Command-line analyze and display of DMARC reports

Licensed under the MIT.

1. About
2. Installation
3. Usage
4. Output format
5. References
6. Contributing

dmarc-rs is a small command-line utility to analyze and display in a usable manner the content of the DMARC XML reports sent by the various email providers around the globe. Should work properly on UNIX (FreeBSD, Linux, etc.) and Windows systems. This is a Rust port of the Go version utility.

• Unix (tested on FreeBSD, Linux and macOS)
• Windows
  • cmd.exe
  • Powershell

The package is named dmarc_rs to distinguish it from the Go version but the binary will remain the same (dmarc-cat) and can totally replace it.

As with many Rust utilities, a simple

cargo install dmarc-rs

is enough to fetch, build and install.

On Windows systems, the above cargo command should work directly in a Powershell window.

I will insert here references to the binary packages in different distributions when available.

The main XML parsing stuff is done by serde & associates and CLI handling is done with clap:

• clap
• serde
• serde-xmls-rs

dmarc-rs uses the following crates to enable reading zip & gzip files:

• zip
• flate2

It also use the following crates for DNS resolving/threading from the report.

• dns-lookup
• ThreadPool

and a few other helper crates, especially if you want to run the tests.

SYNOPSIS

dmarc-cat 0.2.0
Ollivier Robert <[email protected]>
Rust utility to decode and display DMARC reports.

USAGE:
    dmarc-cat [OPTIONS] [FILES]...

ARGS:
    <FILES>...    Filenames (possibly none or -)

OPTIONS:
    -D, --debug                 debug mode
    -h, --help                  Print help information
    -j, --jobs <JOBS>           Use this many parallel jobs for resolving IP [default: 6]
    -N, --no-resolve            Do not resolve IP to names
    -t, --input-type <ITYPE>    Specify the type of input data
    -v, --verbose               Verbose mode
    -V, --version               Display version and exit

Example:

$ dmarc-cat /tmp/yahoo.com\!keltia.net\!1518912000\!1518998399.xml

Reporting by: Yahoo! Inc. — [email protected]
From 2018-02-18 01:00:00 +0100 CET to 2018-02-19 00:59:59 +0100 CET

Domain: keltia.net
Policy: p=none; dkim=r; spf=r

Reports(1):
IP            Count   From       RFrom      RDKIM   RSPF
88.191.250.24 1       keltia.net keltia.net neutral pass

The full XML grammar is available here and there is a local copy in the doc/ directory in the source.

The report has several columns:

• IP is matching IP address
• Count is the number of times this IP was present
• From is the From: header value
• RFrom is the envelope From value
• RDKIM is the result from DKIM checking
• RSPF is the result from SPF checking

The file sent by MTAs can differ in format, some providers send zip files with both csv and XML files, some directly send compressed XML files. This utility should handle the different format but you will have to use -t TYPE if you want to read from standard input.

Tests are available as unit-tests for the library part and as integration tests for the CLI interaction (see tests/cli.rs).

• DMARC
• SPF
• DKIM

Please see CONTRIBUTING.md for some simple rules.

I use Git Flow for this package so please use something similar or the usual github workflow.

1. Fork it ( https://github.com/keltia/dmarc-rs/fork )
2. Checkout the develop branch (git checkout develop)
3. Create your feature branch (git checkout -b my-new-feature)
4. Commit your changes (git commit -am 'Add some feature')
5. Push to the branch (git push origin my-new-feature)
6. Create a new Pull Request