starred/modoboa-modoboa
1
0
Fork 0
mirror of https://github.com/modoboa/modoboa.git synced 2026-04-25 00:46:03 +03:00
Code Issues 60 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #3846] DMARC: import_aggregated_report crashes when auth_results domain is missing (NotNullViolation on dmarc_result.domain) #1924

New issue
Open
opened 2026-02-27 11:19:55 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 11:19:55 +03:00
Owner
Copy link

Originally created by @jg-shinji-ueda on GitHub (Dec 25, 2025).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/3846

Originally assigned to: @tonioo on GitHub.

Impacted versions

  • OS Type: Ubuntu
  • OS Version: 24.04
  • Database Type: PostgreSQL
  • Database version: 16.11
  • Modoboa: 2.6.5
  • installer used: Yes
  • Webserver: Nginx

Additional:

  • Python: 3.12.3
  • DMARC importer path: site-packages/modoboa/dmarc/lib.py

Steps to reproduce

  1. Receive a DMARC aggregate report where an auth_results entry has a missing or empty domain value, e.g. <auth_results><dkim><domain/></dkim>...</auth_results> (domain text becomes None).
  2. Import it using the management command (pipe mode):
   /path/to/python /path/to/manage.py import_aggregated_report --pipe < report.eml

Current behavior

The import crashes with a PostgreSQL NOT NULL constraint violation:

psycopg.errors.NotNullViolation: null value in column "domain" of relation "dmarc_result" violates not-null constraint
DETAIL:  Failing row contains (..., dkim, null, fail, ...)

Because the importer is commonly executed via Postfix pipe delivery, the crash can cause DMARC report emails to bounce and ingestion to stop.

Expected behavior

The importer should not crash when the <auth_results><dkim|spf><domain> value is missing/empty. It should safely handle this case, for example by:

  • storing an empty string, or
  • falling back to a reasonable value such as identifiers/header_from (or the already-resolved local record.header_from.name), and continuing the import.

Video/Screenshot link (optional)

N/A

Notes / suspected root cause

In modoboa/dmarc/lib.py, the importer currently does:

domain = rnode.find("domain").text

If the <domain> element is present but empty (<domain/>) or missing, .text can be None, leading to a NULL insert into dmarc_result.domain (NOT NULL), and the import aborts.

Proposed fix (minimal)

Use findtext() and a fallback to avoid inserting NULL:

diff --git a/modoboa/dmarc/lib.py b/modoboa/dmarc/lib.py
@@ -81,11 +81,16 @@
       for rtype in ["spf", "dkim"]:
           rnode = auth_results.find(rtype)
           if not rnode:
               continue
+          domain = (rnode.findtext("domain") or "").strip()
+          if not domain:
+              domain = record.header_from.name
+          result = (rnode.findtext("result") or "").strip()
           models.Result.objects.create(
               record=record,
               type=rtype,
-              domain=rnode.find("domain").text,
-              result=rnode.find("result").text,
+              domain=domain,
+              result=result,
           )

I can provide a sanitized minimal XML/EML snippet to reproduce if needed (with domains/IPs removed).

Originally created by @jg-shinji-ueda on GitHub (Dec 25, 2025). Original GitHub issue: https://github.com/modoboa/modoboa/issues/3846 Originally assigned to: @tonioo on GitHub. # Impacted versions * OS Type: Ubuntu * OS Version: 24.04 * Database Type: PostgreSQL * Database version: 16.11 * Modoboa: 2.6.5 * installer used: Yes * Webserver: Nginx Additional: * Python: 3.12.3 * DMARC importer path: `site-packages/modoboa/dmarc/lib.py` # Steps to reproduce 1. Receive a DMARC aggregate report where an auth_results entry has a missing or empty domain value, e.g. `<auth_results><dkim><domain/></dkim>...</auth_results>` (domain text becomes `None`). 2. Import it using the management command (pipe mode): ```bash /path/to/python /path/to/manage.py import_aggregated_report --pipe < report.eml ```` # Current behavior The import crashes with a PostgreSQL NOT NULL constraint violation: ``` psycopg.errors.NotNullViolation: null value in column "domain" of relation "dmarc_result" violates not-null constraint DETAIL: Failing row contains (..., dkim, null, fail, ...) ``` Because the importer is commonly executed via Postfix pipe delivery, the crash can cause DMARC report emails to bounce and ingestion to stop. # Expected behavior The importer should not crash when the `<auth_results><dkim|spf><domain>` value is missing/empty. It should safely handle this case, for example by: * storing an empty string, or * falling back to a reasonable value such as `identifiers/header_from` (or the already-resolved local `record.header_from.name`), and continuing the import. # Video/Screenshot link (optional) N/A --- ## Notes / suspected root cause In `modoboa/dmarc/lib.py`, the importer currently does: ```python domain = rnode.find("domain").text ``` If the `<domain>` element is present but empty (`<domain/>`) or missing, `.text` can be `None`, leading to a NULL insert into `dmarc_result.domain` (NOT NULL), and the import aborts. ## Proposed fix (minimal) Use `findtext()` and a fallback to avoid inserting NULL: ```diff diff --git a/modoboa/dmarc/lib.py b/modoboa/dmarc/lib.py @@ -81,11 +81,16 @@ for rtype in ["spf", "dkim"]: rnode = auth_results.find(rtype) if not rnode: continue + domain = (rnode.findtext("domain") or "").strip() + if not domain: + domain = record.header_from.name + result = (rnode.findtext("result") or "").strip() models.Result.objects.create( record=record, type=rtype, - domain=rnode.find("domain").text, - result=rnode.find("result").text, + domain=domain, + result=result, ) ``` I can provide a sanitized minimal XML/EML snippet to reproduce if needed (with domains/IPs removed). ````
kerem commented 2026-02-27 11:19:55 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Jan 6, 2026):

@jg-shinji-ueda Can you please provide a snippet?

<!-- gh-comment-id:3713632010 --> @tonioo commented on GitHub (Jan 6, 2026): @jg-shinji-ueda Can you please provide a snippet?
kerem commented 2026-02-27 11:19:55 +03:00
Author
Owner
Copy link

@jg-shinji-ueda commented on GitHub (Feb 17, 2026):

@tonioo

https://github.com/modoboa/modoboa/issues/3846#issuecomment-3713632010

Sorry for late reply, and thank you for implements and fix. 😄

<!-- gh-comment-id:3911323858 --> @jg-shinji-ueda commented on GitHub (Feb 17, 2026): @tonioo https://github.com/modoboa/modoboa/issues/3846#issuecomment-3713632010 Sorry for late reply, and thank you for implements and fix. 😄
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/sievefilters-allow-email-in-rule-name
dependabot/npm_and_yarn/frontend/axios-1.15.0
translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP
translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP
fix/login-issue-3995
fix/sievefilters-issues
add-vitepress-openapi
2974-dmarc-empty-email
2.3.x
updated-doc-2.3.0
feature/OIDC
delete-all-alarms
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca
1.x
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK
1.8.x
1.7.x
1.6.x
1.4.x
1.3.x
1.2.x
2.8.2
2.8.1
2.8.0
2.7.2
2.7.1
2.7.0
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.1
2.5.0
2.4.11
2.4.10
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.3.0-beta.4
2.3.0-beta.3
2.3.0-beta.2
2.3.0-beta.1
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.1
1.17.0
1.16.1
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.7
1.10.6
1.10.5
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.2.2
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.2.0-rc2
1.2.0-rc1
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8.8
0.8.7
0.8.6.1
0.8.6
0.8.5
0.8.4
0.8.3
0.8.3-rc1
0.8.2
0.8.1
0.8
0.8-rc2
0.8-rc1
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5
0.3
0.2
0.1
Labels
Clear labels   
bug

   
bug

   
dependencies

   
design

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
feedback-needed

   
help-needed

   
help-needed

   
installer

   
invalid

   
looking-for-sponsors

   
modoboa-contacts

   
new-ui

   
new-ui

   
pr

   
pull-request

Mirrored from GitHub Pull Request

  
pyconfr

   
python

   
question

   
security

   
stale

   
webmail

   
wontfix
No labels
bug
bug
dependencies
design
documentation
duplicate
enhancement
enhancement
enhancement
feedback-needed
help-needed
help-needed
installer
invalid
looking-for-sponsors
modoboa-contacts
new-ui
new-ui
pr
pull-request
pyconfr
python
question
security
stale
webmail
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#1924
No description provided.