add suppression list for outgoing dmarc and tls reports

for reporting addresses that cause DSNs to be returned. that just adds noise. the admin can add/remove/extend addresses through the webadmin. in the future, we could send reports with a smtp mail from of "postmaster+<signed-encoded-recipient>@...", and add the reporting recipient on the suppression list automatically when a DSN comes in on that address, but for now this will probably do.
2025-07-12 10:24:37 +03:00 · 2023-11-13 13:48:52 +01:00
parent 6ce69d5425
commit e24e1bee19
12 changed files with 697 additions and 17 deletions
--- a/queue/queue.go
+++ b/queue/queue.go
@ -605,6 +605,20 @@ func deliver(resolver dns.Resolver, m Msg) {
 		now := time.Now()
 		dayUTC := now.UTC().Format("20060102")

+		// See if this contains a failure. If not, we'll mark TLS results for delivering
+		// DMARC reports SendReport false, so we won't as easily get into a report sending
+		// loop.
+		var failure bool
+		for _, result := range hostResults {
+			if result.Summary.TotalFailureSessionCount > 0 {
+				failure = true
+				break
+			}
+		}
+		if recipientDomainResult.Summary.TotalFailureSessionCount > 0 {
+			failure = true
+		}
+
 		results := make([]tlsrptdb.TLSResult, 0, 1+len(hostResults))
 		tlsaPolicyDomains := map[string]bool{}
 		addResult := func(r tlsrpt.Result, isHost bool) {
@ -629,7 +643,7 @@ func deliver(resolver dns.Resolver, m Msg) {
 				DayUTC:          dayUTC,
 				RecipientDomain: m.RecipientDomain.Domain.Name(),
 				IsHost:          isHost,
-				SendReport:      !m.IsTLSReport,
+				SendReport:      !m.IsTLSReport && (!m.IsDMARCReport || failure),
 				Results:         []tlsrpt.Result{r},
 			}
 			results = append(results, tlsResult)