amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-04-24 14:29:27 +00:00
Code Issues Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
Sean Whalen
2022-09-10 15:17:46 -04:00
parent 597b13add2
commit 77f584ebd4
3 changed files with 81 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
_sources/index.md.txt
View File

@@ -618,13 +618,17 @@ least:
### geoipupdate setup
:::{note}
Starting in `parsedmarc` 7.1.0, a static copy of the [IP to Country Lite database] from IPDB is
distributed with `parsedmarc`, under the terms of the [Creative Commons Attribution 4.0 International License]. as
a fallback if the [MaxMind GeoLite2 Country database] is not installed However, `parsedmarc` cannot install updated
versions of these databases as they are released, so MaxMind's databases and [geoipupdate] tool is still the
preferable solution.
Starting in `parsedmarc` 7.1.0, a static copy of the
[IP to Country Lite database] from IPDB is distributed with
`parsedmarc`, under the terms of the
[Creative Commons Attribution 4.0 International License].
as a fallback if the [MaxMind GeoLite2 Country database] is not
installed However, `parsedmarc` cannot install updated versions of
these databases as they are released, so MaxMind's databases and the
[geoipupdate] tool is still the preferable solution.
The location of the database file can be overridden by using the `ip_db_path` setting.
The location of the database file can be overridden by using the
`ip_db_path` setting.
:::
On Debian 10 (Buster) or later, run:
@@ -652,7 +656,8 @@ from the [geoipupdate releases page on GitHub].
On December 30th, 2019, MaxMind started requiring free accounts to
access the free Geolite2 databases, in order [to
comply with various privacy regulations][to comply with various privacy regulations].
comply with various privacy
regulations][to comply with various privacy regulations].
Start by [registering for a free GeoLite2 account], and signing in.
@@ -742,8 +747,8 @@ sudo -u parsedmarc /opt/parsedmarc/venv -U parsedmarc
### Optional dependencies
If you would like to be able to parse emails saved from Microsoft Outlook
(i.e. OLE .msg files), install `msgconvert`:
If you would like to be able to parse emails saved from Microsoft
Outlook (i.e. OLE .msg files), install `msgconvert`:
On Debian or Ubuntu systems, run:
@@ -753,8 +758,8 @@ sudo apt-get install libemail-outlook-message-perl
### Testing multiple report analyzers
If you would like to test parsedmarc and another report processing solution
at the same time, you can have up to two mailto URIs each in the rua and ruf
If you would like to test parsedmarc and another report processing
solution at the same time, you can have up to two `mailto` URIs in each of the rua and ruf
tags in your DMARC record, separated by commas.
### Accessing an inbox using OWA/EWS
@@ -920,10 +925,10 @@ service davmail status
```
:::{note}
In the event of a crash, systemd will restart the service after 5 minutes,
but the `service davmail status` command will only show the logs for the
current process. To vew the logs for previous runs as well as the
current process (newest to oldest), run:
In the event of a crash, systemd will restart the service after 5
minutes, but the `service davmail status` command will only show the
logs for the current process. To vew the logs for previous runs as
well as the current process (newest to oldest), run:
```bash
journalctl -u davmail.service -r
@@ -1003,8 +1008,8 @@ sudo service kibana start
Without the commercial [X-Pack] or [ReadonlyREST] products, Kibana
does not have any authentication
mechanism of its own. You can use nginx as a reverse proxy that provides basic
authentication.
mechanism of its own. You can use nginx as a reverse proxy that
provides basic authentication.
```bash
sudo apt-get install -y nginx apache2-utils
@@ -1036,8 +1041,7 @@ openssl req -newkey rsa:4096-nodes -keyout kibana.key -out kibana.csr
```
Fill in the prompts. Watch out for Common Name (e.g. server FQDN or YOUR
domain name), which is the IP address or domain name that you will be hosting
Kibana on. it is the most important field.
domain name), which is the IP address or domain name that you will bebana on. it is the most important field.
If you generated a CSR, remove the CSR after you have your certs
@@ -1184,25 +1188,25 @@ check out the Elastic guide to [managing time-based indexes efficiently](https:/
Starting in version 4.3.0 `parsedmarc` supports sending aggregate and/or
forensic DMARC data to a Splunk [HTTP Event collector (HEC)].
The project repository contains [XML files] for premade Splunk dashboards for
aggregate and forensic DMARC reports.
The project repository contains [XML files] for premade Splunk
dashboards for aggregate and forensic DMARC reports.
Copy and paste the contents of each file into a separate Splunk dashboard XML
editor.
Copy and paste the contents of each file into a separate Splunk
dashboard XML editor.
:::{warning}
Change all occurrences of `index="email"` in the XML to
match your own index name.
:::
The Splunk dashboards display the same content and layout as the Kibana
dashboards, although the Kibana dashboards have slightly easier and more
flexible filtering options.
The Splunk dashboards display the same content and layout as the
Kibana dashboards, although the Kibana dashboards have slightly
easier and more flexible filtering options.
### Running parsedmarc as a systemd service
Use systemd to run `parsedmarc` as a service and process reports as they
arrive.
Use systemd to run `parsedmarc` as a service and process reports as
they arrive.
Protect the `parsedmarc` configuration file from prying eyes
@@ -1265,10 +1269,10 @@ service parsedmarc status
```
:::{note}
In the event of a crash, systemd will restart the service after 10 minutes,
but the `service parsedmarc status` command will only show the logs for the
current process. To vew the logs for previous runs as well as the
current process (newest to oldest), run:
In the event of a crash, systemd will restart the service after 10
minutes, but the `service parsedmarc status` command will only show
the logs for the current process. To vew the logs for previous runs
as well as the current process (newest to oldest), run:
```bash
journalctl -u parsedmarc.service -r
@@ -1278,8 +1282,8 @@ journalctl -u parsedmarc.service -r
## Using the Kibana dashboards
The Kibana DMARC dashboards are a human-friendly way to understand the results
from incoming DMARC reports.
The Kibana DMARC dashboards are a human-friendly way to understand the
results from incoming DMARC reports.
:::{note}
The default dashboard is DMARC Summary. To switch between dashboards,
@@ -1288,8 +1292,8 @@ click on the Dashboard link in the left side menu of Kibana.
### DMARC Summary
As the name suggests, this dashboard is the best place to start reviewing your
aggregate DMARC data.
As the name suggests, this dashboard is the best place to start
reviewing your aggregate DMARC data.
Across the top of the dashboard, three pie charts display the percentage of
alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment

76
index.html
View File

@@ -772,12 +772,16 @@ least:</p>
<h3>geoipupdate setup<a class="headerlink" href="#geoipupdate-setup" title="Permalink to this heading"></a></h3>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Starting in <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> 7.1.0, a static copy of the <a class="reference external" href="https://db-ip.com/db/download/ip-to-country-lite">IP to Country Lite database</a> from IPDB is
distributed with <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code>, under the terms of the <a class="reference external" href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>. as
a fallback if the <a class="reference external" href="https://dev.maxmind.com/geoip/geolite2-free-geolocation-data">MaxMind GeoLite2 Country database</a> is not installed However, <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> cannot install updated
versions of these databases as they are released, so MaxMinds databases and <a class="reference external" href="https://github.com/maxmind/geoipupdate">geoipupdate</a> tool is still the
preferable solution.</p>
<p>The location of the database file can be overridden by using the <code class="docutils literal notranslate"><span class="pre">ip_db_path</span></code> setting.</p>
<p>Starting in <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> 7.1.0, a static copy of the
<a class="reference external" href="https://db-ip.com/db/download/ip-to-country-lite">IP to Country Lite database</a> from IPDB is distributed with
<code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code>, under the terms of the
<a class="reference external" href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.
as a fallback if the <a class="reference external" href="https://dev.maxmind.com/geoip/geolite2-free-geolocation-data">MaxMind GeoLite2 Country database</a> is not
installed However, <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> cannot install updated versions of
these databases as they are released, so MaxMinds databases and the
<a class="reference external" href="https://github.com/maxmind/geoipupdate">geoipupdate</a> tool is still the preferable solution.</p>
<p>The location of the database file can be overridden by using the
<code class="docutils literal notranslate"><span class="pre">ip_db_path</span></code> setting.</p>
</div>
<p>On Debian 10 (Buster) or later, run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y geoipupdate
@@ -797,7 +801,8 @@ sudo apt install -y geoipupdate
from the <a class="reference external" href="https://github.com/maxmind/geoipupdate/releases">geoipupdate releases page on GitHub</a>.</p>
<p>On December 30th, 2019, MaxMind started requiring free accounts to
access the free Geolite2 databases, in order <a class="reference external" href="https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/">to
comply with various privacy regulations</a>.</p>
comply with various privacy
regulations</a>.</p>
<p>Start by <a class="reference external" href="https://www.maxmind.com/en/geolite2/signup">registering for a free GeoLite2 account</a>, and signing in.</p>
<p>Then, navigate the to the <a class="reference external" href="https://www.maxmind.com/en/accounts/current/license-key">License Keys</a> page under your account,
and create a new license key for the version of
@@ -864,8 +869,8 @@ explicitly tell <code class="docutils literal notranslate"><span class="pre">vir
</section>
<section id="optional-dependencies">
<h3>Optional dependencies<a class="headerlink" href="#optional-dependencies" title="Permalink to this heading"></a></h3>
<p>If you would like to be able to parse emails saved from Microsoft Outlook
(i.e. OLE .msg files), install <code class="docutils literal notranslate"><span class="pre">msgconvert</span></code>:</p>
<p>If you would like to be able to parse emails saved from Microsoft
Outlook (i.e. OLE .msg files), install <code class="docutils literal notranslate"><span class="pre">msgconvert</span></code>:</p>
<p>On Debian or Ubuntu systems, run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install libemail-outlook-message-perl
</pre></div>
@@ -873,8 +878,8 @@ explicitly tell <code class="docutils literal notranslate"><span class="pre">vir
</section>
<section id="testing-multiple-report-analyzers">
<h3>Testing multiple report analyzers<a class="headerlink" href="#testing-multiple-report-analyzers" title="Permalink to this heading"></a></h3>
<p>If you would like to test parsedmarc and another report processing solution
at the same time, you can have up to two mailto URIs each in the rua and ruf
<p>If you would like to test parsedmarc and another report processing
solution at the same time, you can have up to two <code class="docutils literal notranslate"><span class="pre">mailto</span></code> URIs in each of the rua and ruf
tags in your DMARC record, separated by commas.</p>
</section>
<section id="accessing-an-inbox-using-owa-ews">
@@ -1020,10 +1025,10 @@ sudo service davmail restart
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In the event of a crash, systemd will restart the service after 5 minutes,
but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">davmail</span> <span class="pre">status</span></code> command will only show the logs for the
current process. To vew the logs for previous runs as well as the
current process (newest to oldest), run:</p>
<p>In the event of a crash, systemd will restart the service after 5
minutes, but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">davmail</span> <span class="pre">status</span></code> command will only show the
logs for the current process. To vew the logs for previous runs as
well as the current process (newest to oldest), run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>journalctl -u davmail.service -r
</pre></div>
</div>
@@ -1091,8 +1096,8 @@ sudo service kibana start
</div>
<p>Without the commercial <a class="reference external" href="https://www.elastic.co/products/x-pack">X-Pack</a> or <a class="reference external" href="https://readonlyrest.com/">ReadonlyREST</a> products, Kibana
does not have any authentication
mechanism of its own. You can use nginx as a reverse proxy that provides basic
authentication.</p>
mechanism of its own. You can use nginx as a reverse proxy that
provides basic authentication.</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y nginx apache2-utils
</pre></div>
</div>
@@ -1114,8 +1119,7 @@ authentication.</p>
</pre></div>
</div>
<p>Fill in the prompts. Watch out for Common Name (e.g. server FQDN or YOUR
domain name), which is the IP address or domain name that you will be hosting
Kibana on. it is the most important field.</p>
domain name), which is the IP address or domain name that you will bebana on. it is the most important field.</p>
<p>If you generated a CSR, remove the CSR after you have your certs</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>rm -f kibana.csr
</pre></div>
@@ -1230,23 +1234,23 @@ check out the Elastic guide to <a class="reference external" href="https://www.e
<h3>Splunk<a class="headerlink" href="#splunk" title="Permalink to this heading"></a></h3>
<p>Starting in version 4.3.0 <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> supports sending aggregate and/or
forensic DMARC data to a Splunk <a class="reference external" href="http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC">HTTP Event collector (HEC)</a>.</p>
<p>The project repository contains <a class="reference external" href="https://github.com/domainaware/parsedmarc/tree/master/splunk">XML files</a> for premade Splunk dashboards for
aggregate and forensic DMARC reports.</p>
<p>Copy and paste the contents of each file into a separate Splunk dashboard XML
editor.</p>
<p>The project repository contains <a class="reference external" href="https://github.com/domainaware/parsedmarc/tree/master/splunk">XML files</a> for premade Splunk
dashboards for aggregate and forensic DMARC reports.</p>
<p>Copy and paste the contents of each file into a separate Splunk
dashboard XML editor.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Change all occurrences of <code class="docutils literal notranslate"><span class="pre">index=&quot;email&quot;</span></code> in the XML to
match your own index name.</p>
</div>
<p>The Splunk dashboards display the same content and layout as the Kibana
dashboards, although the Kibana dashboards have slightly easier and more
flexible filtering options.</p>
<p>The Splunk dashboards display the same content and layout as the
Kibana dashboards, although the Kibana dashboards have slightly
easier and more flexible filtering options.</p>
</section>
<section id="running-parsedmarc-as-a-systemd-service">
<h3>Running parsedmarc as a systemd service<a class="headerlink" href="#running-parsedmarc-as-a-systemd-service" title="Permalink to this heading"></a></h3>
<p>Use systemd to run <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> as a service and process reports as they
arrive.</p>
<p>Use systemd to run <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> as a service and process reports as
they arrive.</p>
<p>Protect the <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> configuration file from prying eyes</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo chown root:parsedmarc /etc/parsedmarc.ini
sudo chmod <span class="nv">u</span><span class="o">=</span>rw,g<span class="o">=</span>r,o<span class="o">=</span> /etc/parsedmarc.ini
@@ -1298,10 +1302,10 @@ sudo service parsedmarc restart
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In the event of a crash, systemd will restart the service after 10 minutes,
but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">parsedmarc</span> <span class="pre">status</span></code> command will only show the logs for the
current process. To vew the logs for previous runs as well as the
current process (newest to oldest), run:</p>
<p>In the event of a crash, systemd will restart the service after 10
minutes, but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">parsedmarc</span> <span class="pre">status</span></code> command will only show
the logs for the current process. To vew the logs for previous runs
as well as the current process (newest to oldest), run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>journalctl -u parsedmarc.service -r
</pre></div>
</div>
@@ -1310,8 +1314,8 @@ current process (newest to oldest), run:</p>
</section>
<section id="using-the-kibana-dashboards">
<h2>Using the Kibana dashboards<a class="headerlink" href="#using-the-kibana-dashboards" title="Permalink to this heading"></a></h2>
<p>The Kibana DMARC dashboards are a human-friendly way to understand the results
from incoming DMARC reports.</p>
<p>The Kibana DMARC dashboards are a human-friendly way to understand the
results from incoming DMARC reports.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The default dashboard is DMARC Summary. To switch between dashboards,
@@ -1319,8 +1323,8 @@ click on the Dashboard link in the left side menu of Kibana.</p>
</div>
<section id="dmarc-summary">
<h3>DMARC Summary<a class="headerlink" href="#dmarc-summary" title="Permalink to this heading"></a></h3>
<p>As the name suggests, this dashboard is the best place to start reviewing your
aggregate DMARC data.</p>
<p>As the name suggests, this dashboard is the best place to start
reviewing your aggregate DMARC data.</p>
<p>Across the top of the dashboard, three pie charts display the percentage of
alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment
will filter for that value.</p>

2
searchindex.js
View File

File diff suppressed because one or more lines are too long