sender authentication system is still a draft standard, working | The DMARC sender authentication system is still a draft standard, working | ||
towards RFC status. | towards RFC status. | ||
+ | |||
+ | The database schema required for some functions is provided in | ||
+ | / | ||
+ | / | ||
/ | / | ||
/ | / | ||
/ | / | ||
/ | / | ||
+ | / | ||
/ | / | ||
/ | / | ||
Zeile 152: | Zeile 158: | ||
/ | / | ||
/ | / | ||
- | / | + | / |
- | / | + | / |
- | / | + | / |
- | / | + | / |
- | / | + | / |
- | / | + | / |
- | / | + | |
- | / | + | |
- | / | + | |
/ | / | ||
/ | / | ||
Zeile 169: | Zeile 172: | ||
/ | / | ||
/ | / | ||
- | /var/run/opendmarc | + | /usr/share/opendmarc |
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
/ | / | ||
</ | </ | ||
Zeile 237: | Zeile 252: | ||
===== Konfiguration: | ===== Konfiguration: | ||
- | Damit bei ausgehenden e-Mails auch unsere DMARC-Übrprüfung erfolgreich ist, wir nachfolgender Eintrag im **DNS** benötigt, damit der Abfragende bestimmen kann, wie er mit Nachrichten von uns selbst umgehen soll, wenn die DMACR-Überprüfung seinerseits fehl schlägt. | + | Damit bei ausgehenden e-Mails auch unsere DMARC-Übrprüfung erfolgreich ist, wir nachfolgender Eintrag im **DNS** benötigt, damit der Abfragende bestimmen kann, wie er mit Nachrichten von uns selbst umgehen soll, wenn die DMARC-Überprüfung seinerseits fehl schlägt. |
Unter nachfolgendem externen Link, kann ein TXT-Record, welcher DMARC-Informationen enthalten soll, komfortabel erstellt werden: | Unter nachfolgendem externen Link, kann ein TXT-Record, welcher DMARC-Informationen enthalten soll, komfortabel erstellt werden: | ||
Zeile 286: | Zeile 301: | ||
</ | </ | ||
- | Als absendende Domains für die DMARC-Reports an andere, sollte ein SUB-Domain | + | :!: **WICHTIG** - **Als absendende Domains für die DMARC-Reports an andere, sollte ein __SUB-Domain__ |
* '' | * '' | ||
* '' | * '' | ||
- | Einträge besitzt. | + | **Einträge besitzt, um so __tägliche DMARC Ping-Pong Schleifen (loops) zu vermeiden__.** |
< | < | ||
Zeile 985: | Zeile 1000: | ||
Nachfolgender Eintrag sollte in den **Header-Zeilen** einer **eingehenden e-Mail** zu finden sein, um das Ergebnis der [[http:// | Nachfolgender Eintrag sollte in den **Header-Zeilen** einer **eingehenden e-Mail** zu finden sein, um das Ergebnis der [[http:// | ||
< | < | ||
- | DMARC-Filter: | + | DMARC-Filter: |
Authentication-Results: | Authentication-Results: | ||
</ | </ | ||
Zeile 1010: | Zeile 1025: | ||
Dies kann durch ein, ebenfalls im **'' | Dies kann durch ein, ebenfalls im **'' | ||
- | * ''/ | + | * ''/ |
durchgeführt werden. | durchgeführt werden. | ||
:!: **HINWEIS** - **Falls von einem HOST anstelle von '' | :!: **HINWEIS** - **Falls von einem HOST anstelle von '' | ||
- | ==== /usr/share/doc/opendmarc-1.3.1/ | + | ==== / |
:!: **HINWEIS** - Nachfolgend sollen vom HOST mit der IP-Adresse '' | :!: **HINWEIS** - Nachfolgend sollen vom HOST mit der IP-Adresse '' | ||
Zeile 1024: | Zeile 1039: | ||
-- OpenDMARC database schema | -- OpenDMARC database schema | ||
-- | -- | ||
- | -- Copyright (c) 2012, The Trusted Domain Project. | + | -- Copyright (c) 2012, 2016, 2018, 2021, The Trusted Domain Project. |
-- All rights reserved. | -- All rights reserved. | ||
Zeile 1038: | Zeile 1053: | ||
PRIMARY KEY(id), | PRIMARY KEY(id), | ||
UNIQUE KEY(name) | UNIQUE KEY(name) | ||
+ | ); | ||
+ | |||
+ | -- A table for logging encountered ARC selectors | ||
+ | CREATE TABLE IF NOT EXISTS selectors ( | ||
+ | id INT NOT NULL AUTO_INCREMENT, | ||
+ | domain INT NOT NULL, | ||
+ | name VARCHAR(255) NOT NULL, | ||
+ | firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, | ||
+ | |||
+ | PRIMARY KEY(id), | ||
+ | KEY(name), | ||
+ | UNIQUE KEY(name, domain) | ||
+ | ); | ||
+ | |||
+ | -- A table for logging ARC-Authentication-Results information | ||
+ | CREATE TABLE IF NOT EXISTS arcauthresults ( | ||
+ | id INT NOT NULL AUTO_INCREMENT, | ||
+ | message INT UNSIGNED NOT NULL, | ||
+ | instance INT UNSIGNED NOT NULL, | ||
+ | arc_client_addr VARCHAR(64) NOT NULL DEFAULT '', | ||
+ | |||
+ | PRIMARY KEY(id), | ||
+ | KEY(message), | ||
+ | UNIQUE KEY(message, | ||
+ | ); | ||
+ | |||
+ | -- A table for logging ARC-Seal information | ||
+ | CREATE TABLE IF NOT EXISTS arcseals ( | ||
+ | id INT NOT NULL AUTO_INCREMENT, | ||
+ | message INT UNSIGNED NOT NULL, | ||
+ | domain INT UNSIGNED NOT NULL, | ||
+ | selector INT UNSIGNED NOT NULL, | ||
+ | instance INT UNSIGNED NOT NULL, | ||
+ | firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, | ||
+ | |||
+ | PRIMARY KEY(id), | ||
+ | KEY(message), | ||
+ | UNIQUE KEY(message, | ||
); | ); | ||
Zeile 1044: | Zeile 1097: | ||
id INT NOT NULL AUTO_INCREMENT, | id INT NOT NULL AUTO_INCREMENT, | ||
domain INT NOT NULL, | domain INT NOT NULL, | ||
- | repuri VARCHAR(255) NOT NULL, | + | repuri VARCHAR(255) NOT NULL DEFAULT '' |
- | adkim TINYINT NOT NULL, | + | adkim TINYINT NOT NULL DEFAULT ' |
- | aspf TINYINT NOT NULL, | + | aspf TINYINT NOT NULL DEFAULT ' |
- | policy TINYINT NOT NULL, | + | policy TINYINT NOT NULL DEFAULT ' |
- | spolicy TINYINT NOT NULL, | + | spolicy TINYINT NOT NULL DEFAULT ' |
- | pct TINYINT NOT NULL, | + | pct TINYINT NOT NULL DEFAULT ' |
- | locked TINYINT NOT NULL, | + | locked TINYINT NOT NULL DEFAULT ' |
firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, | firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, | ||
lastsent TIMESTAMP NOT NULL DEFAULT ' | lastsent TIMESTAMP NOT NULL DEFAULT ' | ||
Zeile 1069: | Zeile 1122: | ||
); | ); | ||
- | -- A table for IP addresses | + | -- A table for connecting client |
CREATE TABLE IF NOT EXISTS ipaddr ( | CREATE TABLE IF NOT EXISTS ipaddr ( | ||
id INT NOT NULL AUTO_INCREMENT, | id INT NOT NULL AUTO_INCREMENT, | ||
Zeile 1091: | Zeile 1144: | ||
from_domain INT UNSIGNED NOT NULL, | from_domain INT UNSIGNED NOT NULL, | ||
policy_domain INT UNSIGNED NOT NULL, | policy_domain INT UNSIGNED NOT NULL, | ||
- | spf TINYINT | + | spf TINYINT NOT NULL, |
align_dkim TINYINT UNSIGNED NOT NULL, | align_dkim TINYINT UNSIGNED NOT NULL, | ||
align_spf TINYINT UNSIGNED NOT NULL, | align_spf TINYINT UNSIGNED NOT NULL, | ||
sigcount TINYINT UNSIGNED NOT NULL, | sigcount TINYINT UNSIGNED NOT NULL, | ||
+ | arc TINYINT UNSIGNED NOT NULL, | ||
+ | arc_policy TINYINT UNSIGNED NOT NULL, | ||
PRIMARY KEY(id), | PRIMARY KEY(id), | ||
Zeile 1104: | Zeile 1159: | ||
CREATE TABLE IF NOT EXISTS signatures ( | CREATE TABLE IF NOT EXISTS signatures ( | ||
id INT NOT NULL AUTO_INCREMENT, | id INT NOT NULL AUTO_INCREMENT, | ||
- | message INT NOT NULL, | + | message INT UNSIGNED |
- | domain INT NOT NULL, | + | domain INT UNSIGNED NOT NULL, |
- | pass TINYINT NOT NULL, | + | selector INT UNSIGNED |
- | error TINYINT NOT NULL, | + | pass TINYINT |
+ | error TINYINT | ||
PRIMARY KEY(id), | PRIMARY KEY(id), | ||
Zeile 1115: | Zeile 1171: | ||
-- CREATE USER ' | -- CREATE USER ' | ||
-- GRANT ALL ON opendmarc.* to ' | -- GRANT ALL ON opendmarc.* to ' | ||
- | |||
- | |||
- | -- # Tachtler - Create new users. | ||
- | CREATE USER ' | ||
- | CREATE USER ' | ||
-- # Tachtler - Grant ALL privileges to new users. | -- # Tachtler - Grant ALL privileges to new users. | ||
Zeile 1130: | Zeile 1181: | ||
**__Nachfolgende Änderungen wurden am Skript durchgeführt: | **__Nachfolgende Änderungen wurden am Skript durchgeführt: | ||
+ | |||
+ | * <code mysql> | ||
+ | |||
+ | Austausch des '' | ||
* <code mysql>-- # Tachtler - Create new users. | * <code mysql>-- # Tachtler - Create new users. | ||
Zeile 1150: | Zeile 1205: | ||
Die Ausführung des Skriptes und die damit verbunden Anlage der Datenbank, der Tabellen und Felder und der Nutzer, kann durch Ausführung des nachfolgenden Befehls durchgeführt werden, **zudem jedoch das Kennwort zum Datenbankbenutzer '' | Die Ausführung des Skriptes und die damit verbunden Anlage der Datenbank, der Tabellen und Felder und der Nutzer, kann durch Ausführung des nachfolgenden Befehls durchgeführt werden, **zudem jedoch das Kennwort zum Datenbankbenutzer '' | ||
< | < | ||
- | # / | + | # / |
Enter password: | Enter password: | ||
</ | </ | ||
Zeile 1727: | Zeile 1782: | ||
Complete! | Complete! | ||
</ | </ | ||
- | |||
- | Nachfolgende **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | * **'' | ||
- | |||
- | Die Installation der **Skriptabhängigkeiten**, | ||
- | < | ||
- | # yum install perl-DBI perl-Email-Address perl-Email-Date-Format perl-Email-MIME perl-Email-MIME-ContentType | ||
- | perl-Email-MIME-Encodings perl-Email-MessageID perl-Email-Simple perl-MIME-tools perl-MIME-Types perl-XML- | ||
- | Parser | ||
- | Loaded plugins: changelog, priorities | ||
- | 149 packages excluded due to repository priority protections | ||
- | Package perl-DBI-1.627-4.el7.x86_64 already installed and latest version | ||
- | Package perl-MIME-tools-5.505-1.el7.noarch already installed and latest version | ||
- | Package perl-XML-Parser-2.41-10.el7.x86_64 already installed and latest version | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package perl-Email-Address.noarch 0: | ||
- | ---> Package perl-Email-Date-Format.noarch 0: | ||
- | ---> Package perl-Email-MIME.noarch 0: | ||
- | ---> Package perl-Email-MIME-ContentType.noarch 0: | ||
- | ---> Package perl-Email-MIME-Encodings.noarch 0: | ||
- | ---> Package perl-Email-MessageID.noarch 0: | ||
- | ---> Package perl-Email-Simple.noarch 0: | ||
- | ---> Package perl-MIME-Types.noarch 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | =============================================================================== | ||
- | | ||
- | Size | ||
- | =============================================================================== | ||
- | Installing: | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | =============================================================================== | ||
- | Install | ||
- | |||
- | Total download size: 227 k | ||
- | Installed size: 426 k | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | (1/8): perl-Email-Address-1.898-3.el7.noarch.rpm | ||
- | (2/8): perl-Email-Date-Format-1.002-15.el7.noarch.rpm | ||
- | (3/8): perl-Email-MIME-1.926-1.el7.noarch.rpm | ||
- | (4/8): perl-Email-MIME-Encodings-1.315-1.el7.noarch.rpm | ||
- | (5/8): perl-Email-MIME-ContentType-1.017-1.el7.noarch.rpm | 19 kB | ||
- | (6/8): perl-Email-MessageID-1.404-1.el7.noarch.rpm | ||
- | (7/8): perl-Email-Simple-2.203-1.el7.noarch.rpm | ||
- | (8/8): perl-MIME-Types-1.38-2.el7.noarch.rpm | ||
- | ------------------------------------------------------------------------------- | ||
- | Total 536 kB/s | 227 kB 00:00 | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : perl-Email-Address-1.898-3.el7.noarch | ||
- | Installing : perl-Email-MessageID-1.404-1.el7.noarch | ||
- | Installing : perl-Email-Date-Format-1.002-15.el7.noarch | ||
- | Installing : perl-Email-Simple-2.203-1.el7.noarch | ||
- | Installing : perl-Email-MIME-Encodings-1.315-1.el7.noarch | ||
- | Installing : perl-Email-MIME-ContentType-1.017-1.el7.noarch | ||
- | Installing : perl-MIME-Types-1.38-2.el7.noarch | ||
- | Installing : perl-Email-MIME-1.926-1.el7.noarch | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | perl-Email-Address.noarch 0: | ||
- | perl-Email-Date-Format.noarch 0: | ||
- | perl-Email-MIME.noarch 0: | ||
- | perl-Email-MIME-ContentType.noarch 0: | ||
- | perl-Email-MIME-Encodings.noarch 0: | ||
- | perl-Email-MessageID.noarch 0: | ||
- | perl-Email-Simple.noarch 0: | ||
- | perl-MIME-Types.noarch 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
Nachfolgende **'' | Nachfolgende **'' | ||
Zeile 2276: | Zeile 2224: | ||
< | < | ||
# chown root:root / | # chown root:root / | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Das Skript **'' | ||
- | |||
- | :!: **HINWIES** - **Anpassungen müssen beim Datenbankzugriff durchgeführt werden!** | ||
- | |||
- | <code perl> | ||
- | # | ||
- | |||
- | # Script zum automatischen Verarbeiten der DMARC-Forensic-Mails in die mySQL-Datenbank dmarc | ||
- | # basierend auf den DMARC Reporting scripts (http:// | ||
- | # Über STDIN wird dem Script readdmarcfailure die eMail übergeben, also z.B.: $ readdmarcfailure < mailtext | ||
- | # 2014-05-17 : V.01 by Django (django@mailserver.guru) | ||
- | |||
- | use strict; | ||
- | use MIME:: | ||
- | use MIME::Words qw(:all); | ||
- | use DBI; | ||
- | use Email:: | ||
- | use Email:: | ||
- | |||
- | my $buffer = ''; | ||
- | my $input = ''; | ||
- | my $db_host = " | ||
- | my $db_port = " | ||
- | my $db_name = " | ||
- | my $db_user = " | ||
- | my $db_pass = ""; | ||
- | my $dbh = DBI -> connect (" | ||
- | |||
- | while (sysread(STDIN, | ||
- | $buffer .= $input; | ||
- | } | ||
- | |||
- | my ($zip, $ent, $isgzip); | ||
- | my $parser = new MIME:: | ||
- | | ||
- | $ent = $parser-> | ||
- | my $body = $ent-> | ||
- | $zip = $body; | ||
- | my $mtype = $ent-> | ||
- | my $subject = decode_mimewords($ent-> | ||
- | my $date = decode_mimewords($ent-> | ||
- | my $from = decode_mimewords($ent-> | ||
- | |||
- | # Nachricht eine valider Report? | ||
- | | ||
- | my $valid_report = $1; | ||
- | if ($valid_report ne " | ||
- | print "no valid report!\n"; | ||
- | exit; | ||
- | } | ||
- | else { print " | ||
- | } | ||
- | |||
- | # Daten aus Content-Type" | ||
- | my $content_block = Email:: | ||
- | my ($fr) = grep { $_-> | ||
- | my $mfr = $fr-> | ||
- | $from =~ /< | ||
- | my $domrep = $2; | ||
- | $mfr =~ / | ||
- | my $type = $2; | ||
- | $mfr =~ / | ||
- | my $version = $2; | ||
- | $mfr =~ / | ||
- | my $useragent = $2; | ||
- | $mfr =~ / | ||
- | my $authfailure = $2; | ||
- | $mfr =~ / | ||
- | my $result = $2; | ||
- | $mfr =~ / | ||
- | my $envid = $2; | ||
- | $mfr =~ / | ||
- | my $origbox = $2; | ||
- | my $origdom = $3; | ||
- | $mfr =~ / | ||
- | my $source = $2; | ||
- | $mfr =~ / | ||
- | my $domain = $2; | ||
- | |||
- | # Daten aus Content-Type" | ||
- | my ($rfc822_headers) = grep { $_-> | ||
- | my $org_headers = $rfc822_headers-> | ||
- | | ||
- | my $frombox = $3; | ||
- | my $fromdom = $4; | ||
- | |||
- | # Daten in die mySQL-Datenbank schreiben | ||
- | |||
- | my $sql = " | ||
- | |||
- | $dbh-> | ||
- | </ | ||
- | |||
- | **__Nachfolgende Änderungen wurden am Skript durchgeführt: | ||
- | |||
- | * <code perl>my $db_host = " | ||
- | my $db_port = " | ||
- | my $db_name = " | ||
- | my $db_user = " | ||
- | my $db_pass = ""; | ||
- | my $dbh = DBI -> connect (" | ||
- | |||
- | Anpassen des Datenbankzugriffs in Bezug auf den Datenbank-Server, | ||
- | |||
- | * <code perl>my $sql = " | ||
- | |||
- | Anpassen des **Namens** der Datenbank auf **'' | ||
- | |||
- | :!: **HINWEIS** - **Die Variable '' | ||
- | |||
- | Nachfolgender Befehl setzte die **Datei**- und **Besitzrechte** für das Skript wie folgt: | ||
- | < | ||
- | # chmod 755 / | ||
- | </ | ||
- | und | ||
- | < | ||
- | # chown root:root / | ||
</ | </ | ||
Zeile 2406: | Zeile 2233: | ||
<code python> | <code python> | ||
- | #!/usr/local/bin/python | + | # |
# $Header: / | # $Header: / | ||
# parse DMARC failure reports, add it to the mysql database | # parse DMARC failure reports, add it to the mysql database | ||
Zeile 2448: | Zeile 2275: | ||
# Tachtler | # Tachtler | ||
# default: db = MySQLdb.connect(user=' | # default: db = MySQLdb.connect(user=' | ||
- | db = MySQLdb.connect(host=' | + | db = MySQLdb.connect(host=' |
MySQLdb.paramstyle=' | MySQLdb.paramstyle=' | ||
Zeile 2498: | Zeile 2325: | ||
print " | print " | ||
c.close() | c.close() | ||
+ | db.commit() | ||
| | ||
if __name__ == " | if __name__ == " | ||
Zeile 2532: | Zeile 2360: | ||
(**Nur relevanter Ausschnitt**: | (**Nur relevanter Ausschnitt**: | ||
- | < | ||
- | ... | ||
- | # Tachtler | ||
- | readdmarc | ||
- | flags=DRhu user=nobody argv=/ | ||
- | # Tachtler | ||
- | readdmarcfailure | ||
- | flags=DRhu user=nobody argv=/ | ||
- | </ | ||
- | **__ODER__** | ||
< | < | ||
... | ... | ||
Zeile 2572: | Zeile 2390: | ||
==== / | ==== / | ||
- | Zur Weiterleitung von [[http:// | + | Zur Weiterleitung von [[http:// |
(**Komplette Konfigurationsdatei**: | (**Komplette Konfigurationsdatei**: | ||
Zeile 2595: | Zeile 2413: | ||
</ | </ | ||
- | ==== **ODER** / | + | ==== **ODER |
- | :!: **HINWEIS** - Als alternative Weiterleitung von [[http:// | + | :!: **HINWEIS** - Als alternative Weiterleitung von [[http:// |
(**Nur relevanter Ausschnitt**: | (**Nur relevanter Ausschnitt**: | ||
Zeile 2603: | Zeile 2421: | ||
< | < | ||
... | ... | ||
- | dmarc-aggregate: | + | dmarc-aggregate: |
- | dmarc-incorrect: | + | dmarc-aggregate+badhd: " |
- | </ | + | dmarc-incorrect: " |
- | **__ODER__** | + | dmarc-incorrect+badhd: " |
- | < | + | |
- | ... | + | |
- | dmarc-aggregate: | + | |
- | dmarc-incorrect: | + | |
</ | </ | ||
Zeile 2710: | Zeile 2524: | ||
<code php> | <code php> | ||
- | <?php | ||
- | |||
- | // #################################################################### | ||
<?php | <?php | ||
Zeile 2738: | Zeile 2549: | ||
Anpassung der Zugriffsdaten für die Datenbank, wie Datenbank-Server, | Anpassung der Zugriffsdaten für die Datenbank, wie Datenbank-Server, | ||
- | * < | + | * < |
Standardmäßig keine DNS-Anfragen (lookups) zur Ermittelung der Host-Namen (DNS-Namensauflösung) basierend auf den IP-Adressen durchführen. | Standardmäßig keine DNS-Anfragen (lookups) zur Ermittelung der Host-Namen (DNS-Namensauflösung) basierend auf den IP-Adressen durchführen. | ||
Zeile 2825: | Zeile 2636: | ||
{{: | {{: | ||
- | |||
- | ==== Performace Verbesserung DMARC Reports Web GUI ==== | ||
- | |||
- | Um den Seitenaufbau der DMARC Reports Web GUI zu beschleunigen, | ||
- | * ''/ | ||
- | erforderlich: | ||
- | |||
- | Alle Anpassungen sind mit dem Kommentar | ||
- | <code php> | ||
- | # Tachtler | ||
- | </ | ||
- | versehen. | ||
- | |||
- | (**Nur relevanter Ausschnitt**) | ||
- | |||
- | **Funktion: '' | ||
- | <code php> | ||
- | function tmpl_reportData($reportnumber, | ||
- | |||
- | if (!$reportnumber) { | ||
- | return ""; | ||
- | } | ||
- | |||
- | $reportdata[] = ""; | ||
- | $reportdata[] = "< | ||
- | |||
- | if (isset($allowed_reports[BySerial][$reportnumber])) { | ||
- | $row = $allowed_reports[BySerial][$reportnumber]; | ||
- | $reportdata[] = "< | ||
- | } else { | ||
- | return " | ||
- | } | ||
- | |||
- | $reportdata[] = "<a id=' | ||
- | $reportdata[] = "< | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | # Tachtler - DISABLED - | ||
- | # default: $reportdata[] = " | ||
- | # $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | |||
- | $reportdata[] = " | ||
- | |||
- | global $mysqli; | ||
- | $sql = " | ||
- | $query = $mysqli-> | ||
- | while($row = $query-> | ||
- | $status=""; | ||
- | if (($row[' | ||
- | $status=" | ||
- | } elseif (($row[' | ||
- | $status=" | ||
- | } elseif (($row[' | ||
- | $status=" | ||
- | } else { | ||
- | $status=" | ||
- | }; | ||
- | |||
- | if ( $row[' | ||
- | $ip = long2ip($row[' | ||
- | } | ||
- | if ( $row[' | ||
- | $ip = inet_ntop($row[' | ||
- | } | ||
- | |||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | # Tachtler - DISABLED - | ||
- | # default: $reportdata[] = " | ||
- | # $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | $reportdata[] = " | ||
- | } | ||
- | $reportdata[] = " | ||
- | $reportdata[] = "</ | ||
- | |||
- | $reportdata[] = "< | ||
- | $reportdata[] = ""; | ||
- | |||
- | #indent generated html by 2 extra spaces | ||
- | return implode(" | ||
- | } | ||
- | </ | ||
- | |||
- | Die Sortierreihenfolge der DMARC Reports Web GUI von Absteigend auf Aufsteigen - neuster Eintrag als erster Eintrag - kann mit nachfolgender Anpassung durchgeführt werden: | ||
- | |||
- | (**Nur relevanter Ausschnitt**) | ||
- | |||
- | **Funktion: '' | ||
- | <code php> | ||
- | //#################################################################### | ||
- | //### main ########################################################### | ||
- | //#################################################################### | ||
- | |||
- | // The file is expected to be in the same folder as this script, and it | ||
- | // must exist. | ||
- | include " | ||
- | |||
- | // Make a MySQL Connection using mysqli | ||
- | $mysqli = new mysqli($dbhost, | ||
- | if ($mysqli-> | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | exit; | ||
- | } | ||
- | |||
- | define(" | ||
- | define(" | ||
- | define(" | ||
- | |||
- | // Get allowed reports and cache them - using serial as key | ||
- | $allowed_reports = array(); | ||
- | # Include the rcount via left join, so we do not have to make an sql query for every single report. | ||
- | # Tachtler - CHANGE ORDER to DESCending - | ||
- | # default: $sql = " | ||
- | $sql = " | ||
- | $query = $mysqli-> | ||
- | while($row = $query-> | ||
- | //todo: check ACL if this row is allowed | ||
- | if (true) { | ||
- | //add data by serial | ||
- | $allowed_reports[BySerial][$row[' | ||
- | //make a list of serials by domain and by organisation | ||
- | $allowed_reports[ByDomain][$row[' | ||
- | $allowed_reports[ByOrganisation][$row[' | ||
- | } | ||
- | } | ||
- | | ||
- | if(isset($_GET[' | ||
- | $reportid=$_GET[' | ||
- | }elseif(!isset($_GET[' | ||
- | $reportid=false; | ||
- | }else{ | ||
- | die(' | ||
- | } | ||
- | // Generate Page with report list and report data (if a report is selected). | ||
- | echo tmpl_page( "" | ||
- | .tmpl_reportList($allowed_reports) | ||
- | .tmpl_reportData($reportid, | ||
- | ); | ||
- | ?> | ||
- | </ | ||
===== Test Werkzeuge ===== | ===== Test Werkzeuge ===== |
tachtler/postfix_centos_7_-_opendmarc_anbinden_opendmarc-milter.txt · Zuletzt geändert: 2021/06/12 08:21 von klaus