TLSRPT-REPORTD(1)               tlsrpt-reportd               TLSRPT-REPORTD(1)

NAME
       tlsrpt-reportd - A daemon to create and deliver TLSRPT reports
       according to RFC 8460.

SYNOPSIS
       tlsrpt-reportd [OPTION]

DESCRIPTION
       The tlsrpt-reportd is the final component in the TLSRPT framework.  A
       MTA (Mail Transfer Agent) reports successful delivery or encountered
       errors via libtlsrpt to a tlsrpt-collectd which collects and
       pre-aggregates the data.  The tlsrpt-fetcher associated with a
       tlsrpt-collectd transfers the pre-aggregated data to the
       tlsrpt-reportd.  The tlsrpt-reportd can retrieve data from multiple
       tlsrpt-fetchers and aggregates the pre-aggregated data into the final
       reports.  Those reports are gzip-compressed and sent out to the
       destinations as specified in the TLSRPT DNS records of the domains that
       have received emails from the MTA.

       A simple data flow diagram visualizing the interaction of the
       components looks like this: (MTA) v libtlsrt v tlsrpt-collectd v
       (storage) v tlsrpt-fetcher v tlsrpt-reportd v (report destination)

OPTIONS
   Report creation and configuration options
       --contact_info=addr
           Use addr as contact info in the TLSRPT report according to RFC
           8460.

       --organization_name=descr
           Use descr as name of the organization sending the TLSRPT report
           according to RFC 8460.

       --sender_address=email
           Use email as "From:" address when sending reports via email.

       --fetchers=list
           List of fetcher commands to retrieve data.  Multiple fetcher
           commands can be given separated by commas.

       --dbname=path
           Use SQLite data base at location path.

       --compression_level=n
           Use compression level n to gzip-compress the TLSRPT reports.

       --keep_days=n
           Keep old data for n days before deleting from the database.

   Report delivery options
       --spread_out_delivery=sec
           Spread out the delivery of TLSRPT reports over sec seconds.  This
           setting should be set to several hours according to RFC8460,
           section 4.1.  For example, set spread_out_delivery to 14400 to
           spread out the delivery of the reports over four hours.

       --sendmail_script=path
           Use the script path to send a TLSRPT report via email.

       --sendmail_timeout=sec
           Set timeout of sec seconds for email requests to deliver reports.

       --http_script=path
           Use the script path to upload a TLSRPT report via HTTP(S).

       --http_timeout=sec
           Set timeout of sec seconds for HTTP POST requests to deliver
           reports.

       --max_retries_delivery=n
           Give up after n failed attempts to deliver a report to its
           destination.

       --min_wait_delivery=sec
           Minimum time to wait before retrying a failed report delivery
           attempt.

       --max_wait_delivery=sec
           Maximum time to wait before retrying a failed report delivery
           attempt.

   Options controlling the interaction with one or more tlsrpt-collectd
       --max_collectd_timediff=sec
           Log a warning if the collectd clock reported by its fetcher differs
           by more than sec seconds from the reportd's clock.  The reportd
           starts querying the fetchers sec seconds after the UTC day change,
           so a clock difference bigger than sec seconds indicates the
           collectd might not yet been ready to provide the complete data for
           the previous day.

       --max_collectd_timeout=sec
           Wait at most sec seconds for a fetcher to finish a request for data
           from its collectd.

       --max_retries_domaindetails=n
           Give up after n failed attempts to retrieve report details for a
           domain.

       --min_wait_domaindetails=sec
           Minimum time to wait before retry after a failed attempt to get the
           report details for a domain from a tlsrpt-collectd.

       --max_wait_domaindetails=sec
           Maximum time to wait before retry after a failed attempt to get the
           report details for a domain from a tlsrpt-collectd.

       --max_retries_domainlist=n
           Give up after n failed attempts to retrieve the list of domains
           from a tlsrpt-collectd.

       --min_wait_domainlist=sec
           Minimum time to wait before retry after a failed attempt to get the
           list of domains from a tlsrpt-collectd.

       --max_wait_domainlist=sec
           Maximum time to wait before retry after a failed attempt to get the
           list of domains from a tlsrpt-collectd.

       --interval_main_loop=sec
           Wake up an idle main loop even if there are no tasks after sec
           seconds of inactivity.

   Debug and development options
       --debug_db=n
           Control database debugging: 0 turns database debugging off, 1
           activates logging of database statements.

       --debug_send_file_dest=dir
           Save reports into directory dir in addition to their delivery via
           email or HTTP POST requests.

       --debug_send_mail_dest=path
           Override the email destination to send out reports via email.
           Please note: With this option set, reports to email destinations
           will not be sent ot the requested destination from the TLSRPT DNS
           record but to this replacement address instead!  This option must
           not be used on production systems!

       --debug_send_http_dest=path
           Override the HTTP POST destination to send out reports via HTTP
           POST requests.  Please note: With this option set, reports to HTTP
           POST destinations will not be sent ot the requested destination
           from the TLSRPT DNS record but to this replacement URL instead!
           This option must not be used on production systems!

   General options
       --config_file=filename
           Read options from the section tlsrpt_reportd of the INI-style
           configuration file filename.  Environment variables override
           setings from the configurstion file and command line options
           override both.

       --help
           Print a help message describing all options.

       --pidfilename=path
           Specifies the file that contains the process ID of the
           tlsrpt-reportd daemon. An empty string will cause no PID file to be
           created.

   Logging options
       --logfilename=filename
           Use filename as log file.

       --log_level=level
           Set log level to level, allowed values: debug, info, warn, error.

ENVIRONMENT
       All config options except --help and --config_file can also be set via
       environment variables.  The environment variable for a configuration
       option is the prefix TLSRPT_REPORTD_ followed by the configuration
       setting name in all caps.  For example the --log_level option can
       instead by configured using the TLSRPT_REPORTD_LOG_LEVEL environment
       variable.

EXAMPLES
       Retrieve data from a local fetcher with standard configuration and from
       another local fetcher with a different storage:

       tlsrpt-reportd --fetchers "tlsrpt-fetcher, tlsrpt-fetcher --storage
       sqlite:///tmp/test.sqlite"

       Retrieve data from a local fetcher and a remote fetcher:

       tlsrpt-reportd --fetchers "tlsrpt-fetcher, ssh user@remote
       tlsrpt-fetcher"

EXIT STATUS
       0
           Success.

       1
           Failure.

SEE ALSO
       man:tlsrpt-collectd[1], man:tlsrpt-fetcher[1]

AUTHOR
       Boris Lohner

tlsrpt-reportd                    2025-02-22                 TLSRPT-REPORTD(1)