diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-22 16:17:11 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-22 16:17:11 +0800 |
commit | 2c8de18a80a603e4f0ef4d9ed167a74e5d22f040 (patch) | |
tree | 9122745f10f544b1a18f7344730dc5d27d91b544 | |
parent | bb0fe8567f021c03df938887ac3dffc461026501 (diff) | |
download | ansible-dfly-vps-2c8de18a80a603e4f0ef4d9ed167a74e5d22f040.tar.bz2 |
dns/zones: improve dmarc record
-rw-r--r-- | group_vars/all/vars.yml | 17 | ||||
-rw-r--r-- | roles/dns/templates/zones/aaronly.me.zone.j2 | 9 | ||||
-rw-r--r-- | roles/dns/templates/zones/liwt.net.zone.j2 | 9 |
3 files changed, 28 insertions, 7 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 5c45138..948bdbf 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -103,15 +103,22 @@ mail: bits: 2048 port: 8901 dmarc: - p: none # policy for the domain - sp: none # policy for subdomains of this domain - aspf: r # alignment mode for SPF (r: relaxed; s: strict) - pct: 100 # percent of messages subjected to filtering - # reporting URI of aggregate reports + p: none # policy for the domain + sp: none # policy for subdomains of this domain + pct: 100 # percent of messages subjected to filtering + adkim: r # alignment mode for DKIM (r: relaxed; s: strict) + aspf: r # alignment mode for SPF (r: relaxed; s: strict) + fo: 1 # Forensic options + # (0: DKIM & SPF fail; 1: DKIM / SPF fail; + # d: DKIM fail; s: SPF fail) + # Aggregate reports URI email (required) # Free DMARC weekly digests by https://dmarc.postmarkapp.com/ rua: liwt.net: re+yis1v8izxn0@dmarc.postmarkapp.com aaronly.me: re+f6lpmirefcg@dmarc.postmarkapp.com + # Forensic reports URI email (optional) + ruf: + liwt.net: abuse@liwt.net # To avoid trashing by GMail google-site-verification: liwt.net: n-dVRtkDeJ8k4BuSphkV-GVso0zJJWO-Z6GYoz6ayOQ diff --git a/roles/dns/templates/zones/aaronly.me.zone.j2 b/roles/dns/templates/zones/aaronly.me.zone.j2 index da4814e..4a25d00 100644 --- a/roles/dns/templates/zones/aaronly.me.zone.j2 +++ b/roles/dns/templates/zones/aaronly.me.zone.j2 @@ -38,7 +38,14 @@ mail IN CNAME mail.{{ network.domain }}. {% endif %} @ IN TXT "v=spf1 mx -all" @ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}" -_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};" +{% set ruatxt = "rua=mailto:" + mail.dmarc.rua[domain] + ";" %} +{% set ruf = mail.dmarc.ruf | default({}) %} +{% if ruf[domain] is defined %} +{% set ruftxt = "ruf=mailto:" + ruf[domain] + ";" %} +{% else %} +{% set ruftxt = "" %} +{% endif %} +_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }}; {{ ruatxt }} {{ ruftxt }}" {% if domain_key is defined %} {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }} {% endif %} diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2 index bbd7d14..03459ee 100644 --- a/roles/dns/templates/zones/liwt.net.zone.j2 +++ b/roles/dns/templates/zones/liwt.net.zone.j2 @@ -46,7 +46,14 @@ mail IN AAAA {{ network.ipv6.address }} {% endif %} @ IN TXT "v=spf1 mx -all" @ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}" -_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};" +{% set ruatxt = "rua=mailto:" + mail.dmarc.rua[domain] + ";" %} +{% set ruf = mail.dmarc.ruf | default({}) %} +{% if ruf[domain] is defined %} +{% set ruftxt = "ruf=mailto:" + ruf[domain] + ";" %} +{% else %} +{% set ruftxt = "" %} +{% endif %} +_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }}; {{ ruatxt }} {{ ruftxt }}" {% if domain_key is defined %} {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }} {% endif %} |