Analysis
Stalwart automatically analyses incoming DMARC, DKIM, SPF, and TLS reports sent by other domains, removing the need for manual intervention and saving time for administrators. If TLS or message-authentication issues are detected, an event is recorded in the log file or sent to OpenTelemetry. Turning reports into actionable events allows administrators to detect and respond to configuration errors and abuse (such as spam or phishing), helping maintain the integrity of the email system.
Settings
Inbound analysis is configured on the ReportSettings singleton (found in the WebUI under Settings › MTA › Reports › General):
inboundReportAddresses: list of addresses (with optional wildcards) from which reports are intercepted and analysed. These addresses must be routable. Default["postmaster@*"].inboundReportForwarding: whether reports are forwarded to their final recipient after analysis. Defaulttrue.
Example intercepting dmarc@* and abuse@* while still forwarding the report to the original recipient:
{
"inboundReportAddresses": ["dmarc@*", "abuse@*"],
"inboundReportForwarding": true
}
Retention
How long intercepted reports are kept is controlled globally by the DataRetention singleton (found in the WebUI under Settings › Storage › Data Retention › Archiving, Settings › Storage › Data Retention › Data Cleanup, Settings › Storage › Data Retention › Auto-Expunge, Settings › Storage › Data Retention › Telemetry) through the holdMtaReportsFor field, which accepts a duration or null to disable storage. The default is 30d.