wathiede/letterbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Releases Wiki Activity

server: handle application/zip for google dmarc

Browse Source
This commit is contained in:
Bill Thiede
2025-08-10 19:03:15 -07:00
parent 43827b4d87
commit 59e35062e7
3 changed files with 437 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
server/src/nm.rs
View File

@@ -1,14 +1,17 @@
use std::{
collections::{HashMap, HashSet},
fs::File,
io::Cursor,
};
use letterbox_notmuch::Notmuch;
use letterbox_shared::{compute_color, Rule};
use mailparse::{parse_content_type, parse_mail, MailHeader, MailHeaderMap, ParsedMail};
use memmap::MmapOptions;
use quick_xml::de::from_str as xml_from_str;
use sqlx::{types::Json, PgPool};
use tracing::{error, info, info_span, instrument, warn};
use zip::ZipArchive;
use crate::{
compute_offset_limit,
@@ -20,6 +23,7 @@ use crate::{
linkify_html, InlineStyle, Query, SanitizeHtml, Transformer,
};
const APPLICATION_ZIP: &'static str = "application/zip";
const IMAGE_JPEG: &'static str = "image/jpeg";
const IMAGE_PJPEG: &'static str = "image/pjpeg";
const IMAGE_PNG: &'static str = "image/png";
@@ -447,6 +451,42 @@ fn extract_body(m: &ParsedMail, part_addr: &mut Vec<String>) -> Result<Body, Ser
MULTIPART_MIXED => extract_mixed(m, part_addr),
MULTIPART_ALTERNATIVE => extract_alternative(m, part_addr),
MULTIPART_RELATED => extract_related(m, part_addr),
APPLICATION_ZIP => {
// Try to extract DMARC XML from ZIP
if let Ok(zip_bytes) = m.get_body_raw() {
if let Ok(mut archive) = ZipArchive::new(Cursor::new(&zip_bytes)) {
for i in 0..archive.len() {
if let Ok(mut file) = archive.by_index(i) {
let name = file.name().to_lowercase();
// Google DMARC reports are typically named like "google.com!example.com!...xml"
// and may or may not contain "dmarc" in the filename.
if name.ends_with(".xml") && (name.contains("dmarc") || name.starts_with("google.com!")) {
let mut xml = String::new();
use std::io::Read;
if file.read_to_string(&mut xml).is_ok() {
match parse_dmarc_report(&xml) {
Ok(report) => {
return Ok(Body::html(format!(
"<div class=\"dmarc-report\">Google DMARC report summary:<br>{}</div>",
report
)));
}
Err(e) => {
return Ok(Body::html(format!(
"<div class=\"dmarc-report-error\">Failed to parse DMARC report XML: {}</div>",
e
)));
}
}
}
}
}
}
}
}
// If no DMARC report found, fall through to unhandled
extract_unhandled(m)
}
_ => extract_unhandled(m),
};
if let Err(err) = ret {
@@ -1103,3 +1143,196 @@ fn find_tags<'a, 'b>(rules: &'a [Rule], headers: &'b [MailHeader]) -> (bool, Has
}
return (matched_rule, add_tags);
}
// Add this helper function to parse the DMARC XML and summarize it.
fn parse_dmarc_report(xml: &str) -> Result<String, ServerError> {
#[derive(Debug, serde::Deserialize)]
struct Feedback {
report_metadata: Option<ReportMetadata>,
policy_published: Option<PolicyPublished>,
record: Option<Vec<Record>>,
}
#[derive(Debug, serde::Deserialize)]
struct ReportMetadata {
org_name: Option<String>,
email: Option<String>,
report_id: Option<String>,
date_range: Option<DateRange>,
}
#[derive(Debug, serde::Deserialize)]
struct DateRange {
begin: Option<u64>,
end: Option<u64>,
}
#[derive(Debug, serde::Deserialize)]
struct PolicyPublished {
domain: Option<String>,
adkim: Option<String>,
aspf: Option<String>,
p: Option<String>,
sp: Option<String>,
pct: Option<String>,
}
#[derive(Debug, serde::Deserialize)]
struct Record {
row: Option<Row>,
identifiers: Option<Identifiers>,
auth_results: Option<AuthResults>,
}
#[derive(Debug, serde::Deserialize)]
struct Row {
source_ip: Option<String>,
count: Option<u64>,
policy_evaluated: Option<PolicyEvaluated>,
}
#[derive(Debug, serde::Deserialize)]
struct PolicyEvaluated {
disposition: Option<String>,
dkim: Option<String>,
spf: Option<String>,
reason: Option<Vec<Reason>>,
}
#[derive(Debug, serde::Deserialize)]
struct Reason {
#[serde(rename = "type")]
reason_type: Option<String>,
comment: Option<String>,
}
#[derive(Debug, serde::Deserialize)]
struct Identifiers {
header_from: Option<String>,
}
#[derive(Debug, serde::Deserialize)]
struct AuthResults {
dkim: Option<Vec<AuthDKIM>>,
spf: Option<Vec<AuthSPF>>,
}
#[derive(Debug, serde::Deserialize)]
struct AuthDKIM {
domain: Option<String>,
result: Option<String>,
selector: Option<String>,
}
#[derive(Debug, serde::Deserialize)]
struct AuthSPF {
domain: Option<String>,
result: Option<String>,
scope: Option<String>,
}
let feedback: Feedback = xml_from_str(xml)
.map_err(|e| ServerError::StringError(format!("DMARC XML parse error: {e}")))?;
let mut summary = String::new();
if let Some(meta) = feedback.report_metadata {
if let Some(org) = meta.org_name {
summary += &format!("<b>Reporter:</b> {}<br>", org);
}
if let Some(email) = meta.email {
summary += &format!("<b>Contact:</b> {}<br>", email);
}
if let Some(rid) = meta.report_id {
summary += &format!("<b>Report ID:</b> {}<br>", rid);
}
if let Some(dr) = meta.date_range {
if let (Some(begin), Some(end)) = (dr.begin, dr.end) {
use chrono::{NaiveDateTime, TimeZone, Utc};
let begin_dt = Utc.timestamp_opt(begin as i64, 0).single();
let end_dt = Utc.timestamp_opt(end as i64, 0).single();
summary += &format!("<b>Date range:</b> {} to {}<br>",
begin_dt.map(|d| d.format("%Y-%m-%d").to_string()).unwrap_or(begin.to_string()),
end_dt.map(|d| d.format("%Y-%m-%d").to_string()).unwrap_or(end.to_string())
);
}
}
}
if let Some(pol) = feedback.policy_published {
summary += "<b>Policy Published:</b><ul>";
if let Some(domain) = pol.domain {
summary += &format!("<li>Domain: {}</li>", domain);
}
if let Some(adkim) = pol.adkim {
summary += &format!("<li>ADKIM: {}</li>", adkim);
}
if let Some(aspf) = pol.aspf {
summary += &format!("<li>ASPF: {}</li>", aspf);
}
if let Some(p) = pol.p {
summary += &format!("<li>Policy: {}</li>", p);
}
if let Some(sp) = pol.sp {
summary += &format!("<li>Subdomain Policy: {}</li>", sp);
}
if let Some(pct) = pol.pct {
summary += &format!("<li>Percent: {}</li>", pct);
}
summary += "</ul>";
}
if let Some(records) = feedback.record {
summary += "<b>Records:</b><table style=\"border-collapse:collapse;width:100%;font-size:0.95em;\"><thead><tr style=\"background:#f0f0f0;\"><th style=\"border:1px solid #bbb;padding:4px 8px;\">Source IP</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">Count</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">Header From</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">Disposition</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">DKIM</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">SPF</th><th style=\"border:1px solid #bbb;padding:4px 8px;\">Auth Results</th></tr></thead><tbody>";
for rec in records {
let mut row_html = String::new();
let mut source_ip = String::new();
let mut count = String::new();
let mut header_from = String::new();
let mut disposition = String::new();
let mut dkim = String::new();
let mut spf = String::new();
if let Some(r) = &rec.row {
if let Some(ref s) = r.source_ip {
source_ip = s.clone();
}
if let Some(c) = r.count {
count = c.to_string();
}
if let Some(ref pe) = r.policy_evaluated {
if let Some(ref disp) = pe.disposition {
disposition = disp.clone();
}
if let Some(ref d) = pe.dkim {
dkim = d.clone();
}
if let Some(ref s) = pe.spf {
spf = s.clone();
}
}
}
if let Some(ids) = &rec.identifiers {
if let Some(ref hf) = ids.header_from {
header_from = hf.clone();
}
}
row_html += &format!("<tr><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">{}</td><td style=\"border:1px solid #bbb;padding:4px 8px;\">",
source_ip, count, header_from, disposition, dkim, spf);
// Auth Results
let mut auths = String::new();
if let Some(auth) = &rec.auth_results {
if let Some(dkims) = &auth.dkim {
for dkimres in dkims {
auths += &format!("<span style=\"white-space:nowrap;\">DKIM: domain=<b>{}</b> selector=<b>{}</b> result=<b>{}</b></span><br>",
dkimres.domain.as_deref().unwrap_or(""),
dkimres.selector.as_deref().unwrap_or(""),
dkimres.result.as_deref().unwrap_or("")
);
}
}
if let Some(spfs) = &auth.spf {
for spfres in spfs {
auths += &format!("<span style=\"white-space:nowrap;\">SPF: domain=<b>{}</b> scope=<b>{}</b> result=<b>{}</b></span><br>",
spfres.domain.as_deref().unwrap_or(""),
spfres.scope.as_deref().unwrap_or(""),
spfres.result.as_deref().unwrap_or("")
);
}
}
}
row_html += &auths;
row_html += "</td></tr>";
summary += &row_html;
}
summary += "</tbody></table>";
}
if summary.is_empty() {
summary = "No DMARC summary found.".to_string();
}
Ok(summary)
}