Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andrewkvalheim/dmarc-report-notifier

Headless periodic DMARC report handler ⊷ Mirror
https://github.com/andrewkvalheim/dmarc-report-notifier

dmarc-reports

Last synced: 2 months ago
JSON representation

Headless periodic DMARC report handler ⊷ Mirror

Awesome Lists containing this project

README

        

# DMARC report notifier

*DMARC report notifier* is a headless periodic handler of [DMARC] aggregate reports. In contrast to other solutions to DMARC report monitoring that pursue elaborate web dashboards designed to guide an organization through policy rollouts and infrastructure changes, this utility is intended to fill the gap for low-volume senders with already aligned infrastructure that just need to do the minimum due diligence of being alerted to unexpected problems.

Intended to be scheduled as a daily job, this uses [parsedmarc] to read DMARC reports from a specified IMAP folder and then move them to an archive in the same mailbox. If any reports indicate a problem, a notification is sent via Matrix.

Example notification:

>
> ⛔ 1 message blocked
>
>
> CountSenderSPFDKIMDMARCReporter
>
>
>
> 1
> IP: 192.0.2.1
rDNS: example.com
Envelope: example.com
Header: example.com
> ⛔
example.com: pass
> ⛔
example.com: pass
> ⛔
> Example
>
>
>
>
>
> ✅ 12 messages allowed
>
>
> CountSenderSPFDKIMDMARCReporter
>
>
>
> 6
> IP: 192.0.2.2
rDNS: example.com
Envelope: example.com
Header: example.com
> ✅
example.com: pass
> ✅
example.com: pass
> ✅
> Example
>
>
> 3
> IP: 192.0.2.3
rDNS: example.com
Envelope: example.com
Header: example.com
> ✅
example.com: pass
> ✅
example.com: pass
> ✅
> Example
>
>
> 2
> IP: 192.0.2.3
rDNS: example.com
Envelope: example.com
Header: example.com
> ✅
example.com: pass
> ✅
example.com: pass
> ✅
> Example
>
>
> 1
> IP: 192.0.2.4
rDNS: example.com
Envelope: example.com
Header: example.com
> ✅
example.com: pass
> ✅
example.com: pass
> ✅
> Example
>
>
>
>

Configuration:

- Incoming reports:
- `IMAP_HOST`: parsedmarc `imap.host`
- `IMAP_USERNAME`: parsedmarc `imap.user`
- `IMAP_PASSWORD`: parsedmarc `imap.password`
- `IMAP_FOLDER_PROCESSED`: parsedmarc `mailbox.reports_folder`
- `IMAP_FOLDER_UNPROCESSED`: parsedmarc `mailbox.archive_folder`
- Outgoing notifications:
- `NOTIFICATION_LEVEL`: level of DMARC failure to report (`INFO`/`WARN`/`ERROR`)
- `MATRIX_HOMESERVER_URL`: base URL of Matrix client-server API
- `MATRIX_ACCESS_TOKEN`: secret access token of user to send notifications from
- `MATRIX_ROOM_ID`: room ID to send notifications to

[DMARC]: https://en.wikipedia.org/wiki/DMARC
[Matrix]: https://matrix.org/
[parsedmarc]: https://github.com/domainaware/parsedmarc