From a0dc65f568706d668cd361ebc387c362307f22f7 Mon Sep 17 00:00:00 2001
From: cronekorkn <git@ckn.li>
Date: Fri, 28 Apr 2023 11:11:11 +0200
Subject: [PATCH] dmarc

---
 bundles/mailserver/metadata.py | 8 ++++++--
 nodes/netcup.mails.py          | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/bundles/mailserver/metadata.py b/bundles/mailserver/metadata.py
index 62ce35b..beda70e 100644
--- a/bundles/mailserver/metadata.py
+++ b/bundles/mailserver/metadata.py
@@ -43,12 +43,16 @@ defaults = {
 )
 def dns(metadata):
     dns = {}
-    
+
     for domain in metadata.get('mailserver/domains'):
         dns[domain] = {
             'MX': [f"5 {metadata.get('mailserver/hostname')}."],
             'TXT': ['v=spf1 a mx -all'],
         }
+        report_email = metadata.get('mailserver/dmarc_report_email')
+        dns[f'_dmarc.{domain}'] = {
+            'TXT': [f'v=DMARC1; p=reject; rua=mailto:{report_email}; ruf=mailto:{report_email}; fo=1;'],
+        }
 
     return {
         'dns': dns,
@@ -66,4 +70,4 @@ def letsencrypt(metadata):
                 },
             },
         },
-    } 
+    }
diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py
index f48d2af..703f2bd 100644
--- a/nodes/netcup.mails.py
+++ b/nodes/netcup.mails.py
@@ -113,6 +113,7 @@
         'mailserver': {
             'hostname': 'mail.sublimity.de',
             'admin_email': 'postmaster@sublimity.de',
+            'dmarc_report_email': 'dmarc@sublimity.de',
             'domains': {
                 'ckn.li',
                 'sublimity.de',