UPDATE : As of March 9, 2016, imap-dmarcts has been renamed to dmarcts-report-parser! We’ve also moved the code to GitHub to better facilitate contributions from our users!
After my recent post about “How to Parse DMARC Reports“, I decided to find a way to directly query an IMAP folder to parse reports. I have started with John Levine’s rddmarc script, and modified it to connect to an IMAP server.
In the process of working on this, I also discovered that some receivers are sending their DMARC reports as multipart attachments. The original rddmarc script did not seem to handle this condition well, so I added this capability as well.
The script assumes you have already setup the database aspects already detailed in : How to Parse DMARC Reports
You can download the script here : dmarcts-report-parser.pl
OR… you can follow these steps…
wget https://github.com/techsneeze/dmarcts-report-parser/raw/master/dmarcts-report-parser.pl
chmod 755 dmarcts-report-parser.pl
Next, you’ll want to either edit the script or have a separate file named “dmarcts-report-parser.conf” (template) with the following information:
####################################################################
### configuration ##################################################
####################################################################
# If IMAP access is not used, config options starting with $imap
# do not need to be set and are ignored.
$debug = 0;
$delete_reports = 0;
$dbname = 'dmarc';
$dbuser = 'dmarc';
$dbpass = 'xxx';
$dbhost = ''; # Set the hostname if we can't connect to the local socket.
$imapserver = 'mail.example.com:143';
$imapuser = 'dmarcreports';
$imappass = 'xxx';
$imapssl = '0'; # If set to 1, remember to change server port to 993.
$imaptls = '1'; # Enabled as the default and best-practice.
$imapreadfolder = 'Inbox';
# If $imapmovefolder is set, processed IMAP messages
# will be moved (overruled by the --delete option!)
$imapmovefolder = 'Inbox.processed';
You’ll see that you need to put the appropriate IMAP server settings, as well as the source folder and what folder to put them in once processed. In my example, I am looking in the Inbox, and then moving to a “processed” folder. You will also need to edit the database destination.
Once the settings are changed, you can simply run the script:
./dmarcts-report-parser.pl
You may want to use the DMARC Web Reporting Tool to display your parsed reports.
Also available via GitHub repository :
Pingback: How to Parse DMARC Reports – TechSneeze.com
How do I set up the database? Can you add a script to the repository?
It is buried in the post, but you’ll see this post expects you’ve already created the database. The info about the database creation is mentioned in How to Parse DMARC Reports
Could you please publish the complete needed database tables?
http://www.taugh.com/rddmarc/mkdmarc
http://www.taugh.com/rddmarc/rddmarc
http://www.taugh.com/rddmarc/readme
are not available.
Thanks in advance
All of those links worked for me just now. You may want to try again, or try a different network/computer.
I’d prefer to let him be the source of truth for those, as he has made tweaks over time.
The script is adding missing tables and missing columns. All you have to do is to setup a database and and a database user, which can create and modify tables in that database. Do not forget to provide database server, database name, database user and password in the config file.
Pingback: Skab overblik over dine DMARC rapporter – NerdGirl
Pingback: Simple DMARC report parsing and visualizing toolkit – oxcrag.net