Moin,
with Vsevolod quickly fixing external maps for dmarc in
https://github.com/rspamd/rspamd/pull/5722 (thanks!), this actually
works now (with some small logic changes on the server side.
I rolled a custom 3.13.2, and--with the following configuration--policy
domains get checked against the service (and added for regular checking
if they are not yet in the DB).
If not all RUAs for a domain failed, the individual RUAs are also
checked, and only those that have been found to be undeliverable are
skipped.
exclude_domains = {
external = true;
backend =
"https://stalemarc.measurement.network/api/checkDomain.php";;
method = "query";
encode = "json";
timeout = 1.0;
}
exclude_rua_addresses = {
external = true;
backend =
"https://stalemarc.measurement.network/api/checkRua.php";;
method = "query";
encode = "json";
timeout = 1.0;
}
(The 'encode' setting can likely be skipped, though.)
Will report back what this does to my mailq over time.
With best regards,
Tobias
On Thu, 2025-10-30 at 10:28 +0100, Tobias Fiebig via mailop wrote:
> Moin,
>
> > Are you aware, that this can be considered as abuse by legitimate
> > other sides, if used without agreement? And once decided that, you
> > can be blocked, and thus your results can be false positive? IMO it
> > doesn't matter how often you will send that test report...
>
> I do not really see how 'sending a DMARC report to a published
> RUA/RUF'
> would be considered abuse?
>
> Also, the report does not contain any deliveries, i.e., should not
> register, and is sent max. once per two weeks.
>
> I was pondering to include any information in the report, but that,
> instead, might actually add (incorrect) data to somebodies DMARC
> reports. So, I opted for the empty report.
>
> If I overlooked something, please let me know.
>
> > And second, undeliverable rua can be just mistake in config or
> > misuse
> > of gmail (or so) ratelimited mailbox, as is in many of my cases
> > (legitimate domains/mails).
>
> Yes. Still filling my mailq. That is why destinations are regularly
> rechecked.
>
> > BTW, rspamd supports maps in dmarc_report module (exclusion), while
> > i use only static file DB for that, it should be configured by map
> > type prefix, eg redis or regex, in recent versions.
>
> Yes, it does. It does not, however, support external_map maps for the
> DMARC plugin. So, technically, the static export already does work.
> However, that does not automatically add new domains.
>
> With best regards,
> Tobias
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M [email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
