solarissmoke / php-dmarc Goto Github PK
View Code? Open in Web Editor NEWA simple DMARC report parser written in PHP
License: Other
A simple DMARC report parser written in PHP
License: Other
With one of my reports I see the following SQL failure.
PHP Fatal error: Uncaught PDOException: SQLSTATE[01000]: Warning: 1265 Data truncated for column 'dkim_result' at row 1 in /home/warlord/dmarc/vendor/solaris/php-dmarc/Solaris/DmarcAggregateParser.php:104
Stack trace:
#0 /home/warlord/dmarc/vendor/solaris/php-dmarc/Solaris/DmarcAggregateParser.php(104): PDOStatement->execute(Array)
#1 /home/warlord/dmarc/dmarc.php(32): Solaris\DmarcAggregateParser->parse(Array)
#2 {main}
thrown in /home/warlord/dmarc/vendor/solaris/php-dmarc/Solaris/DmarcAggregateParser.php on line 104
This is caused by AOL not returning a dkim result in the XML report (I beautified it for clarity):
<?xml version="1.0" encoding="windows-1252"?>
<feedback xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:ns1='http://dmarc.org/dmarc-xml/0.1' xsi:schemaLocation='http://dmarc.org/dmarc-xml/0.1 dmarc_agg_report.xsd'>
<report_metadata>
<org_name>AOL</org_name>
<email>[email protected]</email>
<report_id>mydomain.uk_1478476800</report_id>
<date_range>
<begin>1478390400</begin>
<end>1478476800</end>
</date_range>
</report_metadata>
<policy_published>
<domain>mydomain.uk</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>212.100.244.249</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.uk</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>not.evaluated</domain>
<result>none</result>
</dkim>
<spf>
<domain>cgov.cuttlefish.com</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>82.3.0.0</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.uk</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mydomain.uk</domain>
<result>pass</result>
</dkim>
<spf>
<domain>mydomain.uk</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
Is there a particular reason the statuses from policy_evaluated
are not imported into the record? I'm not a DMARC expert (just figuring things out as I go) but that's usually the field that tells me something's wrong.
For example:
<record>
<row>
<source_ip>104.47.37.209</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>...</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>...</domain>
<result>pass</result>
</dkim>
<spf>
<domain>nam02-cy1-obe.outbound.protection.outlook.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
SPF passed, but DMARC failed. When I imported this particular file, the database has nothing about it failing, only passing. Is it considered useless information?
If it would be useful to the project (because I think it's useful) I can submit a pull request so it's stored in the database.
There's a problem in the parser as it checks for duplicate report ID's and skips them when found. This leads to incorrect results as there are multiple DMARC Aggregators that use the same nomenclature for reports so it is very possible that you receive multiple reports with the same ID for a single domain.
These reports cannot be skipped, but have to be parsed as unique reports.
As there are foreign constraints on the report_id key, the only workaround currently is to add a random prefix before the report_id and pass this on to the INSERT query.
code part : lines 79-92
As you probably well know PHP has decided to retire MySQL extension in favor of MySQLi.
An update would be handy for some who do not have the know how to do it themselves.
Hi
Not really an issue, just a request really
Can you provide some sql for analysis of the data? Maybe with some descriptions?
I'm new to analysing dmarc data and could do with a starting point
Cheers
mh
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.