search

liuch / dmarc-srg

A php parser, viewer and summary report generator for incoming DMARC reports.
GNU General Public License v3.0
213 stars 31 forks source link

Yahoo DMARC "unused" as XML content #73

Closed williamdes closed 1 year ago

williamdes commented 1 year ago

Yahoo sends DMARC reports with unused as the XML content. Could this be handled in a more nicely way, not sure it should go to invalid action ?

  Error message:
    - Incorrect message: Attachment file size is not valid (38 bytes)

Ref: https://www.reddit.com/r/sysadmin/comments/136ilje/unused_in_dmarc_aggregate_report/

Aol.fr also does that..

liuch commented 1 year ago

Looks like Yahoo and Aol use the same tool for generating DMARC report. Logically, this is an incorrect report, which is what the utility reports. What would you suggest to do with that? Alternatively, you can set up a filter on the mail server to remove such reports from the mailbox.

williamdes commented 1 year ago

Looks like Yahoo and Aol use the same tool for generating DMARC report. Logically, this is an incorrect report, which is what the utility reports. What would you suggest to do with that? Alternatively, you can set up a filter on the mail server to remove such reports from the mailbox.

Maybe it can remain as Invalid but have code to handle this specific misbehavior to have a more user friendly error in the console output?

liuch commented 1 year ago

What do you have in mind, to change error message? Do you have such a file? Its size is 38 bytes, so there is not only this word there.

williamdes commented 1 year ago

What do you have in mind, to change error message?

Since it's a "common" bad implementation maybe it can be handled by a custom error message ?

What do you have in mind, to change error message? Do you have such a file? Its size is 38 bytes, so there is not only this word there.

Here is the file

cat \!domain.tld\!1682726400\!1682812799.xml.gz | base64

H4sIAKImTmQAAyvNKy1OTQEA+UgslAYAAAA=

To restore it and see the text

echo 'H4sIAKImTmQAAyvNKy1OTQEA+UgslAYAAAA=' | base64 -d | gunzip

unused
liuch commented 1 year ago

Oh, I forgot about gzip!

liuch commented 1 year ago

Is this checking really necessary? The utility already rejects the report on the basis of a too small file size without even looking in it. Is there any reason to add this exception to check for "unused" later at a next level?

williamdes commented 1 year ago

Not really, that's good you now know that they do such things