Contrib.social

DMARC XML Report Parser

Open on Drupal.org →
Created on 6 April 2023, almost 2 years ago

Problem/Motivation

I'm trying to create an XML parser which reads DMARC report files and puts them into the database. I had assumed I had to write my own module for this, but eventually this module might allow for creation of such a parser.

Remaining tasks

I have yet to understand as how to write a parser using this module. I haven't installed it, maybe there's doc attached to the tar, but in general I prefer to read first and to install later. Saves me a lot of debris in my installations :)

If you are not familiar with the DMARC files, here's an actual example of a rather short report. 

<?xml version="1.0"?>
<feedback xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <version>1.0</version>
  <report_metadata>
    <org_name>Enterprise Outlook</org_name>
    <email>dmarcreport@microsoft.com</email>
    <report_id>a723b82912bd4af48e482fe838292e55</report_id>
    <date_range>
      <begin>1680393600</begin>
      <end>1680480000</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>m.name</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>reject</p>
    <sp>quarantine</sp>
    <pct>100</pct>
    <fo>0</fo>
  </policy_published>
  <record>
    <row>
      <source_ip>133.252.197.256</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <envelope_to>stb.at</envelope_to>
      <envelope_from>m.name</envelope_from>
      <header_from>m.name</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>m.name</domain>
        <selector>mail</selector>
        <result>pass</result>
      </dkim>
      <spf>
        <domain>m.name</domain>
        <scope>mfrom</scope>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

Purpose of this module

This module should be used to collect DMARC reports for various domains in a single database, allowing domain owners and mail admins to read reports more easily. Next, the database should be used to filter for abuse of protected domain names. As the offending IPs are provided with the report, this might help to feed spam watching systems like fail2ban with IPs it should have an eye on.

Feature request
Status

Active

Version

1.0

Component

XML parser

Created by

🇦🇹Austria nofue

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024