mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-07-02 23:14:19 +00:00
4.1.1
This commit is contained in:
@@ -1,3 +1,11 @@
|
||||
|
||||
4.1.1
|
||||
-----
|
||||
|
||||
- Add splunk instructions
|
||||
- Change default logging level to `ERROR`
|
||||
- Reconnect reset IMAP connections when watching a folder
|
||||
|
||||
4.1.0
|
||||
-----
|
||||
|
||||
|
||||
+18
-2
@@ -276,7 +276,7 @@ Or, install the latest development release directly from GitHub:
|
||||
|
||||
.. note::
|
||||
|
||||
On Windows, ``pip3`` is ``pip``, even with Python 3. So on Windows, simply
|
||||
On Windows, ``pip3`` is ``pip``, even with Python 3. So on Windows,
|
||||
substitute ``pip`` as an administrator in place of ``sudo pip3``, in the
|
||||
above commands.
|
||||
|
||||
@@ -365,11 +365,16 @@ Testing multiple report analyzers
|
||||
|
||||
If you would like to test parsedmarc and another report processing solution
|
||||
at the same time, you can have up to two mailto URIs each in the rua and ruf
|
||||
tags tgs in your DMARC record, separated by commas.
|
||||
tags in your DMARC record, separated by commas.
|
||||
|
||||
Elasticsearch and Kibana
|
||||
------------------------
|
||||
|
||||
.. note::
|
||||
|
||||
Splunk is also supported starting with ``parsedmarc`` 4.1.1
|
||||
|
||||
|
||||
To set up visual dashboards of DMARC data, install Elasticsearch and Kibana.
|
||||
|
||||
.. note::
|
||||
@@ -595,6 +600,17 @@ select ``dmarc_aggregate`` for the other saved objects, as shown below.
|
||||
:align: center
|
||||
:target: _static/screenshots/index-pattern-conflicts.png
|
||||
|
||||
|
||||
Splunk
|
||||
------
|
||||
|
||||
Starting in version 4.1.1 ``parsedmarc`` supports sending aggregate and/or
|
||||
forensic DMARC data to a Splunk HTTP Events collector (HEC). Simply use the
|
||||
following command line options, along with ``--save-aggregate`` or
|
||||
``save-forensic``:
|
||||
|
||||
|
||||
|
||||
Running parsedmarc as a systemd service
|
||||
---------------------------------------
|
||||
|
||||
|
||||
+35
-5
@@ -44,10 +44,10 @@ import imapclient.exceptions
|
||||
import dateparser
|
||||
import mailparser
|
||||
|
||||
__version__ = "4.1.0"
|
||||
__version__ = "4.1."
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
logger.setLevel(logging.INFO)
|
||||
logger.setLevel(logging.ERROR)
|
||||
|
||||
feedback_report_regex = re.compile(r"^([\w\-]+): (.+)$", re.MULTILINE)
|
||||
|
||||
@@ -1528,7 +1528,7 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX",
|
||||
except imapclient.exceptions.IMAPClientError as error:
|
||||
error = error.__str__().replace("b'", "").replace("'", "")
|
||||
# Workaround for random Exchange/Office365 IMAP errors
|
||||
if "Server Unavailable. 15" in error:
|
||||
if "Server Unavailable. 15" in error or "BAD" in error:
|
||||
logger.debug("IMAP error: {0}".format(error))
|
||||
logger.debug("Reconnecting watcher")
|
||||
server = imapclient.IMAPClient(host)
|
||||
@@ -1553,7 +1553,23 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX",
|
||||
except ConnectionRefusedError:
|
||||
raise IMAPError("Connection refused")
|
||||
except ConnectionResetError:
|
||||
raise IMAPError("Connection reset")
|
||||
logger.debug("IMAP error: Connection reset")
|
||||
logger.debug("Reconnecting watcher")
|
||||
server = imapclient.IMAPClient(host)
|
||||
server.login(username, password)
|
||||
server.select_folder(rf)
|
||||
idle_start_time = time.monotonic()
|
||||
ms = "MOVE" in get_imap_capabilities(server)
|
||||
res = get_dmarc_reports_from_inbox(connection=server,
|
||||
move_supported=ms,
|
||||
reports_folder=rf,
|
||||
archive_folder=af,
|
||||
delete=delete,
|
||||
test=test,
|
||||
nameservers=ns,
|
||||
dns_timeout=dt)
|
||||
callback(res)
|
||||
server.idle()
|
||||
except ConnectionAbortedError:
|
||||
raise IMAPError("Connection aborted")
|
||||
except TimeoutError:
|
||||
@@ -1614,7 +1630,21 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX",
|
||||
except ConnectionRefusedError:
|
||||
raise IMAPError("Connection refused")
|
||||
except ConnectionResetError:
|
||||
raise IMAPError("Connection reset")
|
||||
logger.debug("IMAP error: Connection reset")
|
||||
logger.debug("Reconnecting watcher")
|
||||
server = imapclient.IMAPClient(host)
|
||||
server.login(username, password)
|
||||
server.select_folder(rf)
|
||||
idle_start_time = time.monotonic()
|
||||
ms = "MOVE" in get_imap_capabilities(server)
|
||||
res = get_dmarc_reports_from_inbox(connection=server,
|
||||
move_supported=ms,
|
||||
reports_folder=rf,
|
||||
archive_folder=af,
|
||||
delete=delete,
|
||||
test=test,
|
||||
nameservers=ns,
|
||||
dns_timeout=dt)
|
||||
except ConnectionAbortedError:
|
||||
raise IMAPError("Connection aborted")
|
||||
except TimeoutError:
|
||||
|
||||
+3
-2
@@ -108,10 +108,11 @@ def _main():
|
||||
"Collector (HEC)")
|
||||
arg_parser.add_argument("--hec-token", help="The authorization token for "
|
||||
"a Splunk "
|
||||
"HTTP event collector (HEC)")
|
||||
"HTTP Event Collector (HEC)")
|
||||
arg_parser.add_argument("--hec-index", help="The index to use when "
|
||||
"sending events to the "
|
||||
"Splunk HTTP Events")
|
||||
"Splunk HTTP Event Collector "
|
||||
"(HEC)")
|
||||
arg_parser.add_argument("--hec-skip-certificate-verification",
|
||||
action="store_true",
|
||||
default=False,
|
||||
|
||||
@@ -14,7 +14,7 @@ from setuptools import setup
|
||||
from codecs import open
|
||||
from os import path
|
||||
|
||||
__version__ = "4.1.0"
|
||||
__version__ = "4.1.1"
|
||||
description = "A Python package and CLI for parsing aggregate and " \
|
||||
"forensic DMARC reports"
|
||||
|
||||
|
||||
@@ -107,7 +107,7 @@
|
||||
<title>Reporting organizations</title>
|
||||
<table>
|
||||
<search>
|
||||
<query>index="email" sourcetype="dmarc:aggregate" | chart sum(message_count) by org_name | sort -sum(message_count)</query>
|
||||
<query>index="email" sourcetype="dmarc:aggregate" sourcetype="dmarc:aggregate" spf_aligned=$spf_aligned$ dkim_aligned=$dkim_aligned$ passed_dmarc=$passed_dmarc$ org_name=$org_name$ source_reverse_dns=$source_reverse_dns$ header_from=$header_from$ envelope_from=$envelope_from$ disposition=$disposition$ source_ip_address=$source_ip_address$ source_country=$source_country$ | chart sum(message_count) by org_name | sort -sum(message_count)</query>
|
||||
<earliest>$time_range.earliest$</earliest>
|
||||
<latest>$time_range.latest$</latest>
|
||||
</search>
|
||||
|
||||
Reference in New Issue
Block a user