Nautilus/DMARC-Sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DKIM should never be inferred from reports

Browse Source
This commit is contained in:
Beda Schmid
2026-05-20 14:12:57 -03:00
parent c91c3f1023
commit c68ccc8065
4 changed files with 9 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/main.py
+5 -33
View File
@@ -22,7 +22,7 @@ from app.dns_policy import DomainDnsPolicy, collect_domain_dns_policy
from app.homepage import domain_homepage_summary, domain_metrics, homepage_summary, latest_summary, resolve_date_range, traffic_distribution
from app.inbox_locks import InboxRunLease, inbox_run_locks
from app.jobs import import_jobs
from app.models import Alert, AuthResult, DailyStat, DomainDnsSnapshot, InboxStatus, LLMReport, Record, Report, SkippedReportPayload, utcnow
from app.models import Alert, DailyStat, DomainDnsSnapshot, InboxStatus, LLMReport, Record, Report, SkippedReportPayload, utcnow
from app.scheduler import generate_open_posture_summaries, scheduler_ok, start_scheduler
from app.schemas import BacklogRequest, ProcessNowRequest
from app.message_processor import process_inbox
@@ -400,24 +400,6 @@ def _json_list(value: str | None) -> list:
return data if isinstance(data, list) else []
def _observed_dkim_selectors(session: Session, domain: str) -> list[tuple[str, str]]:
rows = session.execute(
select(AuthResult.selector, AuthResult.domain)
.select_from(AuthResult)
.join(Record)
.join(Report)
.where(
Report.domain == domain,
AuthResult.auth_type == "dkim",
AuthResult.selector.is_not(None),
AuthResult.domain.is_not(None),
)
.distinct()
.order_by(AuthResult.domain, AuthResult.selector)
).all()
return [(selector, auth_domain) for selector, auth_domain in rows if selector and auth_domain]
def _snapshot_model(domain: str, policy: DomainDnsPolicy) -> DomainDnsSnapshot:
return DomainDnsSnapshot(
domain=domain,
@@ -433,7 +415,7 @@ def _snapshot_model(domain: str, policy: DomainDnsPolicy) -> DomainDnsSnapshot:
spf_record=policy.spf.raw,
spf_all=policy.spf.all_mechanism,
spf_includes_json=json.dumps(policy.spf.includes, sort_keys=True),
dkim_records_json=json.dumps([item.__dict__ for item in policy.dkim], sort_keys=True),
dkim_records_json="[]",
mx_records_json=json.dumps(policy.mx_records, sort_keys=True),
errors_json=json.dumps(policy.errors, sort_keys=True),
)
@@ -448,14 +430,6 @@ def _latest_dns_snapshot(session: Session, domain: str) -> SimpleNamespace | Non
)
if not snapshot:
return None
dkim_records = _json_list(snapshot.dkim_records_json)
dkim_found = [item for item in dkim_records if isinstance(item, dict) and item.get("record")]
dkim_missing = [item for item in dkim_records if isinstance(item, dict) and not item.get("record")]
dns_errors = [
item
for item in _json_list(snapshot.errors_json)
if isinstance(item, str) and not item.startswith("DKIM lookup failed") and not item.startswith("DKIM record not found")
]
return SimpleNamespace(
id=snapshot.id,
domain=snapshot.domain,
@@ -472,11 +446,9 @@ def _latest_dns_snapshot(session: Session, domain: str) -> SimpleNamespace | Non
spf_record=snapshot.spf_record,
spf_all=snapshot.spf_all,
spf_includes=_json_list(snapshot.spf_includes_json),
dkim_records=dkim_records,
dkim_found=dkim_found,
dkim_missing=dkim_missing,
dkim_records=_json_list(snapshot.dkim_records_json),
mx_records=_json_list(snapshot.mx_records_json),
errors=dns_errors,
errors=_json_list(snapshot.errors_json),
)
@@ -550,7 +522,7 @@ def domain_page(domain: str, request: Request, source_page: int = 1, alert_page:
@app.post("/domains/{domain}/dns/refresh", dependencies=dashboard_post_auth)
def refresh_domain_dns(domain: str, session: Session = Depends(get_db)):
policy = collect_domain_dns_policy(domain, selectors=_observed_dkim_selectors(session, domain))
policy = collect_domain_dns_policy(domain)
session.add(_snapshot_model(domain, policy))
session.commit()
return RedirectResponse(url=f"/domains/{domain}", status_code=303)