Remove RUA/RUF from DMARC DNS records

We run a Virtualmin setup with over 150 domains and each one has a DMARC DNS record that was set up with the Virtualmin default of sending e-mail reports to postmaster@domain.com (where domain.com is the virtual server's domain name). However, because our business model is building Websites for other businesses, and managing the entire lifecycle of the site for them (including maintenance and updates), we've set the contact e-mail address for each of these 150+ virtual servers, and thus the address to which e-mails to postmaster@domain.com are forwarded, to be the same internal e-mail address.

This means that DMARC report e-mails are being sent to the same address for each of our virtual servers and this is starting to cause problems because Gmail (which hosts that address) is rate limiting us due to the number of reports sent out and the daily frequency of these reports.

Therefore, I was looking for a way to either (1) easily change the e-mail address/URI of existing DMARC DNS records by way of the Virtualmin GUI or command line, or (2) disable reports for existing DMARC records (by removing the RUA/RUF properties of these records), neither of which is possible at the moment, at least not to my knowledge. If there's something I'm missing here please fill me in, but as of right now I haven't been able to find a way in Virtualmin to easily accomplish my ideal goal of just removing the report properties from DMARC records for one or more existing virtual servers to stop reports from being sent at all.

Is this something that could be added to Virtualmin in the future, more fine-grain control over DMARC report settings?

Status: 
Fixed (pending)

Comments

For new domains, you can configure the RUF / RUA addresses at System Settings -> Server Templates -> Default Settings -> BIND DNS Server. They can't be removed entirely (because I think the spec mandates them), but you can customize to anything you want.

Currently no, but you could set it to an email address that just deletes all messages as a work-around.

Would it be possible to add an option to remove the records then since such an option doesn't currently exist in Virtualmin? I know you said that the e-mail could just be changed to an address that doesn't accept messages, but this may not be ideal in all cases and still causes our mail servers to be bombarded with messages (from our 150+ domains) about DMARC.

I support this request. This is a problem for professional users of your software. It does not scale or lacks options like this that would help manage bigger systems with a lot of domains and users.

A hacky solution I just thought of would be to edit all BIND zone files manually via the command-line using some kind of text parsing command (like sed) that can do text replacement and remove all references to RUA/RUF properties of a DMARC record, but this is, as just stated, only a hacky solution and a very finnicky one at that because I don't think it could be done with just one command. I believe a more formal, GUI/Virtualmin CLI solution should be implemented for removing e-mail reporting from DMARC records.

I'll look into making this optional in the next release - it shouldn't be too hard to add an option in the UI for it.

Ok, the next release will allow you to customize the RUF/RUA addresses (or exclude them entirely).

Awesome! Thanks so much for your work on this. Do you have an ETA of when the next release will be available? Also, will this release include command-line support (i.e. in the existing "modify-dns" command) for changing these records in bulk?