ari/yeller
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
An IMAP bot to yell at you if your DMARC RUA and/or TLS-RPT reports get messed up!
29 commits 1 branch 0 tags 1.7 MiB
  • Python 100%
Find a file
Exact
Arija A. 85620fd137
 Remove strict DMARC policy check for fo 
Signed-off-by: Arija A. <ari@ari.lt>
2026-04-18 12:44:16 +03:00
examples DMARCbis + more thorough checking + refactor 2026-04-14 20:52:28 +03:00
src Remove strict DMARC policy check for fo 2026-04-18 12:44:16 +03:00
.editorconfig Init 2026-04-09 16:55:09 +03:00
.gitignore Init 2026-04-09 16:55:09 +03:00
example.env Add logging 2026-04-09 23:20:40 +03:00
LICENSE Init 2026-04-09 16:55:09 +03:00
pyproject.toml Init 2026-04-09 16:55:09 +03:00
README.md DMARCbis + more thorough checking + refactor 2026-04-14 20:52:28 +03:00
requirements.txt Switch to defusedxml for XML parsing for security reasons. 2026-04-10 02:29:55 +03:00
tox.ini Init 2026-04-09 16:55:09 +03:00

README.md

Yeller

An IMAP bot to yell at you if your DMARC RUA and/or TLS-RPT reports get messed up!

More about these reports: https://blog.ari.lt/b/set-up-selfhosted-email/#informational-what-are-dmarc-and-tls-reports

What is this?

Yeller is an IMAP-based bot that monitors DMARC RUA and TLS-RPT reports, reducing the noise and manual work involved in email administration. If you manage email servers, this bot is for you :)

It automatically downloads messages from IMAP mailboxes, extracts the reports, and checks whether they pass the vibe check. If something looks wrong, Yeller alerts you so you can investigate and fix it.

Yeller also includes safeguards against abuse, redundancy, and mistakes, such as:

  • Verifying that a report has been received within the past 36 hours.
  • Distinguishing between passing and failing reports.
  • Confirming that it can actually understand a report before acting on it, and forwarding unknown reports for human review.
  • Protecting against oversized attachments and compression-based attacks.
  • Expunging old mail when configured to do so.
  • Reconnecting automatically if the IMAP connection drops.
  • Properly handling backlog.
  • Treating missing policies as failure.
  • DMARCbis report support OOTB (RFC 7489 ought to be replaced)
  • Giving suggestions on how to fix it.

At its core, Yeller is a filter system for reports, so they don't flood your inbox, while keeping everything in check.

How do I use this?

You have two options:

  1. Set up DMARC/TLS reports to go straight to Yeller.
  2. Forward DMARC/TLS reports to an inbox controlled by Yeller.

Both options are valid.

Prerequisites

  • An e-mail server where you receive DMARC RUA and/or TLS-RPT reports.
  • Two (separate) or one (centralised) mailboxes on that server.
  • You have the following set up:
    • For DMARC RUA: DMARC with rua=mailto:..., DKIM, SPF.
    • For TLS-RPT: TLS reporting with rua=mailto:..., MTA-STS and/or TLSA (DANE).
  • Python 3.10 and up.
  • A server

Pre-installation

git clone --depth 1 https://git.ari.lt/ari/yeller
cd yeller

To update, you shall git pull once in a while and restart Yeller.

Configuration

cp example.env .env
$EDITOR .env
# ... Edit

Running

python3 -m venv venv
source venv/bin/activate
pip install --upgrade -r requirements.txt
source .env
python3 src/main.py

Testing

Simply forward an existing FAILURE (examples found in examples/failure-dmarc.xml and examples/failure-tls.json) DMARC/TLS report to Yeller and see if it yells at you.