add dmarc reporting

README.md

@@ -2,6 +2,16 @@
 
 ## configuration
 
+```
+rspamd:
+  redis: false
+  train_from_junk: false
+  dmarc_reporting:
+    enabled: false
+  local_configs: {}
+```
+
+
 ### redis
 configure redis and tell rspamd to use it:
 ```
@@ -21,15 +31,7 @@ redis:
       maxmemory_policy: volatile-ttl
 
 rspamd:
-  local_configs:
-    redis.conf:
-      servers: /var/run/redis/redis-rspamd.sock
-    classifier-bayes.conf:
-      backend: redis
-      servers: /var/run/redis/redis-rspamd-bayes.sock
-    worker-fuzzy.inc:
-      backend: redis
-      servers: /var/run/redis/redis-rspamd-fuzzy.sock
+  redis: true
 ```
 
 ### milter
@@ -53,9 +55,37 @@ rspamd can sign outgoing mails with dkim. the following steps are necessary:
 * create/update selector in `/etc/rspamd/dkim_selectors.map`: `<domain>   <selector>`
 
 
+## dmarc reporting
+
+rspamd can be instructed to send dmarc reports:
+```
+rspamd:
+  dmarc_reporting:
+    enabled: true # Enable reports in general
+    email: 'dmarc-reports-noreply@example.de' # Source of DMARC reports
+    domain: 'example.de' # Domain to serve
+    org_name: 'example' # Organisation
+    # Optional parameters
+    bcc_addrs: # additional addresses to copy on reports
+      - "postmaster@example.de"
+    report_local_controller: false # Store reports for local/controller scans (for testing only)
+    helo: 'rspamd.localhost' # Helo used in SMTP dialog
+    smtp: '127.0.0.1' # SMTP server IP
+    smtp_port: 25 # SMTP server port
+    from_name: 'rspamd' # SMTP FROM
+    msgid_from: 'rspamd' # Msgid format
+    max_entries: 1000
+    keys_expire: 172800 # 2 days
+```
+
 ## spam learning
 To train ham/spam from move actions from/to junk folder, `imap_sieve` needs to be enabled in dovecot.
 
+```
+rspamd:
+  train_from_junk: true
+```
+
 ## writing manual rules
 example:
 ```

defaults/main.yml

@@ -2,6 +2,16 @@ rspamd:
   redis: false
   train_from_junk: false
   local_configs: {}
+  dmarc_reporting:
+    enabled: false
+    report_local_controller: false
+    helo: 'rspamd.localhost'
+    smtp: '127.0.0.1'
+    smtp_port: 25
+    from_name: 'rspamd'
+    msgid_from: 'rspamd'
+    max_entries: 1000
+    keys_expire: 172800 # 2 days
 rspamd_redis:
   local_configs:
     redis.conf:

files/dmarc-reporting.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Send rspamd DMARC reports
+Wants=dmarc-reports.timer
+
+[Service]
+User=_rspamd
+Group=_rspamd
+Type=oneshot
+ExecStart=/usr/bin/rspamadm dmarc_report

files/dmarc-reporting.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Send rspamd DMARC reports daily
+
+[Timer]
+# send reports daily, but not directly at midnight. 
+OnCalendar=*-*-* 00:42
+AccuracySec=1h
+
+[Install]
+WantedBy=multi-user.target

tasks/main.yml

@@ -14,6 +14,18 @@
       groups: redis
       append: true
 
+- name: disable dmarc reports if redis is not configured
+  when: rspamd.dmarc_reporting.enabled and not rspamd.redis
+  set_fact:
+    rspamd:
+      dmarc_reporting:
+        enabled: false
+
+- name: add dmarc reporting config to local_configs
+  set_fact:
+    rspamd:
+      local_configs: "{{ ( {'dmarc.conf': {'reporting':rspamd.dmarc_reporting} } )|combine( rspamd.local_configs, recursive=True) }}"
+
 - name: create local.d config files
   template:
     src: local.d.config.j2
@@ -25,5 +37,30 @@
   notify:
     - restart rspamd
 
+- when: rspamd.dmarc_reporting.enabled
+  block:
+  - name: copy dmarc reporting systemd files
+    copy:
+      src: "{{ item }}"
+      dest: "/etc/systemd/system/{{ item }}"
+      owner: root
+      group: root
+      mode: 0755
+    with_items:
+      - dmarc-reporting.service
+      - dmarc-reporting.timer
+    register: dmarc_reporting_systemd_files
+
+  - name: reload systemd files
+    systemd_service:
+      daemon_reload: true
+    when: dmarc_reporting_systemd_files.changed
+
+- name: en- or disable dmarc reporting service
+  service:
+    name: dmarc-reporting.timer
+    state: "{{ 'started' if rspamd.dmarc_reporting.enabled else 'stopped' }}"
+    enabled: "{{ 'yes' if rspamd.dmarc_reporting.enabled else 'no' }}"
+
 - include_tasks: sieve_train_from_junk.yml
   when: rspamd.train_from_junk