After my recent post about "How to Parse DMARC Reports", I decided to find a way to directly query an IMAP folder to parse reports. I have started with John Levine's rddmarc script, and modified it to connect to an IMAP server.

In the process of working on this, I also discovered that some receivers are sending their DMARC reports as multipart attachments. The original rddmarc script did not seem to handle this condition well, so I added this capability as well.

The script assumes you have already setup the database aspects already detailed in : How to Parse DMARC Reports

You can download the script here : imap-dmarcts.txt

OR... you can follow these steps...


wget http://www.techsneeze.com/files/imap-dmarcts.txt
mv imap-dmarcts imap-dmarcts
chmod 755 imap-dmarcts


Next, you'll want to edit the script (near the top) changing these settings as necessary:


my $imapserver = 'mail.example.com:143';
my $imapuser = 'dmarcreports';
my $imappass = 'xxx';
my $mvfolder = 'processed';
my $readfolder = 'Inbox';
my $dbname = 'dmarc';
my $dbuser = 'dmarc';
my $dbpass = 'xxx';


You'll see that you need to put the appropriate IMAP server settings, as well as the source folder and what folder to put them in once processed. In my example, I am looking in the Inbox, and then moving to a "processed" folder. You will also need to edit the database destination.

Once the settings are changed, you can simply run the script:

./imap-dmarcts


You may want to use the DMARC Web Reporting Tool to display your parsed reports.