Package com.mimecast.robin.bots
Class ForensicBot
java.lang.Object
com.mimecast.robin.bots.ForensicBot
- All Implemented Interfaces:
BotProcessor
AFRF (Authentication Failure Reporting Format) forensic report processing bot.
Parses forensic reports (RFC 6591) from multipart/report emails and sends them to the robin-admin API for storage and visualization.
These are individual email failure reports for DMARC, DKIM, or SPF authentication failures, as opposed to aggregate reports.
Expected MIME structure:
- Part 1: text/plain - Human readable summary
- Part 2: message/feedback-report - Machine readable report fields
- Part 3: message/rfc822 or text/rfc822-headers - Original email or headers
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate StringcleanEmailAddress(String email) Cleans an email address by removing angle brackets.extractForensicReport(EmailParser emailParser) Extracts forensic report from email parts.private StringextractHeaderValue(String headers, String headerName) Extracts a header value from raw headers text.private StringgetContentType(MimePart part) Gets content type from MIME part headers.getName()Gets the name of this bot for factory registration.private byte[]getPartContent(MimePart part) Gets content bytes from a MIME part.private voidparseFeedbackReport(MimePart part, Map<String, Object> report) Parses the message/feedback-report part into a map.voidprocess(Connection connection, EmailParser emailParser, String botAddress, BotConfig.BotDefinition botDefinition) Processes an email for bot analysis and generates a response.private voidsendToAdminApi(Map<String, Object> report, Connection connection, BotConfig.BotDefinition botDefinition) Sends forensic report to the robin-admin API.
-
Field Details
-
log
private static final org.apache.logging.log4j.Logger log -
gson
private static final com.google.gson.Gson gson
-
-
Constructor Details
-
ForensicBot
public ForensicBot()
-
-
Method Details
-
getName
Description copied from interface:BotProcessorGets the name of this bot for factory registration.- Specified by:
getNamein interfaceBotProcessor- Returns:
- Bot name.
-
process
public void process(Connection connection, EmailParser emailParser, String botAddress, BotConfig.BotDefinition botDefinition) Description copied from interface:BotProcessorProcesses an email for bot analysis and generates a response.This method is called from a dedicated bot thread pool.
Each bot receives its own
EmailParserinstance created from the message source, allowing safe concurrent access to the email content.- Specified by:
processin interfaceBotProcessor- Parameters:
connection- SMTP connection instance containing cloned session data.emailParser- Parsed email instance (headers only). May be null if the message source is unavailable or parsing failed.botAddress- The bot address that matched (e.g., "robot+token@example.com").botDefinition- Bot definition containing configuration like endpoint URL.
-
extractForensicReport
Extracts forensic report from email parts.- Parameters:
emailParser- Parsed email.- Returns:
- Report data map, or null if not found.
-
parseFeedbackReport
Parses the message/feedback-report part into a map.- Parameters:
part- The MIME part containing the feedback report.report- Map to populate with parsed fields.- Throws:
IOException
-
cleanEmailAddress
Cleans an email address by removing angle brackets. -
extractHeaderValue
Extracts a header value from raw headers text. -
getContentType
Gets content type from MIME part headers. -
getPartContent
Gets content bytes from a MIME part.- Throws:
IOException
-
sendToAdminApi
private void sendToAdminApi(Map<String, Object> report, Connection connection, BotConfig.BotDefinition botDefinition) Sends forensic report to the robin-admin API.- Parameters:
report- Parsed forensic report.connection- SMTP connection.botDefinition- Bot config definition.
-