commit 6e044c95adb7b7a91d4c3a604acedc514cdd406f Author: Andreas Zweili Date: Mon Feb 19 19:34:22 2024 +0100 Initial commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..60659f6 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,17 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true + +[*.sh] +indent_style = space +indent_size = 4 + +[.envrc] +indent_style = space +indent_size = 4 + +[scripts/*] +indent_style = space +indent_size = 4 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..63d04ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/html/ +/xml/ +/result diff --git a/README.md b/README.md new file mode 100644 index 0000000..8e74190 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# DKIM Reports + +This repository helps you to convert DKIM reports to HTML and then serve them with a web server. +This way you can easily look at the reports and see if there are any issues with your DKIM setup. + +## How to use + +You need to have Nix installed with Flakes enabled. +Then you can clone this repository, cd into it and run the following command: + +```sh +nix run .#dkim-report +``` + +The script will create an **html** and a **xml** directory. +The **xml** directory is used to store the DKIM reports and the **html** directory is used to store the converted reports. +You can add .zip and .tar.gz files to the **xml** directory and the script will automatically extract them. +After the script converted the reports iptables will open port 8080 and then the webserver will serve the reports. diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..08f8b87 --- /dev/null +++ b/config.yaml @@ -0,0 +1,37 @@ +input: + delete: no + dir: "./xml" + #imap: + # server: "" + # username: "" + # password: "" + # mailbox: "" + # enable debug messages for imap package? + # debug: no + # delete emails from server after fetch? + # delete: no + +output: + # output file + # should be: string, golang template string or "stdout" + file: "./html/{{ .ID }}.html" + # file: "/tmp/html/{{ .ReportMetadata.Email }}/{{ .PolicyPublished.Domain }}!{{.ReportMetadata.DateRange.Begin}}!{{ .ReportMetadata.ReportID }}.html" + + # output format + # should be: txt, json, html_static, html, external_template + format: "html_static" + + # if you configure format to "html" output, don't forget to configure assets_path and your web server + # assets_path: "./assets" + + # if you configure format to "external_output", don't forget to configure external_template + # external_template: "/path/to/your/txt.gotmpl" + +# perform reverse lookups? +lookup_addr: yes + +# merge multiple similar reports to one? +merge_reports: no + +log_debug: no +log_datetime: no diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1428e7a --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1708296515, + "narHash": "sha256-FyF489fYNAUy7b6dkYV6rGPyzp+4tThhr80KNAaF/yY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b98a4e1746acceb92c509bc496ef3d0e5ad8d4aa", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..76c6c84 --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +{ + description = "A simple flake to generate DKIM reports."; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = + inputs@{ + self, + nixpkgs, + flake-utils, + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + reports = pkgs.writeShellApplication { + name = "reports"; + runtimeInputs = [ + pkgs.dmarc-report-converter + pkgs.gnutar + pkgs.python3 + pkgs.unzip + ]; + text = (builtins.readFile ./reports.sh); + }; + in + { + packages.dkim-report = reports; + packages.default = reports; + apps.dkim-report = { + type = "app"; + program = "${self.packages.${system}.dkim-report}/bin/reports"; + }; + apps.default = self.apps.${system}.dkim-report; + } + ); +} diff --git a/reports.sh b/reports.sh new file mode 100644 index 0000000..a19abf5 --- /dev/null +++ b/reports.sh @@ -0,0 +1,37 @@ +WORKDIR=$(pwd) +PORT=8080 +mkdir -p "$WORKDIR"/xml +mkdir -p "$WORKDIR"/html + +extract-zips() { + echo "extracting zipped reports" + for i in "$WORKDIR"/xml/*.zip; do + unzip "$i" -d "$WORKDIR/xml" && rm -r "$i" + done +} +extract-tars() { + echo "extracting tarred reports" + for i in "$WORKDIR"/xml/*.tar.gz; do + tar xzvf "$i" -C "$WORKDIR/xml" && rm -r "$i" + done +} + +# extract zips if they exist +# count_zips=$(ls -1 "$WORKDIR"/xml/*.zip 2>/dev/null | wc -l) +mapfile -t count_zips < <(find "$WORKDIR"/xml/ -maxdepth 1 -name "*.zip" -type f) +if [ "${#count_zips[@]}" -gt 0 ]; then + extract-zips +fi +# extract tars if they exist +# count_tars=$(ls -1 "$WORKDIR"/xml/*.tar.gz 2>/dev/null | wc -l) +mapfile -t count_tars < <(find "$WORKDIR"/xml/ -maxdepth 1 -name "*.tar.gz" -type f) +if [ "${#count_tars[@]}" -gt 0 ]; then + extract-tars +fi + +echo "converting reports to html" +dmarc-report-converter +echo "open filewall port" +sudo iptables -I INPUT -p tcp --dport $PORT -j ACCEPT +echo "serving reports" +cd "$WORKDIR/html" && python3 -m http.server $PORT