kumomta icon indicating copy to clipboard operation
kumomta copied to clipboard

Published 20 hours ago verified publisher icon KumoCorp

TLSRPT Report Generation

Open MHillyer opened this issue 1 year ago • 2 comments

TLSRPT: https://datatracker.ietf.org/doc/html/rfc8460

MHillyer avatar Mar 28 '23 19:03 MHillyer

  • Reports sent via SMTP MUST contain a valid DomainKeys Identified Mail (DKIM) [RFC6376] signature by the reporting domain.
  • The DKIM TXT record SHOULD contain the appropriate service type declaration, "s=tlsrpt". If not present, the receiving system MAY ignore reports lacking that service type.

This implies that we need special configuration for generating, signing and sending these reports

wez avatar Sep 13 '23 16:09 wez

Reports need to be batched daily, but with a randomized delivery time; the randomization is prevent everyone sending all their reports at eg: midnight-UTC to the same place.

We'll need infrastructure to count problems per destination domain, and a nightly generation run to format the report, sign it and send it.

We'll also need configuration to specify the organization and dkim signing information.

wez avatar Sep 13 '23 16:09 wez