dmarc_report 1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '008d36fdf239257774fba2efbb5a49503b7057bc728f247f16e3dbf0c4e3ce8e'
+  data.tar.gz: 8933c858c7fa067c9dfef91223f5bc6c01cb8bc59b7f30ea5f0d02ee78a4b09d
+SHA512:
+  metadata.gz: e82ae67b93a3e13e1e7d093f4ad3fdf5b9b3fc4cde861213aab513fae979246231799c1db7648d4d347cf8d83e8961db3928becba5c57b5eefe5b6ae3a05f59f
+  data.tar.gz: 9ab1f2409872e52297959960b0c48f429079a9a46729f9c30cfe893d83f0312e13ac96dafc3a50dc3e5ed71ec2ffe0bccd5b0df6fd081baf6010009cc22147f7

data/.gitignore

@@ -0,0 +1,14 @@
+.rubocop_todo.yml
+DMARC
+HISTORY
+Makefile
+crontab.new
+run-dmarc.sh
+dmarc-profile.sh
+/config
+/doc
+/log
+/rules
+*.json
+*.csv
+*.gem

data/.rubocop.yml

@@ -0,0 +1,44 @@
+inherit_from: .rubocop_todo.yml
+
+# rubocop configuration
+
+AllCops:
+  NewCops: enable
+
+Layout/SpaceInsideArrayLiteralBrackets:
+  EnforcedStyle: space
+  Exclude:
+    - 'blocklistshow.gemspec'
+
+Layout/SpaceInsideParens:
+  EnforcedStyle: space
+  Exclude:
+    - 'blocklistshow.gemspec'
+
+Layout/SpaceInsideRangeLiteral:
+  #EnforcedStyle: space
+  Enabled: false
+
+Layout/SpaceInsideReferenceBrackets:
+  EnforcedStyle: space
+  Exclude:
+    - 'blocklistshow.gemspec'
+
+Metrics/MethodLength:
+  Max: 20
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/RegexpLiteral:
+  Enabled: false
+
+Style/SpecialGlobalVars:
+  EnforcedStyle: use_perl_names
+
+Style/SymbolArray:
+  EnforcedStyle: brackets
+
+Style/WordArray:
+  EnforcedStyle: brackets
+

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 1.0 (2023-12-23)
+
+  - Initial Release.

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2020-2023 Dirk Meyer
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,84 @@
+# dmarc_report
+This is the backend for parsing DMARC reports
+
+Backend and frontend should run on diffrent machines.
+This avoids to have you IMAP credentials on the public webserver.
+The cron-job push the results via rsync to the webserver.
+
+## Requirements:
+ * Install cron
+ * Install ruby
+ * Install ruby-rubygems
+ * Install ripmime
+ * Install gzip (gunzip)
+ * Install unzip
+ * Install rsync
+ * IMAP Account where DMARC reports are comming in
+ * Configuration in YAML
+
+## Installation:
+
+    gem install --user-install dmarc_report
+
+for Diagnostics, add the rubygem dir to your search path
+
+FreeBSD:
+
+    vim .profile
+    PATH="$PATH:$HOME/.gem/ruby/3.1/bin"
+
+Debian:
+
+    vim .profile
+    PATH="$PATH:$HOME/.local/share/gem/ruby/3.1.0/bin"
+
+Create the working directory:
+
+    cd
+    mkdir -p dmarc
+    cd dmarc
+    install-dmarc_report.rb
+
+Edit your IMAP account data:
+
+    vim config/dmarc.yml
+
+Check your rulesets:
+
+    vim rules/dmarc.yml
+
+Edit the target directory for your webserver:
+
+    vim dmarc_profile.sh
+
+Check the script for your cron:
+
+    vim run-dmarc.sh
+
+Check the function
+
+    ./run-dmarc.sh
+
+Edit your crontab:
+
+    crontab -e
+    # crontab for dmarc_report
+    #minute hour    mday    month   wday    command
+    13      8,12,18 *       *       *       /home/user/dmarc/run-dmarc.sh
+    #
+
+# Processing:
+
+```mermaid
+sequenceDiagram
+IMAP ->> File: dmarc_imap.rb
+File ->> Attachment: dmarc_ripmime.rb
+Attachment ->> XML: dmarc_ripmime.rb
+XML ->> CSV: dmarc_report.rbS
+CSV ->> HTML: dmarc.rhtml
+```
+
+# Frontend:
+
+See: https://github.com/dinoex/dmarc_view
+

data/bin/dmarc_dns.rb

@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+
+# = dmarc_dns.rb
+#
+# Author::    Dirk Meyer
+# Copyright:: Copyright (c) 2020 - 2023 Dirk Meyer
+# License::   Distributes under the same terms as Ruby
+# SPDX-FileCopyrightText: 2020-2023 Dirk Meyer
+# SPDX-License-Identifier: Ruby
+#
+# Maintain a DNS cache for IPs of Mail-servers
+# Input: dmarc-report.csv
+# Output: dmarc-dns.json
+#
+
+require 'resolv'
+require 'ipaddr'
+require 'json'
+require 'csv'
+
+# input file in CSV format
+INPUT_FILE = 'dmarc-report.csv'.freeze
+# output file in JSON format
+DNS_CACHE_FILE = 'dmarc-dns.json'.freeze
+
+# get ptr from host command (bind9)
+def get_dns_host( ip )
+  result = nil
+  `host '#{ip}'`.split( "\n" ).each do |line|
+    return 'not found' if line =~ /not found/
+    return line.split( /\s/ ).last if line =~ /domain name pointer/
+
+    result = line
+  end
+  result
+end
+
+# get ptr from DNS resolver
+def getname_save( ip )
+  Resolv.getname( ip ).to_s
+rescue Resolv::ResolvError
+  'not found'
+end
+
+# get ptr for IP
+def get_dns( ip )
+  return 'not found' if ip == ''
+  return 'not found' if ip.nil?
+
+  # return get_dns_host( ip )
+  getname_save( ip )
+end
+
+# get ptr from cache
+def get_cached_dns( ip )
+  return @dns_cache[ ip ] if @dns_cache.key?( ip )
+
+  @dns_cache[ ip ] = get_dns( ip )
+end
+
+# load json file
+def load_json( filename )
+  return {} unless File.exist?( filename )
+
+  JSON.parse( File.read( filename ) )
+end
+
+# load cache file
+def load_cache
+  @dns_cache = load_json( DNS_CACHE_FILE )
+end
+
+# save cache file
+def save_cache
+  File.write( DNS_CACHE_FILE, "#{JSON.dump( @dns_cache )}\n" )
+end
+
+# parse CSV for source ips
+def run_csv
+  return unless File.exist?( INPUT_FILE )
+
+  CSV.foreach( INPUT_FILE, encoding: 'UTF-8', col_sep: ';' ) do |row|
+    ip = row[ 2 ]
+    next if ip == 'source_ip'
+
+    get_cached_dns( ip )
+  end
+end
+
+# check arguments
+ARGV.each do |option|
+  case option
+  when 'test' # diagnostics
+    ARGV.shift
+    ip = ARGV.shift
+    p get_dns( ip )
+    exit 0
+  else
+    warn "Fehler #{option}"
+    exit 65
+  end
+end
+
+load_cache
+run_csv
+save_cache
+
+exit 0
+# eof

data/bin/dmarc_dump.rb

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+# = dmarc_dump.rb
+#
+# Author::    Dirk Meyer
+# Copyright:: Copyright (c) 2023 Dirk Meyer
+# License::   Distributes under the same terms as Ruby
+# SPDX-FileCopyrightText: 2023 Dirk Meyer
+# SPDX-License-Identifier: Ruby
+#
+# Parse an DMARC report XML file and print it in JSON
+# Input: xmlfile with  DMARC report
+# Output: formatted JSON text
+#
+
+require 'nokogiri'
+require 'csv'
+
+$: << 'lib'
+
+require 'xmltohash'
+
+# read and print xml file
+def run_xml( fullname )
+  p fullname
+  raw = File.read( fullname )
+  return if raw.empty?
+  return if raw == 'unused'
+
+  begin
+    h = Hash.from_xml( raw )
+  rescue NoMethodError
+    warn "Bad XML in #{fullname}"
+    pp 'raw'
+    return
+  end
+  pp h
+  # AOL can send empty XML files
+  nil if h.nil?
+end
+
+ARGV.each do |arg|
+  run_xml( arg )
+end
+
+exit 0
+# eof