Explicitly allow cross-domain DMARC reports

2023-01-26 12:11:01 +00:00 · 2023-01-26 12:11:01 +00:00 · 120b7d97c4
commit 120b7d97c4
parent d08268baba
1 changed files with 15 additions and 0 deletions
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -84,6 +84,21 @@ resource "cloudflare_record" "theorangeonenet_dmarc" {
  ttl     = 1
 }

+resource "cloudflare_record" "theorangeonenet_dmarc_report" {
+  for_each = toset([
+    cloudflare_zone.theorangeonenet.zone,
+    cloudflare_zone.jakehowardtech.zone,
+    cloudflare_record.theorangeonenet_mailgun_spf.hostname,
+    cloudflare_record.jakehowardtech_mailgun_spf.hostname,
+  ])
+
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "${each.value}._report._dmarc"
+  value   = "v=DMARC1"
+  type    = "TXT"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_apex" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "@"