mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-07-03 23:44:17 +00:00
6.0.0
This commit is contained in:
+11
-17
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Overview: module code — parsedmarc 5.3.0 documentation</title>
|
||||
<title>Overview: module code — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -157,7 +157,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -176,20 +176,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'../',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="../_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+36
-41
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>parsedmarc — parsedmarc 5.3.0 documentation</title>
|
||||
<title>parsedmarc — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -183,7 +183,7 @@
|
||||
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="k">import</span> <span class="n">timestamp_to_human</span><span class="p">,</span> <span class="n">human_timestamp_to_datetime</span>
|
||||
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="k">import</span> <span class="n">parse_email</span>
|
||||
|
||||
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">"5.3.0"</span>
|
||||
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">"6.0.0"</span>
|
||||
|
||||
<span class="n">logging</span><span class="o">.</span><span class="n">basicConfig</span><span class="p">(</span>
|
||||
<span class="nb">format</span><span class="o">=</span><span class="s1">'</span><span class="si">%(levelname)8s</span><span class="s1">:</span><span class="si">%(filename)s</span><span class="s1">:</span><span class="si">%(lineno)d</span><span class="s1">:'</span>
|
||||
@@ -228,7 +228,7 @@
|
||||
<span class="sd">"""Raised when an invalid DMARC forensic report is encountered"""</span></div>
|
||||
|
||||
|
||||
<span class="k">def</span> <span class="nf">_parse_report_record</span><span class="p">(</span><span class="n">record</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">):</span>
|
||||
<span class="k">def</span> <span class="nf">_parse_report_record</span><span class="p">(</span><span class="n">record</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">dns_timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">):</span>
|
||||
<span class="sd">"""</span>
|
||||
<span class="sd"> Converts a record from a DMARC aggregate report into a more consistent</span>
|
||||
<span class="sd"> format</span>
|
||||
@@ -237,7 +237,7 @@
|
||||
<span class="sd"> record (OrderedDict): The record to convert</span>
|
||||
<span class="sd"> nameservers (list): A list of one or more nameservers to use</span>
|
||||
<span class="sd"> (Cloudflare's public DNS resolvers by default)</span>
|
||||
<span class="sd"> timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> dns_timeout (float): Sets the DNS timeout in seconds</span>
|
||||
|
||||
<span class="sd"> Returns:</span>
|
||||
<span class="sd"> OrderedDict: The converted record</span>
|
||||
@@ -249,7 +249,7 @@
|
||||
<span class="n">new_record_source</span> <span class="o">=</span> <span class="n">get_ip_address_info</span><span class="p">(</span><span class="n">record</span><span class="p">[</span><span class="s2">"row"</span><span class="p">][</span><span class="s2">"source_ip"</span><span class="p">],</span>
|
||||
<span class="n">cache</span><span class="o">=</span><span class="n">IP_ADDRESS_CACHE</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">)</span>
|
||||
<span class="n">new_record</span><span class="p">[</span><span class="s2">"source"</span><span class="p">]</span> <span class="o">=</span> <span class="n">new_record_source</span>
|
||||
<span class="n">new_record</span><span class="p">[</span><span class="s2">"count"</span><span class="p">]</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">record</span><span class="p">[</span><span class="s2">"row"</span><span class="p">][</span><span class="s2">"count"</span><span class="p">])</span>
|
||||
<span class="n">policy_evaluated</span> <span class="o">=</span> <span class="n">record</span><span class="p">[</span><span class="s2">"row"</span><span class="p">][</span><span class="s2">"policy_evaluated"</span><span class="p">]</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
|
||||
@@ -448,13 +448,13 @@
|
||||
<span class="k">for</span> <span class="n">record</span> <span class="ow">in</span> <span class="n">report</span><span class="p">[</span><span class="s2">"record"</span><span class="p">]:</span>
|
||||
<span class="n">report_record</span> <span class="o">=</span> <span class="n">_parse_report_record</span><span class="p">(</span><span class="n">record</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">records</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">report_record</span><span class="p">)</span>
|
||||
|
||||
<span class="k">else</span><span class="p">:</span>
|
||||
<span class="n">report_record</span> <span class="o">=</span> <span class="n">_parse_report_record</span><span class="p">(</span><span class="n">report</span><span class="p">[</span><span class="s2">"record"</span><span class="p">],</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">records</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">report_record</span><span class="p">)</span>
|
||||
|
||||
<span class="n">new_report</span><span class="p">[</span><span class="s2">"records"</span><span class="p">]</span> <span class="o">=</span> <span class="n">records</span>
|
||||
@@ -520,7 +520,7 @@
|
||||
<span class="k">return</span> <span class="n">xml</span></div>
|
||||
|
||||
|
||||
<div class="viewcode-block" id="parse_aggregate_report_file"><a class="viewcode-back" href="../index.html#parsedmarc.parse_aggregate_report_file">[docs]</a><span class="k">def</span> <span class="nf">parse_aggregate_report_file</span><span class="p">(</span><span class="n">_input</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">):</span>
|
||||
<div class="viewcode-block" id="parse_aggregate_report_file"><a class="viewcode-back" href="../index.html#parsedmarc.parse_aggregate_report_file">[docs]</a><span class="k">def</span> <span class="nf">parse_aggregate_report_file</span><span class="p">(</span><span class="n">_input</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">dns_timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">):</span>
|
||||
<span class="sd">"""Parses a file at the given path, a file-like object. or bytes as a</span>
|
||||
<span class="sd"> aggregate DMARC report</span>
|
||||
|
||||
@@ -528,7 +528,7 @@
|
||||
<span class="sd"> _input: A path to a file, a file like object, or bytes</span>
|
||||
<span class="sd"> nameservers (list): A list of one or more nameservers to use</span>
|
||||
<span class="sd"> (Cloudflare's public DNS resolvers by default)</span>
|
||||
<span class="sd"> timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> dns_timeout (float): Sets the DNS timeout in seconds</span>
|
||||
|
||||
<span class="sd"> Returns:</span>
|
||||
<span class="sd"> OrderedDict: The parsed DMARC aggregate report</span>
|
||||
@@ -537,7 +537,7 @@
|
||||
|
||||
<span class="k">return</span> <span class="n">parse_aggregate_report_xml</span><span class="p">(</span><span class="n">xml</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span></div>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">)</span></div>
|
||||
|
||||
|
||||
<div class="viewcode-block" id="parsed_aggregate_reports_to_csv"><a class="viewcode-back" href="../index.html#parsedmarc.parsed_aggregate_reports_to_csv">[docs]</a><span class="k">def</span> <span class="nf">parsed_aggregate_reports_to_csv</span><span class="p">(</span><span class="n">reports</span><span class="p">):</span>
|
||||
@@ -651,7 +651,7 @@
|
||||
|
||||
|
||||
<div class="viewcode-block" id="parse_forensic_report"><a class="viewcode-back" href="../index.html#parsedmarc.parse_forensic_report">[docs]</a><span class="k">def</span> <span class="nf">parse_forensic_report</span><span class="p">(</span><span class="n">feedback_report</span><span class="p">,</span> <span class="n">sample</span><span class="p">,</span> <span class="n">msg_date</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">dns_timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
|
||||
<span class="sd">"""</span>
|
||||
<span class="sd"> Converts a DMARC forensic report and sample to a ``OrderedDict``</span>
|
||||
@@ -662,7 +662,7 @@
|
||||
<span class="sd"> msg_date (str): The message's date header</span>
|
||||
<span class="sd"> nameservers (list): A list of one or more nameservers to use</span>
|
||||
<span class="sd"> (Cloudflare's public DNS resolvers by default)</span>
|
||||
<span class="sd"> timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> dns_timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> strip_attachment_payloads (bool): Remove attachment payloads from</span>
|
||||
<span class="sd"> forensic report results</span>
|
||||
|
||||
@@ -696,7 +696,7 @@
|
||||
<span class="n">ip_address</span> <span class="o">=</span> <span class="n">parsed_report</span><span class="p">[</span><span class="s2">"source_ip"</span><span class="p">]</span>
|
||||
<span class="n">parsed_report_source</span> <span class="o">=</span> <span class="n">get_ip_address_info</span><span class="p">(</span><span class="n">ip_address</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">)</span>
|
||||
<span class="n">parsed_report</span><span class="p">[</span><span class="s2">"source"</span><span class="p">]</span> <span class="o">=</span> <span class="n">parsed_report_source</span>
|
||||
<span class="k">del</span> <span class="n">parsed_report</span><span class="p">[</span><span class="s2">"source_ip"</span><span class="p">]</span>
|
||||
|
||||
@@ -795,7 +795,7 @@
|
||||
<span class="k">return</span> <span class="n">csv_file</span><span class="o">.</span><span class="n">getvalue</span><span class="p">()</span></div>
|
||||
|
||||
|
||||
<div class="viewcode-block" id="parse_report_email"><a class="viewcode-back" href="../index.html#parsedmarc.parse_report_email">[docs]</a><span class="k">def</span> <span class="nf">parse_report_email</span><span class="p">(</span><span class="n">input_</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<div class="viewcode-block" id="parse_report_email"><a class="viewcode-back" href="../index.html#parsedmarc.parse_report_email">[docs]</a><span class="k">def</span> <span class="nf">parse_report_email</span><span class="p">(</span><span class="n">input_</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">dns_timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
|
||||
<span class="sd">"""</span>
|
||||
<span class="sd"> Parses a DMARC report from an email</span>
|
||||
@@ -803,7 +803,7 @@
|
||||
<span class="sd"> Args:</span>
|
||||
<span class="sd"> input_: An emailed DMARC report in RFC 822 format, as bytes or a string</span>
|
||||
<span class="sd"> nameservers (list): A list of one or more nameservers to use</span>
|
||||
<span class="sd"> timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> dns_timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> strip_attachment_payloads (bool): Remove attachment payloads from</span>
|
||||
<span class="sd"> forensic report results</span>
|
||||
|
||||
@@ -865,7 +865,7 @@
|
||||
<span class="n">sample</span><span class="p">,</span>
|
||||
<span class="n">date</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">,</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="n">strip_attachment_payloads</span><span class="p">)</span>
|
||||
<span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
|
||||
<span class="k">raise</span> <span class="n">InvalidForensicReport</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="fm">__str__</span><span class="p">())</span>
|
||||
@@ -880,9 +880,10 @@
|
||||
<span class="n">payload</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">MAGIC_GZIP</span><span class="p">)</span> <span class="ow">or</span> \
|
||||
<span class="n">payload</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">MAGIC_XML</span><span class="p">):</span>
|
||||
<span class="n">ns</span> <span class="o">=</span> <span class="n">nameservers</span>
|
||||
<span class="n">aggregate_report</span> <span class="o">=</span> <span class="n">parse_aggregate_report_file</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">ns</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">aggregate_report</span> <span class="o">=</span> <span class="n">parse_aggregate_report_file</span><span class="p">(</span>
|
||||
<span class="n">payload</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">ns</span><span class="p">,</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">)</span>
|
||||
<span class="n">result</span> <span class="o">=</span> <span class="n">OrderedDict</span><span class="p">([(</span><span class="s2">"report_type"</span><span class="p">,</span> <span class="s2">"aggregate"</span><span class="p">),</span>
|
||||
<span class="p">(</span><span class="s2">"report"</span><span class="p">,</span> <span class="n">aggregate_report</span><span class="p">)])</span>
|
||||
<span class="k">except</span> <span class="p">(</span><span class="ne">TypeError</span><span class="p">,</span> <span class="ne">ValueError</span><span class="p">,</span> <span class="n">binascii</span><span class="o">.</span><span class="n">Error</span><span class="p">):</span>
|
||||
@@ -913,7 +914,7 @@
|
||||
<span class="k">return</span> <span class="n">result</span></div>
|
||||
|
||||
|
||||
<div class="viewcode-block" id="parse_report_file"><a class="viewcode-back" href="../index.html#parsedmarc.parse_report_file">[docs]</a><span class="k">def</span> <span class="nf">parse_report_file</span><span class="p">(</span><span class="n">input_</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<div class="viewcode-block" id="parse_report_file"><a class="viewcode-back" href="../index.html#parsedmarc.parse_report_file">[docs]</a><span class="k">def</span> <span class="nf">parse_report_file</span><span class="p">(</span><span class="n">input_</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">dns_timeout</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
|
||||
<span class="sd">"""Parses a DMARC aggregate or forensic file at the given path, a</span>
|
||||
<span class="sd"> file-like object. or bytes</span>
|
||||
@@ -922,7 +923,7 @@
|
||||
<span class="sd"> input_: A path to a file, a file like object, or bytes</span>
|
||||
<span class="sd"> nameservers (list): A list of one or more nameservers to use</span>
|
||||
<span class="sd"> (Cloudflare's public DNS resolvers by default)</span>
|
||||
<span class="sd"> timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> dns_timeout (float): Sets the DNS timeout in seconds</span>
|
||||
<span class="sd"> strip_attachment_payloads (bool): Remove attachment payloads from</span>
|
||||
<span class="sd"> forensic report results</span>
|
||||
|
||||
@@ -939,7 +940,7 @@
|
||||
<span class="n">content</span> <span class="o">=</span> <span class="n">file_object</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
|
||||
<span class="k">try</span><span class="p">:</span>
|
||||
<span class="n">report</span> <span class="o">=</span> <span class="n">parse_aggregate_report_file</span><span class="p">(</span><span class="n">content</span><span class="p">,</span> <span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">)</span>
|
||||
<span class="n">results</span> <span class="o">=</span> <span class="n">OrderedDict</span><span class="p">([(</span><span class="s2">"report_type"</span><span class="p">,</span> <span class="s2">"aggregate"</span><span class="p">),</span>
|
||||
<span class="p">(</span><span class="s2">"report"</span><span class="p">,</span> <span class="n">report</span><span class="p">)])</span>
|
||||
<span class="k">except</span> <span class="n">InvalidAggregateReport</span><span class="p">:</span>
|
||||
@@ -947,7 +948,7 @@
|
||||
<span class="n">sa</span> <span class="o">=</span> <span class="n">strip_attachment_payloads</span>
|
||||
<span class="n">results</span> <span class="o">=</span> <span class="n">parse_report_email</span><span class="p">(</span><span class="n">content</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">,</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="n">sa</span><span class="p">)</span>
|
||||
<span class="k">except</span> <span class="n">InvalidDMARCReport</span><span class="p">:</span>
|
||||
<span class="k">raise</span> <span class="n">InvalidDMARCReport</span><span class="p">(</span><span class="s2">"Not a valid aggregate or forensic "</span>
|
||||
@@ -1024,7 +1025,7 @@
|
||||
<span class="k">yield</span> <span class="n">l</span><span class="p">[</span><span class="n">i</span><span class="p">:</span><span class="n">i</span> <span class="o">+</span> <span class="n">n</span><span class="p">]</span>
|
||||
|
||||
<span class="k">if</span> <span class="n">delete</span> <span class="ow">and</span> <span class="n">test</span><span class="p">:</span>
|
||||
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"--delete and --test options are mutually exclusive"</span><span class="p">)</span>
|
||||
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"delete and test options are mutually exclusive"</span><span class="p">)</span>
|
||||
|
||||
<span class="k">if</span> <span class="n">connection</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">and</span> <span class="p">(</span><span class="n">user</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">password</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">):</span>
|
||||
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"Must supply a connection, or a username and "</span>
|
||||
@@ -1163,7 +1164,7 @@
|
||||
<span class="n">sa</span> <span class="o">=</span> <span class="n">strip_attachment_payloads</span>
|
||||
<span class="n">parsed_email</span> <span class="o">=</span> <span class="n">parse_report_email</span><span class="p">(</span><span class="n">msg_content</span><span class="p">,</span>
|
||||
<span class="n">nameservers</span><span class="o">=</span><span class="n">nameservers</span><span class="p">,</span>
|
||||
<span class="n">timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">,</span>
|
||||
<span class="n">dns_timeout</span><span class="o">=</span><span class="n">dns_timeout</span><span class="p">,</span>
|
||||
<span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="n">sa</span><span class="p">)</span>
|
||||
<span class="k">if</span> <span class="n">parsed_email</span><span class="p">[</span><span class="s2">"report_type"</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"aggregate"</span><span class="p">:</span>
|
||||
<span class="n">aggregate_reports</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">parsed_email</span><span class="p">[</span><span class="s2">"report"</span><span class="p">])</span>
|
||||
@@ -1943,7 +1944,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -1962,20 +1963,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'../',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="../_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>parsedmarc.elastic — parsedmarc 5.3.0 documentation</title>
|
||||
<title>parsedmarc.elastic — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -664,7 +664,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -683,20 +683,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'../../',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="../../_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>parsedmarc.splunk — parsedmarc 5.3.0 documentation</title>
|
||||
<title>parsedmarc.splunk — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -316,7 +316,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -335,20 +335,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'../../',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="../../_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>parsedmarc.utils — parsedmarc 5.3.0 documentation</title>
|
||||
<title>parsedmarc.utils — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -689,7 +689,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -708,20 +708,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'../../',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="../../_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+140
-177
@@ -18,7 +18,8 @@ parsedmarc documentation - Open source DMARC report analyzer and visualizer
|
||||
``parsedmarc`` is a Python module and CLI utility for parsing DMARC reports.
|
||||
When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted
|
||||
open source alternative to commercial DMARC report processing services such
|
||||
as Agari, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense.
|
||||
as Agari Brand Protection, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense,
|
||||
and Valimail.
|
||||
|
||||
Features
|
||||
========
|
||||
@@ -61,30 +62,9 @@ CLI help
|
||||
|
||||
::
|
||||
|
||||
usage: parsedmarc [-h] [--strip-attachment-payloads] [-o OUTPUT]
|
||||
[-n NAMESERVERS [NAMESERVERS ...]] [-t TIMEOUT] [-H HOST]
|
||||
[-u USER] [-p PASSWORD] [--imap-port IMAP_PORT]
|
||||
[--imap-skip-certificate-verification] [--imap-no-ssl]
|
||||
[-r REPORTS_FOLDER] [-a ARCHIVE_FOLDER] [-d]
|
||||
[-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]]
|
||||
[--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX]
|
||||
[--elasticsearch-use-ssl]
|
||||
[--elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH]
|
||||
[--elasticsearch-monthly-indexes] [--hec HEC]
|
||||
[--hec-token HEC_TOKEN] [--hec-index HEC_INDEX]
|
||||
[--hec-skip-certificate-verification]
|
||||
[-K [KAFKA_HOSTS [KAFKA_HOSTS ...]]]
|
||||
[--kafka-username KAFKA_USERNAME]
|
||||
[--kafka-password KAFKA_PASSWORD] [--kafka-use-ssl]
|
||||
[--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC]
|
||||
[--kafka-forensic_topic KAFKA_FORENSIC_TOPIC]
|
||||
[--save-aggregate] [--save-forensic] [-O OUTGOING_HOST]
|
||||
[-U OUTGOING_USER] [-P OUTGOING_PASSWORD]
|
||||
[--outgoing-port OUTGOING_PORT]
|
||||
[--outgoing-ssl OUTGOING_SSL] [-F OUTGOING_FROM]
|
||||
[-T OUTGOING_TO [OUTGOING_TO ...]] [-S OUTGOING_SUBJECT]
|
||||
[-A OUTGOING_ATTACHMENT] [-M OUTGOING_MESSAGE] [-w] [--test]
|
||||
[-s] [--debug] [--log-file LOG_FILE] [-v]
|
||||
usage: parsedmarc [-h] [-c CONFIG_FILE] [--strip-attachment-payloads]
|
||||
[-o OUTPUT] [-n NAMESERVERS [NAMESERVERS ...]]
|
||||
[-t DNS_TIMEOUT] [-s] [--debug] [--log-file LOG_FILE] [-v]
|
||||
[file_path [file_path ...]]
|
||||
|
||||
Parses DMARC reports
|
||||
@@ -95,6 +75,8 @@ CLI help
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
-c CONFIG_FILE, --config-file CONFIG_FILE
|
||||
A path to a configuration file (--silent implied)
|
||||
--strip-attachment-payloads
|
||||
remove attachment payloads from forensic report output
|
||||
-o OUTPUT, --output OUTPUT
|
||||
@@ -102,92 +84,130 @@ CLI help
|
||||
-n NAMESERVERS [NAMESERVERS ...], --nameservers NAMESERVERS [NAMESERVERS ...]
|
||||
nameservers to query (default is Cloudflare's
|
||||
nameservers)
|
||||
-t TIMEOUT, --timeout TIMEOUT
|
||||
-t DNS_TIMEOUT, --dns_timeout DNS_TIMEOUT
|
||||
number of seconds to wait for an answer from DNS
|
||||
(default: 6.0)
|
||||
-H HOST, --host HOST an IMAP hostname or IP address
|
||||
-u USER, --user USER an IMAP user
|
||||
-p PASSWORD, --password PASSWORD
|
||||
an IMAP password
|
||||
--imap-port IMAP_PORT
|
||||
an IMAP port
|
||||
--imap-skip-certificate-verification
|
||||
skip certificate verification for IMAP
|
||||
--imap-no-ssl do not use SSL/TLS when connecting to IMAP
|
||||
-r REPORTS_FOLDER, --reports-folder REPORTS_FOLDER
|
||||
the IMAP folder containing the reports (default:
|
||||
INBOX)
|
||||
-a ARCHIVE_FOLDER, --archive-folder ARCHIVE_FOLDER
|
||||
specifies the IMAP folder to move messages to after
|
||||
processing them (default: Archive)
|
||||
-d, --delete delete the reports after processing them
|
||||
-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]], --elasticsearch-host [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]
|
||||
une or more Elasticsearch hostnames or URLs to use
|
||||
(e.g. localhost:9200)
|
||||
--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX
|
||||
append this suffix to the dmarc_aggregate and
|
||||
dmarc_forensic Elasticsearch index names, joined by _
|
||||
--elasticsearch-use-ssl
|
||||
Use SSL when connecting to Elasticsearch
|
||||
--elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH
|
||||
Path to the Elasticsearch SSL certificate
|
||||
--elasticsearch-monthly-indexes
|
||||
Use monthly Elasticsearch indexes instead of daily
|
||||
indexes
|
||||
--hec HEC the URL to a Splunk HTTP Event Collector (HEC)
|
||||
--hec-token HEC_TOKEN
|
||||
the authorization token for a Splunk HTTP Event
|
||||
Collector (HEC)
|
||||
--hec-index HEC_INDEX
|
||||
the index to use when sending events to the Splunk
|
||||
HTTP Event Collector (HEC)
|
||||
--hec-skip-certificate-verification
|
||||
skip certificate verification for Splunk HEC
|
||||
-K [KAFKA_HOSTS [KAFKA_HOSTS ...]], --kafka-hosts [KAFKA_HOSTS [KAFKA_HOSTS ...]]
|
||||
a list of one or more Kafka hostnames
|
||||
--kafka-username KAFKA_USERNAME
|
||||
an optional Kafka username
|
||||
--kafka-password KAFKA_PASSWORD
|
||||
an optional Kafka password
|
||||
--kafka-use-ssl use SSL/TLS to connect to Kafka (implied when --kafka-
|
||||
username or --kafka-password are provided)
|
||||
--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC
|
||||
the Kafka topic to publish aggregate reports to
|
||||
(default: dmarc_aggregate)
|
||||
--kafka-forensic_topic KAFKA_FORENSIC_TOPIC
|
||||
the Kafka topic to publish forensic reports to
|
||||
(default: dmarc_forensic)
|
||||
--save-aggregate save aggregate reports to search indexes
|
||||
--save-forensic save forensic reports to search indexes
|
||||
-O OUTGOING_HOST, --outgoing-host OUTGOING_HOST
|
||||
email the results using this host
|
||||
-U OUTGOING_USER, --outgoing-user OUTGOING_USER
|
||||
email the results using this user
|
||||
-P OUTGOING_PASSWORD, --outgoing-password OUTGOING_PASSWORD
|
||||
email the results using this password
|
||||
--outgoing-port OUTGOING_PORT
|
||||
email the results using this port
|
||||
--outgoing-ssl OUTGOING_SSL
|
||||
use SSL/TLS instead of STARTTLS (more secure, and
|
||||
required by some providers, like Gmail)
|
||||
-F OUTGOING_FROM, --outgoing-from OUTGOING_FROM
|
||||
email the results using this from address
|
||||
-T OUTGOING_TO [OUTGOING_TO ...], --outgoing-to OUTGOING_TO [OUTGOING_TO ...]
|
||||
email the results to these addresses
|
||||
-S OUTGOING_SUBJECT, --outgoing-subject OUTGOING_SUBJECT
|
||||
email the results using this subject
|
||||
-A OUTGOING_ATTACHMENT, --outgoing-attachment OUTGOING_ATTACHMENT
|
||||
email the results using this filename
|
||||
-M OUTGOING_MESSAGE, --outgoing-message OUTGOING_MESSAGE
|
||||
email the results using this message
|
||||
-w, --watch use an IMAP IDLE connection to process reports as they
|
||||
arrive in the inbox
|
||||
--test do not move or delete IMAP messages
|
||||
-s, --silent only print errors and warnings
|
||||
--debug print debugging information
|
||||
--log-file LOG_FILE output logging to a file
|
||||
-v, --version show program's version number and exit
|
||||
|
||||
.. note::
|
||||
|
||||
In ``parsedmarc`` 6.0.0, most CLI options were moved to a configuration file, described below.
|
||||
|
||||
Configuration file
|
||||
==================
|
||||
|
||||
``parsedmarc`` can be configured by supplying the path to an INI file
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
parsedmarc -c /etc/parsedmarc.ini
|
||||
|
||||
For example
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
# This is an example comment
|
||||
|
||||
[general]
|
||||
save_aggregate = True
|
||||
save_forensic = True
|
||||
|
||||
[imap]
|
||||
host = imap.example.com
|
||||
user = dmarcresports@example.com
|
||||
password = $uperSecure
|
||||
watch = True
|
||||
|
||||
[elasticsearch]
|
||||
hosts = 127.0.0.1:9200
|
||||
ssl = False
|
||||
|
||||
[splunk_hec]
|
||||
url = https://splunkhec.example.com
|
||||
token = HECTokenGoesHere
|
||||
index = email
|
||||
|
||||
The full set of configuration options are:
|
||||
|
||||
- ``general``
|
||||
- ``save_aggregate`` - bool: Save aggregate report data to the Elasticsearch and/or Splunk
|
||||
- ``save_forensic`` - bool: Save forensic report data to the Elasticsearch and/or Splunk
|
||||
- ``strip_attachments_payloads`` - bool: Remove attachment payloads from results
|
||||
- ``output`` - str: Directory to place JSON and CSV files in
|
||||
- ``nameservers`` - str: A comma separated list of DNS resolvers (Default: Cloudflare's public resolvers)
|
||||
- ``dns_timeout`` - float: DNS timeout period
|
||||
- ``debug`` - bool: Print debugging messages
|
||||
- ``silent`` - bool: Only print errors (Default: True)
|
||||
- ``log_file`` - str: Write log messages to a file at this path
|
||||
- ``imap``
|
||||
- ``host`` - str: The IMAP server hostname or IP address
|
||||
- ``port`` - int: The IMAP server port (Default: 993)
|
||||
- ``ssl`` - bool: Use an encrypted SSL/TLS connection (Default: True)
|
||||
- ``skip_certificate_verification`` - bool: Skip certificate verification (not recommended)
|
||||
- ``user`` - str: The IMAP user
|
||||
- ``password`` - str: The IMAP password
|
||||
- ``reports_folder`` - str: The IMAP folder where the incoming reports can be found (Default: INBOX)
|
||||
- ``archive_folder`` - str: The IMAP folder to sort processed emails into (Default: Archive)
|
||||
- ``watch`` - bool: Use the IMAP ``IDLE`` command to process messages as they arrive
|
||||
- ``delete`` - bool: Delete messages after processing them, instead of archiving them
|
||||
- ``test`` - bool: Do not move or delete messages
|
||||
- ``elasticsearch``
|
||||
- ``hosts`` - str: A comma separated list of hostnames and ports or URLs (e.g. ``127.0.0.1:9200`` or https://user:secret@localhost:443)
|
||||
- ``ssl`` - bool: Use an encrypted SSL/TLS connection (Default: True)
|
||||
- ``cert_path`` - str: Path to a trusted certificates
|
||||
- ``index_suffix`` - str: A suffix to apply to the index names
|
||||
- ``monthly_indexes`` - bool: Use monthly indexes instead of daily indexes
|
||||
- ``splunk_hec``
|
||||
- ``url`` - str: The URL of the Splunk HTTP Events Collector (HEC)
|
||||
- ``token`` - str: The HEC token
|
||||
- ``index`` - str: The Splunk index to use
|
||||
- ``skip_certificate_verification`` - bool: Skip certificate verification (not recommended)
|
||||
- ``kafka``
|
||||
- ``hosts`` - str: A comma separated list of Kafka hosts
|
||||
- ``user`` - str: The Kafka user
|
||||
- ``passsword`` - str: The Kafka password
|
||||
- ``ssl`` - bool: Use an encrypted SSL/TLS connection (Default: True)
|
||||
- ``aggregate_topic`` - str: The Kafka topic for aggregate reports
|
||||
- ``forensic_topic`` - str: The Kafka topic for forensic reports
|
||||
- ``smtp``
|
||||
- ``host`` - str: The SMTP hostname
|
||||
- ``port`` - int: The SMTP port (Default: 25)
|
||||
- ``ssl`` - bool: Require SSL/TLS instead of using STARTTLS
|
||||
- ``user`` - str: the SMTP username
|
||||
- ``password`` - str: the SMTP password
|
||||
- ``from`` - str: The From header to use in the email
|
||||
- ``to`` - list: A list of email addresses to send to
|
||||
- ``subject`` - str: The Subject header to use in the email (Default: parsedmarc report)
|
||||
- ``attachment`` - str: The ZIP attachment filenames
|
||||
- ``message`` - str: The email message (Default: Please see the attached parsedmarc report.)
|
||||
|
||||
|
||||
.. warning::
|
||||
|
||||
``save_aggregate`` and ``save_forensic`` are separate options because
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.
|
||||
|
||||
Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organization.
|
||||
|
||||
Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.
|
||||
|
||||
An alternative approach is to still collect forensic/failure/ruf reports
|
||||
in your DMARC inbox, but run ``parsedmarc`` with ``save_forensic = True`` manually on a
|
||||
separate IMAP folder (using the ``reports_folder`` option), after you have manually
|
||||
moved known samples you want to save to that folder (e.g. malicious
|
||||
samples and non-sensitive legitimate samples).
|
||||
|
||||
Sample aggregate report output
|
||||
==============================
|
||||
|
||||
@@ -580,7 +600,7 @@ Install Java:
|
||||
|
||||
Configure Davmail by creating a ``davmail.properties`` file
|
||||
|
||||
::
|
||||
.. code-block:: properties
|
||||
|
||||
# DavMail settings, see http://davmail.sourceforge.net/ for documentation
|
||||
|
||||
@@ -714,7 +734,7 @@ For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
|
||||
sudo service elasticsearch start
|
||||
sudo service kibana start
|
||||
|
||||
Without the commercial X-Pack_, Kibana does not have any authentication
|
||||
Without the commercial X-Pack_ or ReadonlyREST_ products, Kibana does not have any authentication
|
||||
mechanism of its own. You can use nginx as a reverse proxy that provides basic
|
||||
authentication.
|
||||
|
||||
@@ -846,33 +866,6 @@ Restart nginx:
|
||||
Now that Elasticsearch is up and running, use ``parsedmarc`` to send data to
|
||||
it.
|
||||
|
||||
Om the same system as Elasticsearch, pass ``--save-aggregate`` and/or
|
||||
``--save-forensic`` to ``parsedmarc`` save the results in Elasticsearch.
|
||||
|
||||
.. warning::
|
||||
|
||||
``--save-aggregate`` and ``--save-forensic`` are separate options because
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.
|
||||
|
||||
Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organization.
|
||||
|
||||
Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.
|
||||
|
||||
An alternative approach is to still collect forensic/failure/ruf reports
|
||||
in your DMARC inbox, but run ``parsedmarc --save-forensic`` manually on a
|
||||
separate IMAP folder (using the ``-r`` option), after you have manually
|
||||
moved known samples you want to save to that folder (e.g. malicious
|
||||
samples and non-sensitive legitimate samples).
|
||||
|
||||
|
||||
|
||||
Download (right click the link and click save as) kibana_saved_objects.json_.
|
||||
|
||||
@@ -927,33 +920,9 @@ Splunk
|
||||
------
|
||||
|
||||
Starting in version 4.3.0 ``parsedmarc`` supports sending aggregate and/or
|
||||
forensic DMARC data to a Splunk `HTTP Event collector (HEC)`_. Simply use the
|
||||
following command line options, along with ``--save-aggregate`` and/or
|
||||
``--save-forensic``:
|
||||
forensic DMARC data to a Splunk `HTTP Event collector (HEC)`_.
|
||||
|
||||
|
||||
::
|
||||
|
||||
--hec HEC URL to a Splunk HTTP Event Collector (HEC)
|
||||
--hec-token HEC_TOKEN
|
||||
The authorization token for a Splunk HTTP Event
|
||||
Collector (HEC)
|
||||
--hec-index HEC_INDEX
|
||||
The index to use when sending events to the Splunk
|
||||
HTTP Event Collector (HEC)
|
||||
--hec-skip-certificate-verification
|
||||
Skip certificate verification for Splunk HEC
|
||||
|
||||
.. note::
|
||||
|
||||
To maintain CLI backwards compatibility with previous versions of
|
||||
``parsedmarc``, if ``--save-aggregate`` and/or ``--save-forensic`` are used
|
||||
without the ``--hec`` or ``-E`` options, ``-E localhost:9200`` is implied.
|
||||
|
||||
It is possible to save data in Elasticsearch and Splunk at the same time by
|
||||
supplying ``-E`` and the HEC options, along with ``--save-aggregate`` and/or
|
||||
``--save-forensic``.
|
||||
|
||||
The project repository contains `XML files`_ for premade Splunk dashboards for
|
||||
aggregate and forensic DMARC reports.
|
||||
|
||||
@@ -975,6 +944,13 @@ Running parsedmarc as a systemd service
|
||||
Use systemd to run ``parsedmarc`` as a service and process reports as they
|
||||
arrive.
|
||||
|
||||
|
||||
Create a system user
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
sudo useradd parsedmarc -r -s /bin/false
|
||||
|
||||
Create the service configuration file
|
||||
|
||||
.. code-block:: bash
|
||||
@@ -990,30 +966,15 @@ Create the service configuration file
|
||||
After=network.target network-online.target elasticsearch.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/parsedmarc --watch --silent --save-aggregate --save-forensic -H "outlook.office365.com" -u "dmarc@example.com" -p "FooBar!"
|
||||
ExecStart=/usr/local/bin/parsedmarc -c /etc/parsedmarc.ini
|
||||
User=parsedmarc
|
||||
Group=parsedmarc
|
||||
Restart=always
|
||||
RestartSec=5m
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Edit the command line options of ``parsedmarc`` in the service's ``ExecStart``
|
||||
setting to suit your needs.
|
||||
|
||||
.. note::
|
||||
|
||||
Always pass the ``--watch`` option to ``parsedmarc`` when running it as a
|
||||
service. Use ``--silent`` to only log errors.
|
||||
|
||||
.. warning::
|
||||
|
||||
As mentioned earlier, forensic/failure reports contain copies of emails
|
||||
that failed DMARC, including emails that may be legitimate and contain
|
||||
sensitive customer or business information. For privacy and/or regulatory
|
||||
reasons, you may not want to use the ``--save-forensic`` flag included in
|
||||
the example service configuration ``ExecStart`` setting, which would save
|
||||
these samples to Elasticsearch.
|
||||
|
||||
Then, enable the service
|
||||
|
||||
.. code-block:: bash
|
||||
@@ -1257,8 +1218,10 @@ Indices and tables
|
||||
|
||||
.. _X-Pack: https://www.elastic.co/products/x-pack
|
||||
|
||||
.. _ReadonlyREST: https://readonlyrest.com/
|
||||
|
||||
.. _kibana_saved_objects.json: https://raw.githubusercontent.com/domainaware/parsedmarc/master/kibana/kibana_saved_objects.json
|
||||
|
||||
.. _HTTP Event collector (HEC): http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC
|
||||
|
||||
.. _XML files: https://github.com/domainaware/parsedmarc/tree/master/splunk
|
||||
.. _XML files: https://github.com/domainaware/parsedmarc/tree/master/splunk
|
||||
|
||||
+12
-1
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* Sphinx stylesheet -- basic theme.
|
||||
*
|
||||
* :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
|
||||
* :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
|
||||
* :license: BSD, see LICENSE for details.
|
||||
*
|
||||
*/
|
||||
@@ -81,6 +81,10 @@ div.sphinxsidebar input {
|
||||
font-size: 1em;
|
||||
}
|
||||
|
||||
div.sphinxsidebar #searchbox form.search {
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
div.sphinxsidebar #searchbox input[type="text"] {
|
||||
float: left;
|
||||
width: 80%;
|
||||
@@ -427,6 +431,13 @@ table.field-list td, table.field-list th {
|
||||
hyphens: manual;
|
||||
}
|
||||
|
||||
/* -- hlist styles ---------------------------------------------------------- */
|
||||
|
||||
table.hlist td {
|
||||
vertical-align: top;
|
||||
}
|
||||
|
||||
|
||||
/* -- other body styles ----------------------------------------------------- */
|
||||
|
||||
ol.arabic {
|
||||
|
||||
File diff suppressed because one or more lines are too long
+5
-3
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* Sphinx JavaScript utilities for all documentation.
|
||||
*
|
||||
* :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
|
||||
* :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
|
||||
* :license: BSD, see LICENSE for details.
|
||||
*
|
||||
*/
|
||||
@@ -150,7 +150,9 @@ var Documentation = {
|
||||
this.fixFirefoxAnchorBug();
|
||||
this.highlightSearchWords();
|
||||
this.initIndexTable();
|
||||
|
||||
if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) {
|
||||
this.initOnKeyListeners();
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
@@ -310,4 +312,4 @@ _ = Documentation.gettext;
|
||||
|
||||
$(document).ready(function() {
|
||||
Documentation.init();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
|
||||
VERSION: '5.3.0',
|
||||
VERSION: '6.0.0',
|
||||
LANGUAGE: 'None',
|
||||
COLLAPSE_INDEX: false,
|
||||
FILE_SUFFIX: '.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
SOURCELINK_SUFFIX: '.txt',
|
||||
NAVIGATION_WITH_KEYS: false,
|
||||
};
|
||||
+3
-3
@@ -1,3 +1,3 @@
|
||||
/* sphinx_rtd_theme version 0.4.1 | MIT license */
|
||||
/* Built 20180727 10:07 */
|
||||
require=function n(e,i,t){function o(s,a){if(!i[s]){if(!e[s]){var l="function"==typeof require&&require;if(!a&&l)return l(s,!0);if(r)return r(s,!0);var c=new Error("Cannot find module '"+s+"'");throw c.code="MODULE_NOT_FOUND",c}var u=i[s]={exports:{}};e[s][0].call(u.exports,function(n){var i=e[s][1][n];return o(i||n)},u,u.exports,n,e,i,t)}return i[s].exports}for(var r="function"==typeof require&&require,s=0;s<t.length;s++)o(t[s]);return o}({"sphinx-rtd-theme":[function(n,e,i){var jQuery="undefined"!=typeof window?window.jQuery:n("jquery");e.exports.ThemeNav={navBar:null,win:null,winScroll:!1,winResize:!1,linkScroll:!1,winPosition:0,winHeight:null,docHeight:null,isRunning:!1,enable:function(n){var e=this;void 0===n&&(n=!0),e.isRunning||(e.isRunning=!0,jQuery(function(i){e.init(i),e.reset(),e.win.on("hashchange",e.reset),n&&e.win.on("scroll",function(){e.linkScroll||e.winScroll||(e.winScroll=!0,requestAnimationFrame(function(){e.onScroll()}))}),e.win.on("resize",function(){e.winResize||(e.winResize=!0,requestAnimationFrame(function(){e.onResize()}))}),e.onResize()}))},enableSticky:function(){this.enable(!0)},init:function(n){n(document);var e=this;this.navBar=n("div.wy-side-scroll:first"),this.win=n(window),n(document).on("click","[data-toggle='wy-nav-top']",function(){n("[data-toggle='wy-nav-shift']").toggleClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift")}).on("click",".wy-menu-vertical .current ul li a",function(){var i=n(this);n("[data-toggle='wy-nav-shift']").removeClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift"),e.toggleCurrent(i),e.hashChange()}).on("click","[data-toggle='rst-current-version']",function(){n("[data-toggle='rst-versions']").toggleClass("shift-up")}),n("table.docutils:not(.field-list,.footnote,.citation)").wrap("<div class='wy-table-responsive'></div>"),n("table.docutils.footnote").wrap("<div class='wy-table-responsive footnote'></div>"),n("table.docutils.citation").wrap("<div class='wy-table-responsive citation'></div>"),n(".wy-menu-vertical ul").not(".simple").siblings("a").each(function(){var i=n(this);expand=n('<span class="toctree-expand"></span>'),expand.on("click",function(n){return e.toggleCurrent(i),n.stopPropagation(),!1}),i.prepend(expand)})},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),i=e.find('[href="'+n+'"]');if(0===i.length){var t=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(i=e.find('[href="#'+t.attr("id")+'"]')).length&&(i=e.find('[href="#"]'))}i.length>0&&($(".wy-menu-vertical .current").removeClass("current"),i.addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l1").parent().addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l2").addClass("current"),i.closest("li.toctree-l3").addClass("current"),i.closest("li.toctree-l4").addClass("current"))}catch(o){console.log("Error expanding nav for anchor",o)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,i=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(i),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",function(){this.linkScroll=!1})},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current"),e.siblings().find("li.current").removeClass("current"),e.find("> ul li.current").removeClass("current"),e.toggleClass("current")}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:e.exports.ThemeNav,StickyNav:e.exports.ThemeNav}),function(){for(var n=0,e=["ms","moz","webkit","o"],i=0;i<e.length&&!window.requestAnimationFrame;++i)window.requestAnimationFrame=window[e[i]+"RequestAnimationFrame"],window.cancelAnimationFrame=window[e[i]+"CancelAnimationFrame"]||window[e[i]+"CancelRequestAnimationFrame"];window.requestAnimationFrame||(window.requestAnimationFrame=function(e,i){var t=(new Date).getTime(),o=Math.max(0,16-(t-n)),r=window.setTimeout(function(){e(t+o)},o);return n=t+o,r}),window.cancelAnimationFrame||(window.cancelAnimationFrame=function(n){clearTimeout(n)})}()},{jquery:"jquery"}]},{},["sphinx-rtd-theme"]);
|
||||
/* sphinx_rtd_theme version 0.4.2 | MIT license */
|
||||
/* Built 20181005 13:10 */
|
||||
require=function r(s,a,l){function c(e,n){if(!a[e]){if(!s[e]){var i="function"==typeof require&&require;if(!n&&i)return i(e,!0);if(u)return u(e,!0);var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}var o=a[e]={exports:{}};s[e][0].call(o.exports,function(n){return c(s[e][1][n]||n)},o,o.exports,r,s,a,l)}return a[e].exports}for(var u="function"==typeof require&&require,n=0;n<l.length;n++)c(l[n]);return c}({"sphinx-rtd-theme":[function(n,e,i){var jQuery="undefined"!=typeof window?window.jQuery:n("jquery");e.exports.ThemeNav={navBar:null,win:null,winScroll:!1,winResize:!1,linkScroll:!1,winPosition:0,winHeight:null,docHeight:null,isRunning:!1,enable:function(e){var i=this;void 0===e&&(e=!0),i.isRunning||(i.isRunning=!0,jQuery(function(n){i.init(n),i.reset(),i.win.on("hashchange",i.reset),e&&i.win.on("scroll",function(){i.linkScroll||i.winScroll||(i.winScroll=!0,requestAnimationFrame(function(){i.onScroll()}))}),i.win.on("resize",function(){i.winResize||(i.winResize=!0,requestAnimationFrame(function(){i.onResize()}))}),i.onResize()}))},enableSticky:function(){this.enable(!0)},init:function(i){i(document);var t=this;this.navBar=i("div.wy-side-scroll:first"),this.win=i(window),i(document).on("click","[data-toggle='wy-nav-top']",function(){i("[data-toggle='wy-nav-shift']").toggleClass("shift"),i("[data-toggle='rst-versions']").toggleClass("shift")}).on("click",".wy-menu-vertical .current ul li a",function(){var n=i(this);i("[data-toggle='wy-nav-shift']").removeClass("shift"),i("[data-toggle='rst-versions']").toggleClass("shift"),t.toggleCurrent(n),t.hashChange()}).on("click","[data-toggle='rst-current-version']",function(){i("[data-toggle='rst-versions']").toggleClass("shift-up")}),i("table.docutils:not(.field-list,.footnote,.citation)").wrap("<div class='wy-table-responsive'></div>"),i("table.docutils.footnote").wrap("<div class='wy-table-responsive footnote'></div>"),i("table.docutils.citation").wrap("<div class='wy-table-responsive citation'></div>"),i(".wy-menu-vertical ul").not(".simple").siblings("a").each(function(){var e=i(this);expand=i('<span class="toctree-expand"></span>'),expand.on("click",function(n){return t.toggleCurrent(e),n.stopPropagation(),!1}),e.prepend(expand)})},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),i=e.find('[href="'+n+'"]');if(0===i.length){var t=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(i=e.find('[href="#'+t.attr("id")+'"]')).length&&(i=e.find('[href="#"]'))}0<i.length&&($(".wy-menu-vertical .current").removeClass("current"),i.addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l1").parent().addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l2").addClass("current"),i.closest("li.toctree-l3").addClass("current"),i.closest("li.toctree-l4").addClass("current"))}catch(o){console.log("Error expanding nav for anchor",o)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,i=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(i),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",function(){this.linkScroll=!1})},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current"),e.siblings().find("li.current").removeClass("current"),e.find("> ul li.current").removeClass("current"),e.toggleClass("current")}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:e.exports.ThemeNav,StickyNav:e.exports.ThemeNav}),function(){for(var r=0,n=["ms","moz","webkit","o"],e=0;e<n.length&&!window.requestAnimationFrame;++e)window.requestAnimationFrame=window[n[e]+"RequestAnimationFrame"],window.cancelAnimationFrame=window[n[e]+"CancelAnimationFrame"]||window[n[e]+"CancelRequestAnimationFrame"];window.requestAnimationFrame||(window.requestAnimationFrame=function(n,e){var i=(new Date).getTime(),t=Math.max(0,16-(i-r)),o=window.setTimeout(function(){n(i+t)},t);return r=i+t,o}),window.cancelAnimationFrame||(window.cancelAnimationFrame=function(n){clearTimeout(n)})}()},{jquery:"jquery"}]},{},["sphinx-rtd-theme"]);
|
||||
@@ -5,7 +5,7 @@
|
||||
* This script contains the language-specific data used by searchtools.js,
|
||||
* namely the list of stopwords, stemmer, scorer and splitter.
|
||||
*
|
||||
* :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
|
||||
* :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
|
||||
* :license: BSD, see LICENSE for details.
|
||||
*
|
||||
*/
|
||||
|
||||
+34
-314
@@ -1,331 +1,52 @@
|
||||
/*
|
||||
* searchtools.js_t
|
||||
* searchtools.js
|
||||
* ~~~~~~~~~~~~~~~~
|
||||
*
|
||||
* Sphinx JavaScript utilities for the full-text search.
|
||||
*
|
||||
* :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
|
||||
* :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
|
||||
* :license: BSD, see LICENSE for details.
|
||||
*
|
||||
*/
|
||||
|
||||
if (!Scorer) {
|
||||
/**
|
||||
* Simple result scoring code.
|
||||
*/
|
||||
var Scorer = {
|
||||
// Implement the following function to further tweak the score for each result
|
||||
// The function takes a result array [filename, title, anchor, descr, score]
|
||||
// and returns the new score.
|
||||
/*
|
||||
score: function(result) {
|
||||
return result[4];
|
||||
},
|
||||
*/
|
||||
|
||||
/* Non-minified version JS is _stemmer.js if file is provided */
|
||||
/**
|
||||
* Porter Stemmer
|
||||
*/
|
||||
var Stemmer = function() {
|
||||
// query matches the full name of an object
|
||||
objNameMatch: 11,
|
||||
// or matches in the last dotted part of the object name
|
||||
objPartialMatch: 6,
|
||||
// Additive scores depending on the priority of the object
|
||||
objPrio: {0: 15, // used to be importantResults
|
||||
1: 5, // used to be objectResults
|
||||
2: -5}, // used to be unimportantResults
|
||||
// Used when the priority is not in the mapping.
|
||||
objPrioDefault: 0,
|
||||
|
||||
var step2list = {
|
||||
ational: 'ate',
|
||||
tional: 'tion',
|
||||
enci: 'ence',
|
||||
anci: 'ance',
|
||||
izer: 'ize',
|
||||
bli: 'ble',
|
||||
alli: 'al',
|
||||
entli: 'ent',
|
||||
eli: 'e',
|
||||
ousli: 'ous',
|
||||
ization: 'ize',
|
||||
ation: 'ate',
|
||||
ator: 'ate',
|
||||
alism: 'al',
|
||||
iveness: 'ive',
|
||||
fulness: 'ful',
|
||||
ousness: 'ous',
|
||||
aliti: 'al',
|
||||
iviti: 'ive',
|
||||
biliti: 'ble',
|
||||
logi: 'log'
|
||||
// query found in title
|
||||
title: 15,
|
||||
// query found in terms
|
||||
term: 5
|
||||
};
|
||||
}
|
||||
|
||||
var step3list = {
|
||||
icate: 'ic',
|
||||
ative: '',
|
||||
alize: 'al',
|
||||
iciti: 'ic',
|
||||
ical: 'ic',
|
||||
ful: '',
|
||||
ness: ''
|
||||
};
|
||||
|
||||
var c = "[^aeiou]"; // consonant
|
||||
var v = "[aeiouy]"; // vowel
|
||||
var C = c + "[^aeiouy]*"; // consonant sequence
|
||||
var V = v + "[aeiou]*"; // vowel sequence
|
||||
|
||||
var mgr0 = "^(" + C + ")?" + V + C; // [C]VC... is m>0
|
||||
var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$"; // [C]VC[V] is m=1
|
||||
var mgr1 = "^(" + C + ")?" + V + C + V + C; // [C]VCVC... is m>1
|
||||
var s_v = "^(" + C + ")?" + v; // vowel in stem
|
||||
|
||||
this.stemWord = function (w) {
|
||||
var stem;
|
||||
var suffix;
|
||||
var firstch;
|
||||
var origword = w;
|
||||
|
||||
if (w.length < 3)
|
||||
return w;
|
||||
|
||||
var re;
|
||||
var re2;
|
||||
var re3;
|
||||
var re4;
|
||||
|
||||
firstch = w.substr(0,1);
|
||||
if (firstch == "y")
|
||||
w = firstch.toUpperCase() + w.substr(1);
|
||||
|
||||
// Step 1a
|
||||
re = /^(.+?)(ss|i)es$/;
|
||||
re2 = /^(.+?)([^s])s$/;
|
||||
|
||||
if (re.test(w))
|
||||
w = w.replace(re,"$1$2");
|
||||
else if (re2.test(w))
|
||||
w = w.replace(re2,"$1$2");
|
||||
|
||||
// Step 1b
|
||||
re = /^(.+?)eed$/;
|
||||
re2 = /^(.+?)(ed|ing)$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
re = new RegExp(mgr0);
|
||||
if (re.test(fp[1])) {
|
||||
re = /.$/;
|
||||
w = w.replace(re,"");
|
||||
}
|
||||
}
|
||||
else if (re2.test(w)) {
|
||||
var fp = re2.exec(w);
|
||||
stem = fp[1];
|
||||
re2 = new RegExp(s_v);
|
||||
if (re2.test(stem)) {
|
||||
w = stem;
|
||||
re2 = /(at|bl|iz)$/;
|
||||
re3 = new RegExp("([^aeiouylsz])\\1$");
|
||||
re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
|
||||
if (re2.test(w))
|
||||
w = w + "e";
|
||||
else if (re3.test(w)) {
|
||||
re = /.$/;
|
||||
w = w.replace(re,"");
|
||||
}
|
||||
else if (re4.test(w))
|
||||
w = w + "e";
|
||||
}
|
||||
}
|
||||
|
||||
// Step 1c
|
||||
re = /^(.+?)y$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
stem = fp[1];
|
||||
re = new RegExp(s_v);
|
||||
if (re.test(stem))
|
||||
w = stem + "i";
|
||||
}
|
||||
|
||||
// Step 2
|
||||
re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
stem = fp[1];
|
||||
suffix = fp[2];
|
||||
re = new RegExp(mgr0);
|
||||
if (re.test(stem))
|
||||
w = stem + step2list[suffix];
|
||||
}
|
||||
|
||||
// Step 3
|
||||
re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
stem = fp[1];
|
||||
suffix = fp[2];
|
||||
re = new RegExp(mgr0);
|
||||
if (re.test(stem))
|
||||
w = stem + step3list[suffix];
|
||||
}
|
||||
|
||||
// Step 4
|
||||
re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
|
||||
re2 = /^(.+?)(s|t)(ion)$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
stem = fp[1];
|
||||
re = new RegExp(mgr1);
|
||||
if (re.test(stem))
|
||||
w = stem;
|
||||
}
|
||||
else if (re2.test(w)) {
|
||||
var fp = re2.exec(w);
|
||||
stem = fp[1] + fp[2];
|
||||
re2 = new RegExp(mgr1);
|
||||
if (re2.test(stem))
|
||||
w = stem;
|
||||
}
|
||||
|
||||
// Step 5
|
||||
re = /^(.+?)e$/;
|
||||
if (re.test(w)) {
|
||||
var fp = re.exec(w);
|
||||
stem = fp[1];
|
||||
re = new RegExp(mgr1);
|
||||
re2 = new RegExp(meq1);
|
||||
re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
|
||||
if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
|
||||
w = stem;
|
||||
}
|
||||
re = /ll$/;
|
||||
re2 = new RegExp(mgr1);
|
||||
if (re.test(w) && re2.test(w)) {
|
||||
re = /.$/;
|
||||
w = w.replace(re,"");
|
||||
}
|
||||
|
||||
// and turn initial Y back to y
|
||||
if (firstch == "y")
|
||||
w = firstch.toLowerCase() + w.substr(1);
|
||||
return w;
|
||||
if (!splitQuery) {
|
||||
function splitQuery(query) {
|
||||
return query.split(/\s+/);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Simple result scoring code.
|
||||
*/
|
||||
var Scorer = {
|
||||
// Implement the following function to further tweak the score for each result
|
||||
// The function takes a result array [filename, title, anchor, descr, score]
|
||||
// and returns the new score.
|
||||
/*
|
||||
score: function(result) {
|
||||
return result[4];
|
||||
},
|
||||
*/
|
||||
|
||||
// query matches the full name of an object
|
||||
objNameMatch: 11,
|
||||
// or matches in the last dotted part of the object name
|
||||
objPartialMatch: 6,
|
||||
// Additive scores depending on the priority of the object
|
||||
objPrio: {0: 15, // used to be importantResults
|
||||
1: 5, // used to be objectResults
|
||||
2: -5}, // used to be unimportantResults
|
||||
// Used when the priority is not in the mapping.
|
||||
objPrioDefault: 0,
|
||||
|
||||
// query found in title
|
||||
title: 15,
|
||||
// query found in terms
|
||||
term: 5
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
var splitChars = (function() {
|
||||
var result = {};
|
||||
var singles = [96, 180, 187, 191, 215, 247, 749, 885, 903, 907, 909, 930, 1014, 1648,
|
||||
1748, 1809, 2416, 2473, 2481, 2526, 2601, 2609, 2612, 2615, 2653, 2702,
|
||||
2706, 2729, 2737, 2740, 2857, 2865, 2868, 2910, 2928, 2948, 2961, 2971,
|
||||
2973, 3085, 3089, 3113, 3124, 3213, 3217, 3241, 3252, 3295, 3341, 3345,
|
||||
3369, 3506, 3516, 3633, 3715, 3721, 3736, 3744, 3748, 3750, 3756, 3761,
|
||||
3781, 3912, 4239, 4347, 4681, 4695, 4697, 4745, 4785, 4799, 4801, 4823,
|
||||
4881, 5760, 5901, 5997, 6313, 7405, 8024, 8026, 8028, 8030, 8117, 8125,
|
||||
8133, 8181, 8468, 8485, 8487, 8489, 8494, 8527, 11311, 11359, 11687, 11695,
|
||||
11703, 11711, 11719, 11727, 11735, 12448, 12539, 43010, 43014, 43019, 43587,
|
||||
43696, 43713, 64286, 64297, 64311, 64317, 64319, 64322, 64325, 65141];
|
||||
var i, j, start, end;
|
||||
for (i = 0; i < singles.length; i++) {
|
||||
result[singles[i]] = true;
|
||||
}
|
||||
var ranges = [[0, 47], [58, 64], [91, 94], [123, 169], [171, 177], [182, 184], [706, 709],
|
||||
[722, 735], [741, 747], [751, 879], [888, 889], [894, 901], [1154, 1161],
|
||||
[1318, 1328], [1367, 1368], [1370, 1376], [1416, 1487], [1515, 1519], [1523, 1568],
|
||||
[1611, 1631], [1642, 1645], [1750, 1764], [1767, 1773], [1789, 1790], [1792, 1807],
|
||||
[1840, 1868], [1958, 1968], [1970, 1983], [2027, 2035], [2038, 2041], [2043, 2047],
|
||||
[2070, 2073], [2075, 2083], [2085, 2087], [2089, 2307], [2362, 2364], [2366, 2383],
|
||||
[2385, 2391], [2402, 2405], [2419, 2424], [2432, 2436], [2445, 2446], [2449, 2450],
|
||||
[2483, 2485], [2490, 2492], [2494, 2509], [2511, 2523], [2530, 2533], [2546, 2547],
|
||||
[2554, 2564], [2571, 2574], [2577, 2578], [2618, 2648], [2655, 2661], [2672, 2673],
|
||||
[2677, 2692], [2746, 2748], [2750, 2767], [2769, 2783], [2786, 2789], [2800, 2820],
|
||||
[2829, 2830], [2833, 2834], [2874, 2876], [2878, 2907], [2914, 2917], [2930, 2946],
|
||||
[2955, 2957], [2966, 2968], [2976, 2978], [2981, 2983], [2987, 2989], [3002, 3023],
|
||||
[3025, 3045], [3059, 3076], [3130, 3132], [3134, 3159], [3162, 3167], [3170, 3173],
|
||||
[3184, 3191], [3199, 3204], [3258, 3260], [3262, 3293], [3298, 3301], [3312, 3332],
|
||||
[3386, 3388], [3390, 3423], [3426, 3429], [3446, 3449], [3456, 3460], [3479, 3481],
|
||||
[3518, 3519], [3527, 3584], [3636, 3647], [3655, 3663], [3674, 3712], [3717, 3718],
|
||||
[3723, 3724], [3726, 3731], [3752, 3753], [3764, 3772], [3774, 3775], [3783, 3791],
|
||||
[3802, 3803], [3806, 3839], [3841, 3871], [3892, 3903], [3949, 3975], [3980, 4095],
|
||||
[4139, 4158], [4170, 4175], [4182, 4185], [4190, 4192], [4194, 4196], [4199, 4205],
|
||||
[4209, 4212], [4226, 4237], [4250, 4255], [4294, 4303], [4349, 4351], [4686, 4687],
|
||||
[4702, 4703], [4750, 4751], [4790, 4791], [4806, 4807], [4886, 4887], [4955, 4968],
|
||||
[4989, 4991], [5008, 5023], [5109, 5120], [5741, 5742], [5787, 5791], [5867, 5869],
|
||||
[5873, 5887], [5906, 5919], [5938, 5951], [5970, 5983], [6001, 6015], [6068, 6102],
|
||||
[6104, 6107], [6109, 6111], [6122, 6127], [6138, 6159], [6170, 6175], [6264, 6271],
|
||||
[6315, 6319], [6390, 6399], [6429, 6469], [6510, 6511], [6517, 6527], [6572, 6592],
|
||||
[6600, 6607], [6619, 6655], [6679, 6687], [6741, 6783], [6794, 6799], [6810, 6822],
|
||||
[6824, 6916], [6964, 6980], [6988, 6991], [7002, 7042], [7073, 7085], [7098, 7167],
|
||||
[7204, 7231], [7242, 7244], [7294, 7400], [7410, 7423], [7616, 7679], [7958, 7959],
|
||||
[7966, 7967], [8006, 8007], [8014, 8015], [8062, 8063], [8127, 8129], [8141, 8143],
|
||||
[8148, 8149], [8156, 8159], [8173, 8177], [8189, 8303], [8306, 8307], [8314, 8318],
|
||||
[8330, 8335], [8341, 8449], [8451, 8454], [8456, 8457], [8470, 8472], [8478, 8483],
|
||||
[8506, 8507], [8512, 8516], [8522, 8525], [8586, 9311], [9372, 9449], [9472, 10101],
|
||||
[10132, 11263], [11493, 11498], [11503, 11516], [11518, 11519], [11558, 11567],
|
||||
[11622, 11630], [11632, 11647], [11671, 11679], [11743, 11822], [11824, 12292],
|
||||
[12296, 12320], [12330, 12336], [12342, 12343], [12349, 12352], [12439, 12444],
|
||||
[12544, 12548], [12590, 12592], [12687, 12689], [12694, 12703], [12728, 12783],
|
||||
[12800, 12831], [12842, 12880], [12896, 12927], [12938, 12976], [12992, 13311],
|
||||
[19894, 19967], [40908, 40959], [42125, 42191], [42238, 42239], [42509, 42511],
|
||||
[42540, 42559], [42592, 42593], [42607, 42622], [42648, 42655], [42736, 42774],
|
||||
[42784, 42785], [42889, 42890], [42893, 43002], [43043, 43055], [43062, 43071],
|
||||
[43124, 43137], [43188, 43215], [43226, 43249], [43256, 43258], [43260, 43263],
|
||||
[43302, 43311], [43335, 43359], [43389, 43395], [43443, 43470], [43482, 43519],
|
||||
[43561, 43583], [43596, 43599], [43610, 43615], [43639, 43641], [43643, 43647],
|
||||
[43698, 43700], [43703, 43704], [43710, 43711], [43715, 43738], [43742, 43967],
|
||||
[44003, 44015], [44026, 44031], [55204, 55215], [55239, 55242], [55292, 55295],
|
||||
[57344, 63743], [64046, 64047], [64110, 64111], [64218, 64255], [64263, 64274],
|
||||
[64280, 64284], [64434, 64466], [64830, 64847], [64912, 64913], [64968, 65007],
|
||||
[65020, 65135], [65277, 65295], [65306, 65312], [65339, 65344], [65371, 65381],
|
||||
[65471, 65473], [65480, 65481], [65488, 65489], [65496, 65497]];
|
||||
for (i = 0; i < ranges.length; i++) {
|
||||
start = ranges[i][0];
|
||||
end = ranges[i][1];
|
||||
for (j = start; j <= end; j++) {
|
||||
result[j] = true;
|
||||
}
|
||||
}
|
||||
return result;
|
||||
})();
|
||||
|
||||
function splitQuery(query) {
|
||||
var result = [];
|
||||
var start = -1;
|
||||
for (var i = 0; i < query.length; i++) {
|
||||
if (splitChars[query.charCodeAt(i)]) {
|
||||
if (start !== -1) {
|
||||
result.push(query.slice(start, i));
|
||||
start = -1;
|
||||
}
|
||||
} else if (start === -1) {
|
||||
start = i;
|
||||
}
|
||||
}
|
||||
if (start !== -1) {
|
||||
result.push(query.slice(start));
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Search Module
|
||||
*/
|
||||
@@ -417,7 +138,6 @@ var Search = {
|
||||
*/
|
||||
query : function(query) {
|
||||
var i;
|
||||
var stopwords = ["a","and","are","as","at","be","but","by","for","if","in","into","is","it","near","no","not","of","on","or","such","that","the","their","then","there","these","they","this","to","was","will","with"];
|
||||
|
||||
// stem the searchterms and add them to the correct list
|
||||
var stemmer = new Stemmer();
|
||||
@@ -758,4 +478,4 @@ var Search = {
|
||||
|
||||
$(document).ready(function() {
|
||||
Search.init();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* sphinx.websupport utilities for all documentation.
|
||||
*
|
||||
* :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
|
||||
* :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
|
||||
* :license: BSD, see LICENSE for details.
|
||||
*
|
||||
*/
|
||||
|
||||
+11
-17
@@ -9,7 +9,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Index — parsedmarc 5.3.0 documentation</title>
|
||||
<title>Index — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -57,7 +57,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -368,7 +368,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -387,20 +387,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'./',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+225
-236
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 5.3.0 documentation</title>
|
||||
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -91,6 +91,7 @@
|
||||
</ul>
|
||||
</li>
|
||||
<li><a class="reference internal" href="#cli-help">CLI help</a></li>
|
||||
<li><a class="reference internal" href="#configuration-file">Configuration file</a></li>
|
||||
<li><a class="reference internal" href="#sample-aggregate-report-output">Sample aggregate report output</a><ul>
|
||||
<li><a class="reference internal" href="#json">JSON</a></li>
|
||||
<li><a class="reference internal" href="#csv">CSV</a></li>
|
||||
@@ -206,7 +207,8 @@
|
||||
<p><code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> is a Python module and CLI utility for parsing DMARC reports.
|
||||
When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted
|
||||
open source alternative to commercial DMARC report processing services such
|
||||
as Agari, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense.</p>
|
||||
as Agari Brand Protection, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense,
|
||||
and Valimail.</p>
|
||||
<div class="section" id="features">
|
||||
<h2>Features<a class="headerlink" href="#features" title="Permalink to this headline">¶</a></h2>
|
||||
<ul class="simple">
|
||||
@@ -244,30 +246,9 @@ lookalike domain monitoring, check out <a class="reference external" href="https
|
||||
</div>
|
||||
<div class="section" id="cli-help">
|
||||
<h2>CLI help<a class="headerlink" href="#cli-help" title="Permalink to this headline">¶</a></h2>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">usage</span><span class="p">:</span> <span class="n">parsedmarc</span> <span class="p">[</span><span class="o">-</span><span class="n">h</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">strip</span><span class="o">-</span><span class="n">attachment</span><span class="o">-</span><span class="n">payloads</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">o</span> <span class="n">OUTPUT</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">n</span> <span class="n">NAMESERVERS</span> <span class="p">[</span><span class="n">NAMESERVERS</span> <span class="o">...</span><span class="p">]]</span> <span class="p">[</span><span class="o">-</span><span class="n">t</span> <span class="n">TIMEOUT</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">H</span> <span class="n">HOST</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">u</span> <span class="n">USER</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">p</span> <span class="n">PASSWORD</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">port</span> <span class="n">IMAP_PORT</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">skip</span><span class="o">-</span><span class="n">certificate</span><span class="o">-</span><span class="n">verification</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">no</span><span class="o">-</span><span class="n">ssl</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">r</span> <span class="n">REPORTS_FOLDER</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">a</span> <span class="n">ARCHIVE_FOLDER</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">d</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">E</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="o">...</span><span class="p">]]]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">index</span><span class="o">-</span><span class="n">suffix</span> <span class="n">ELASTICSEARCH_INDEX_SUFFIX</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">use</span><span class="o">-</span><span class="n">ssl</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">ssl</span><span class="o">-</span><span class="n">cert</span><span class="o">-</span><span class="n">path</span> <span class="n">ELASTICSEARCH_SSL_CERT_PATH</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">monthly</span><span class="o">-</span><span class="n">indexes</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">hec</span> <span class="n">HEC</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">token</span> <span class="n">HEC_TOKEN</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">index</span> <span class="n">HEC_INDEX</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">skip</span><span class="o">-</span><span class="n">certificate</span><span class="o">-</span><span class="n">verification</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">K</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="o">...</span><span class="p">]]]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">username</span> <span class="n">KAFKA_USERNAME</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">password</span> <span class="n">KAFKA_PASSWORD</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">use</span><span class="o">-</span><span class="n">ssl</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">aggregate</span><span class="o">-</span><span class="n">topic</span> <span class="n">KAFKA_AGGREGATE_TOPIC</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">forensic_topic</span> <span class="n">KAFKA_FORENSIC_TOPIC</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">save</span><span class="o">-</span><span class="n">aggregate</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">save</span><span class="o">-</span><span class="n">forensic</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">O</span> <span class="n">OUTGOING_HOST</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">U</span> <span class="n">OUTGOING_USER</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">P</span> <span class="n">OUTGOING_PASSWORD</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">port</span> <span class="n">OUTGOING_PORT</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">ssl</span> <span class="n">OUTGOING_SSL</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">F</span> <span class="n">OUTGOING_FROM</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">T</span> <span class="n">OUTGOING_TO</span> <span class="p">[</span><span class="n">OUTGOING_TO</span> <span class="o">...</span><span class="p">]]</span> <span class="p">[</span><span class="o">-</span><span class="n">S</span> <span class="n">OUTGOING_SUBJECT</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">A</span> <span class="n">OUTGOING_ATTACHMENT</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">M</span> <span class="n">OUTGOING_MESSAGE</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">w</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">test</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">s</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">debug</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">log</span><span class="o">-</span><span class="n">file</span> <span class="n">LOG_FILE</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">v</span><span class="p">]</span>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">usage</span><span class="p">:</span> <span class="n">parsedmarc</span> <span class="p">[</span><span class="o">-</span><span class="n">h</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">c</span> <span class="n">CONFIG_FILE</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">strip</span><span class="o">-</span><span class="n">attachment</span><span class="o">-</span><span class="n">payloads</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">o</span> <span class="n">OUTPUT</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">n</span> <span class="n">NAMESERVERS</span> <span class="p">[</span><span class="n">NAMESERVERS</span> <span class="o">...</span><span class="p">]]</span>
|
||||
<span class="p">[</span><span class="o">-</span><span class="n">t</span> <span class="n">DNS_TIMEOUT</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">s</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">debug</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="n">log</span><span class="o">-</span><span class="n">file</span> <span class="n">LOG_FILE</span><span class="p">]</span> <span class="p">[</span><span class="o">-</span><span class="n">v</span><span class="p">]</span>
|
||||
<span class="p">[</span><span class="n">file_path</span> <span class="p">[</span><span class="n">file_path</span> <span class="o">...</span><span class="p">]]</span>
|
||||
|
||||
<span class="n">Parses</span> <span class="n">DMARC</span> <span class="n">reports</span>
|
||||
@@ -278,6 +259,8 @@ lookalike domain monitoring, check out <a class="reference external" href="https
|
||||
|
||||
<span class="n">optional</span> <span class="n">arguments</span><span class="p">:</span>
|
||||
<span class="o">-</span><span class="n">h</span><span class="p">,</span> <span class="o">--</span><span class="n">help</span> <span class="n">show</span> <span class="n">this</span> <span class="n">help</span> <span class="n">message</span> <span class="ow">and</span> <span class="n">exit</span>
|
||||
<span class="o">-</span><span class="n">c</span> <span class="n">CONFIG_FILE</span><span class="p">,</span> <span class="o">--</span><span class="n">config</span><span class="o">-</span><span class="n">file</span> <span class="n">CONFIG_FILE</span>
|
||||
<span class="n">A</span> <span class="n">path</span> <span class="n">to</span> <span class="n">a</span> <span class="n">configuration</span> <span class="n">file</span> <span class="p">(</span><span class="o">--</span><span class="n">silent</span> <span class="n">implied</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">strip</span><span class="o">-</span><span class="n">attachment</span><span class="o">-</span><span class="n">payloads</span>
|
||||
<span class="n">remove</span> <span class="n">attachment</span> <span class="n">payloads</span> <span class="kn">from</span> <span class="nn">forensic</span> <span class="n">report</span> <span class="n">output</span>
|
||||
<span class="o">-</span><span class="n">o</span> <span class="n">OUTPUT</span><span class="p">,</span> <span class="o">--</span><span class="n">output</span> <span class="n">OUTPUT</span>
|
||||
@@ -285,93 +268,161 @@ lookalike domain monitoring, check out <a class="reference external" href="https
|
||||
<span class="o">-</span><span class="n">n</span> <span class="n">NAMESERVERS</span> <span class="p">[</span><span class="n">NAMESERVERS</span> <span class="o">...</span><span class="p">],</span> <span class="o">--</span><span class="n">nameservers</span> <span class="n">NAMESERVERS</span> <span class="p">[</span><span class="n">NAMESERVERS</span> <span class="o">...</span><span class="p">]</span>
|
||||
<span class="n">nameservers</span> <span class="n">to</span> <span class="n">query</span> <span class="p">(</span><span class="n">default</span> <span class="ow">is</span> <span class="n">Cloudflare</span><span class="s1">'s</span>
|
||||
<span class="n">nameservers</span><span class="p">)</span>
|
||||
<span class="o">-</span><span class="n">t</span> <span class="n">TIMEOUT</span><span class="p">,</span> <span class="o">--</span><span class="n">timeout</span> <span class="n">TIMEOUT</span>
|
||||
<span class="o">-</span><span class="n">t</span> <span class="n">DNS_TIMEOUT</span><span class="p">,</span> <span class="o">--</span><span class="n">dns_timeout</span> <span class="n">DNS_TIMEOUT</span>
|
||||
<span class="n">number</span> <span class="n">of</span> <span class="n">seconds</span> <span class="n">to</span> <span class="n">wait</span> <span class="k">for</span> <span class="n">an</span> <span class="n">answer</span> <span class="kn">from</span> <span class="nn">DNS</span>
|
||||
<span class="p">(</span><span class="n">default</span><span class="p">:</span> <span class="mf">6.0</span><span class="p">)</span>
|
||||
<span class="o">-</span><span class="n">H</span> <span class="n">HOST</span><span class="p">,</span> <span class="o">--</span><span class="n">host</span> <span class="n">HOST</span> <span class="n">an</span> <span class="n">IMAP</span> <span class="n">hostname</span> <span class="ow">or</span> <span class="n">IP</span> <span class="n">address</span>
|
||||
<span class="o">-</span><span class="n">u</span> <span class="n">USER</span><span class="p">,</span> <span class="o">--</span><span class="n">user</span> <span class="n">USER</span> <span class="n">an</span> <span class="n">IMAP</span> <span class="n">user</span>
|
||||
<span class="o">-</span><span class="n">p</span> <span class="n">PASSWORD</span><span class="p">,</span> <span class="o">--</span><span class="n">password</span> <span class="n">PASSWORD</span>
|
||||
<span class="n">an</span> <span class="n">IMAP</span> <span class="n">password</span>
|
||||
<span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">port</span> <span class="n">IMAP_PORT</span>
|
||||
<span class="n">an</span> <span class="n">IMAP</span> <span class="n">port</span>
|
||||
<span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">skip</span><span class="o">-</span><span class="n">certificate</span><span class="o">-</span><span class="n">verification</span>
|
||||
<span class="n">skip</span> <span class="n">certificate</span> <span class="n">verification</span> <span class="k">for</span> <span class="n">IMAP</span>
|
||||
<span class="o">--</span><span class="n">imap</span><span class="o">-</span><span class="n">no</span><span class="o">-</span><span class="n">ssl</span> <span class="n">do</span> <span class="ow">not</span> <span class="n">use</span> <span class="n">SSL</span><span class="o">/</span><span class="n">TLS</span> <span class="n">when</span> <span class="n">connecting</span> <span class="n">to</span> <span class="n">IMAP</span>
|
||||
<span class="o">-</span><span class="n">r</span> <span class="n">REPORTS_FOLDER</span><span class="p">,</span> <span class="o">--</span><span class="n">reports</span><span class="o">-</span><span class="n">folder</span> <span class="n">REPORTS_FOLDER</span>
|
||||
<span class="n">the</span> <span class="n">IMAP</span> <span class="n">folder</span> <span class="n">containing</span> <span class="n">the</span> <span class="n">reports</span> <span class="p">(</span><span class="n">default</span><span class="p">:</span>
|
||||
<span class="n">INBOX</span><span class="p">)</span>
|
||||
<span class="o">-</span><span class="n">a</span> <span class="n">ARCHIVE_FOLDER</span><span class="p">,</span> <span class="o">--</span><span class="n">archive</span><span class="o">-</span><span class="n">folder</span> <span class="n">ARCHIVE_FOLDER</span>
|
||||
<span class="n">specifies</span> <span class="n">the</span> <span class="n">IMAP</span> <span class="n">folder</span> <span class="n">to</span> <span class="n">move</span> <span class="n">messages</span> <span class="n">to</span> <span class="n">after</span>
|
||||
<span class="n">processing</span> <span class="n">them</span> <span class="p">(</span><span class="n">default</span><span class="p">:</span> <span class="n">Archive</span><span class="p">)</span>
|
||||
<span class="o">-</span><span class="n">d</span><span class="p">,</span> <span class="o">--</span><span class="n">delete</span> <span class="n">delete</span> <span class="n">the</span> <span class="n">reports</span> <span class="n">after</span> <span class="n">processing</span> <span class="n">them</span>
|
||||
<span class="o">-</span><span class="n">E</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="o">...</span><span class="p">]],</span> <span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">host</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="p">[</span><span class="n">ELASTICSEARCH_HOST</span> <span class="o">...</span><span class="p">]]</span>
|
||||
<span class="n">une</span> <span class="ow">or</span> <span class="n">more</span> <span class="n">Elasticsearch</span> <span class="n">hostnames</span> <span class="ow">or</span> <span class="n">URLs</span> <span class="n">to</span> <span class="n">use</span>
|
||||
<span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">g</span><span class="o">.</span> <span class="n">localhost</span><span class="p">:</span><span class="mi">9200</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">index</span><span class="o">-</span><span class="n">suffix</span> <span class="n">ELASTICSEARCH_INDEX_SUFFIX</span>
|
||||
<span class="n">append</span> <span class="n">this</span> <span class="n">suffix</span> <span class="n">to</span> <span class="n">the</span> <span class="n">dmarc_aggregate</span> <span class="ow">and</span>
|
||||
<span class="n">dmarc_forensic</span> <span class="n">Elasticsearch</span> <span class="n">index</span> <span class="n">names</span><span class="p">,</span> <span class="n">joined</span> <span class="n">by</span> <span class="n">_</span>
|
||||
<span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">use</span><span class="o">-</span><span class="n">ssl</span>
|
||||
<span class="n">Use</span> <span class="n">SSL</span> <span class="n">when</span> <span class="n">connecting</span> <span class="n">to</span> <span class="n">Elasticsearch</span>
|
||||
<span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">ssl</span><span class="o">-</span><span class="n">cert</span><span class="o">-</span><span class="n">path</span> <span class="n">ELASTICSEARCH_SSL_CERT_PATH</span>
|
||||
<span class="n">Path</span> <span class="n">to</span> <span class="n">the</span> <span class="n">Elasticsearch</span> <span class="n">SSL</span> <span class="n">certificate</span>
|
||||
<span class="o">--</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">monthly</span><span class="o">-</span><span class="n">indexes</span>
|
||||
<span class="n">Use</span> <span class="n">monthly</span> <span class="n">Elasticsearch</span> <span class="n">indexes</span> <span class="n">instead</span> <span class="n">of</span> <span class="n">daily</span>
|
||||
<span class="n">indexes</span>
|
||||
<span class="o">--</span><span class="n">hec</span> <span class="n">HEC</span> <span class="n">the</span> <span class="n">URL</span> <span class="n">to</span> <span class="n">a</span> <span class="n">Splunk</span> <span class="n">HTTP</span> <span class="n">Event</span> <span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">token</span> <span class="n">HEC_TOKEN</span>
|
||||
<span class="n">the</span> <span class="n">authorization</span> <span class="n">token</span> <span class="k">for</span> <span class="n">a</span> <span class="n">Splunk</span> <span class="n">HTTP</span> <span class="n">Event</span>
|
||||
<span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">index</span> <span class="n">HEC_INDEX</span>
|
||||
<span class="n">the</span> <span class="n">index</span> <span class="n">to</span> <span class="n">use</span> <span class="n">when</span> <span class="n">sending</span> <span class="n">events</span> <span class="n">to</span> <span class="n">the</span> <span class="n">Splunk</span>
|
||||
<span class="n">HTTP</span> <span class="n">Event</span> <span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">skip</span><span class="o">-</span><span class="n">certificate</span><span class="o">-</span><span class="n">verification</span>
|
||||
<span class="n">skip</span> <span class="n">certificate</span> <span class="n">verification</span> <span class="k">for</span> <span class="n">Splunk</span> <span class="n">HEC</span>
|
||||
<span class="o">-</span><span class="n">K</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="o">...</span><span class="p">]],</span> <span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">hosts</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="p">[</span><span class="n">KAFKA_HOSTS</span> <span class="o">...</span><span class="p">]]</span>
|
||||
<span class="n">a</span> <span class="nb">list</span> <span class="n">of</span> <span class="n">one</span> <span class="ow">or</span> <span class="n">more</span> <span class="n">Kafka</span> <span class="n">hostnames</span>
|
||||
<span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">username</span> <span class="n">KAFKA_USERNAME</span>
|
||||
<span class="n">an</span> <span class="n">optional</span> <span class="n">Kafka</span> <span class="n">username</span>
|
||||
<span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">password</span> <span class="n">KAFKA_PASSWORD</span>
|
||||
<span class="n">an</span> <span class="n">optional</span> <span class="n">Kafka</span> <span class="n">password</span>
|
||||
<span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">use</span><span class="o">-</span><span class="n">ssl</span> <span class="n">use</span> <span class="n">SSL</span><span class="o">/</span><span class="n">TLS</span> <span class="n">to</span> <span class="n">connect</span> <span class="n">to</span> <span class="n">Kafka</span> <span class="p">(</span><span class="n">implied</span> <span class="n">when</span> <span class="o">--</span><span class="n">kafka</span><span class="o">-</span>
|
||||
<span class="n">username</span> <span class="ow">or</span> <span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">password</span> <span class="n">are</span> <span class="n">provided</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">aggregate</span><span class="o">-</span><span class="n">topic</span> <span class="n">KAFKA_AGGREGATE_TOPIC</span>
|
||||
<span class="n">the</span> <span class="n">Kafka</span> <span class="n">topic</span> <span class="n">to</span> <span class="n">publish</span> <span class="n">aggregate</span> <span class="n">reports</span> <span class="n">to</span>
|
||||
<span class="p">(</span><span class="n">default</span><span class="p">:</span> <span class="n">dmarc_aggregate</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">kafka</span><span class="o">-</span><span class="n">forensic_topic</span> <span class="n">KAFKA_FORENSIC_TOPIC</span>
|
||||
<span class="n">the</span> <span class="n">Kafka</span> <span class="n">topic</span> <span class="n">to</span> <span class="n">publish</span> <span class="n">forensic</span> <span class="n">reports</span> <span class="n">to</span>
|
||||
<span class="p">(</span><span class="n">default</span><span class="p">:</span> <span class="n">dmarc_forensic</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">save</span><span class="o">-</span><span class="n">aggregate</span> <span class="n">save</span> <span class="n">aggregate</span> <span class="n">reports</span> <span class="n">to</span> <span class="n">search</span> <span class="n">indexes</span>
|
||||
<span class="o">--</span><span class="n">save</span><span class="o">-</span><span class="n">forensic</span> <span class="n">save</span> <span class="n">forensic</span> <span class="n">reports</span> <span class="n">to</span> <span class="n">search</span> <span class="n">indexes</span>
|
||||
<span class="o">-</span><span class="n">O</span> <span class="n">OUTGOING_HOST</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">host</span> <span class="n">OUTGOING_HOST</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">host</span>
|
||||
<span class="o">-</span><span class="n">U</span> <span class="n">OUTGOING_USER</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">user</span> <span class="n">OUTGOING_USER</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">user</span>
|
||||
<span class="o">-</span><span class="n">P</span> <span class="n">OUTGOING_PASSWORD</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">password</span> <span class="n">OUTGOING_PASSWORD</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">password</span>
|
||||
<span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">port</span> <span class="n">OUTGOING_PORT</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">port</span>
|
||||
<span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">ssl</span> <span class="n">OUTGOING_SSL</span>
|
||||
<span class="n">use</span> <span class="n">SSL</span><span class="o">/</span><span class="n">TLS</span> <span class="n">instead</span> <span class="n">of</span> <span class="n">STARTTLS</span> <span class="p">(</span><span class="n">more</span> <span class="n">secure</span><span class="p">,</span> <span class="ow">and</span>
|
||||
<span class="n">required</span> <span class="n">by</span> <span class="n">some</span> <span class="n">providers</span><span class="p">,</span> <span class="n">like</span> <span class="n">Gmail</span><span class="p">)</span>
|
||||
<span class="o">-</span><span class="n">F</span> <span class="n">OUTGOING_FROM</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="kn">from</span> <span class="nn">OUTGOING_FROM</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="kn">from</span> <span class="nn">address</span>
|
||||
<span class="o">-</span><span class="n">T</span> <span class="n">OUTGOING_TO</span> <span class="p">[</span><span class="n">OUTGOING_TO</span> <span class="o">...</span><span class="p">],</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">to</span> <span class="n">OUTGOING_TO</span> <span class="p">[</span><span class="n">OUTGOING_TO</span> <span class="o">...</span><span class="p">]</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">to</span> <span class="n">these</span> <span class="n">addresses</span>
|
||||
<span class="o">-</span><span class="n">S</span> <span class="n">OUTGOING_SUBJECT</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">subject</span> <span class="n">OUTGOING_SUBJECT</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">subject</span>
|
||||
<span class="o">-</span><span class="n">A</span> <span class="n">OUTGOING_ATTACHMENT</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">attachment</span> <span class="n">OUTGOING_ATTACHMENT</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">filename</span>
|
||||
<span class="o">-</span><span class="n">M</span> <span class="n">OUTGOING_MESSAGE</span><span class="p">,</span> <span class="o">--</span><span class="n">outgoing</span><span class="o">-</span><span class="n">message</span> <span class="n">OUTGOING_MESSAGE</span>
|
||||
<span class="n">email</span> <span class="n">the</span> <span class="n">results</span> <span class="n">using</span> <span class="n">this</span> <span class="n">message</span>
|
||||
<span class="o">-</span><span class="n">w</span><span class="p">,</span> <span class="o">--</span><span class="n">watch</span> <span class="n">use</span> <span class="n">an</span> <span class="n">IMAP</span> <span class="n">IDLE</span> <span class="n">connection</span> <span class="n">to</span> <span class="n">process</span> <span class="n">reports</span> <span class="k">as</span> <span class="n">they</span>
|
||||
<span class="n">arrive</span> <span class="ow">in</span> <span class="n">the</span> <span class="n">inbox</span>
|
||||
<span class="o">--</span><span class="n">test</span> <span class="n">do</span> <span class="ow">not</span> <span class="n">move</span> <span class="ow">or</span> <span class="n">delete</span> <span class="n">IMAP</span> <span class="n">messages</span>
|
||||
<span class="o">-</span><span class="n">s</span><span class="p">,</span> <span class="o">--</span><span class="n">silent</span> <span class="n">only</span> <span class="nb">print</span> <span class="n">errors</span> <span class="ow">and</span> <span class="n">warnings</span>
|
||||
<span class="o">--</span><span class="n">debug</span> <span class="nb">print</span> <span class="n">debugging</span> <span class="n">information</span>
|
||||
<span class="o">--</span><span class="n">log</span><span class="o">-</span><span class="n">file</span> <span class="n">LOG_FILE</span> <span class="n">output</span> <span class="n">logging</span> <span class="n">to</span> <span class="n">a</span> <span class="n">file</span>
|
||||
<span class="o">-</span><span class="n">v</span><span class="p">,</span> <span class="o">--</span><span class="n">version</span> <span class="n">show</span> <span class="n">program</span><span class="s1">'s version number and exit</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">In <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> 6.0.0, most CLI options were moved to a configuration file, described below.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" id="configuration-file">
|
||||
<h2>Configuration file<a class="headerlink" href="#configuration-file" title="Permalink to this headline">¶</a></h2>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> can be configured by supplying the path to an INI file</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>parsedmarc -c /etc/parsedmarc.ini
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>For example</p>
|
||||
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="c1"># This is an example comment</span>
|
||||
|
||||
<span class="k">[general]</span>
|
||||
<span class="na">save_aggregate</span> <span class="o">=</span> <span class="s">True</span>
|
||||
<span class="na">save_forensic</span> <span class="o">=</span> <span class="s">True</span>
|
||||
|
||||
<span class="k">[imap]</span>
|
||||
<span class="na">host</span> <span class="o">=</span> <span class="s">imap.example.com</span>
|
||||
<span class="na">user</span> <span class="o">=</span> <span class="s">dmarcresports@example.com</span>
|
||||
<span class="na">password</span> <span class="o">=</span> <span class="s">$uperSecure</span>
|
||||
<span class="na">watch</span> <span class="o">=</span> <span class="s">True</span>
|
||||
|
||||
<span class="k">[elasticsearch]</span>
|
||||
<span class="na">hosts</span> <span class="o">=</span> <span class="s">127.0.0.1:9200</span>
|
||||
<span class="na">ssl</span> <span class="o">=</span> <span class="s">False</span>
|
||||
|
||||
<span class="k">[splunk_hec]</span>
|
||||
<span class="na">url</span> <span class="o">=</span> <span class="s">https://splunkhec.example.com</span>
|
||||
<span class="na">token</span> <span class="o">=</span> <span class="s">HECTokenGoesHere</span>
|
||||
<span class="na">index</span> <span class="o">=</span> <span class="s">email</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>The full set of configuration options are:</p>
|
||||
<ul class="simple">
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">general</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">save_aggregate</span></code> - bool: Save aggregate report data to the Elasticsearch and/or Splunk</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">save_forensic</span></code> - bool: Save forensic report data to the Elasticsearch and/or Splunk</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">strip_attachments_payloads</span></code> - bool: Remove attachment payloads from results</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">output</span></code> - str: Directory to place JSON and CSV files in</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">nameservers</span></code> - str: A comma separated list of DNS resolvers (Default: Cloudflare’s public resolvers)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">dns_timeout</span></code> - float: DNS timeout period</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">debug</span></code> - bool: Print debugging messages</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">silent</span></code> - bool: Only print errors (Default: True)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">log_file</span></code> - str: Write log messages to a file at this path</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">imap</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">host</span></code> - str: The IMAP server hostname or IP address</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">port</span></code> - int: The IMAP server port (Default: 993)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">ssl</span></code> - bool: Use an encrypted SSL/TLS connection (Default: True)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">skip_certificate_verification</span></code> - bool: Skip certificate verification (not recommended)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">user</span></code> - str: The IMAP user</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">password</span></code> - str: The IMAP password</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">reports_folder</span></code> - str: The IMAP folder where the incoming reports can be found (Default: INBOX)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">archive_folder</span></code> - str: The IMAP folder to sort processed emails into (Default: Archive)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">watch</span></code> - bool: Use the IMAP <code class="docutils literal notranslate"><span class="pre">IDLE</span></code> command to process messages as they arrive</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">delete</span></code> - bool: Delete messages after processing them, instead of archiving them</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">test</span></code> - bool: Do not move or delete messages</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">elasticsearch</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">hosts</span></code> - str: A comma separated list of hostnames and ports or URLs (e.g. <code class="docutils literal notranslate"><span class="pre">127.0.0.1:9200</span></code> or <a class="reference external" href="https://user:secret@localhost:443">https://user:secret@localhost:443</a>)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">ssl</span></code> - bool: Use an encrypted SSL/TLS connection (Default: True)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">cert_path</span></code> - str: Path to a trusted certificates</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">index_suffix</span></code> - str: A suffix to apply to the index names</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">monthly_indexes</span></code> - bool: Use monthly indexes instead of daily indexes</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">splunk_hec</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">url</span></code> - str: The URL of the Splunk HTTP Events Collector (HEC)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">token</span></code> - str: The HEC token</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">index</span></code> - str: The Splunk index to use</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">skip_certificate_verification</span></code> - bool: Skip certificate verification (not recommended)</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">kafka</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">hosts</span></code> - str: A comma separated list of Kafka hosts</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">user</span></code> - str: The Kafka user</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">passsword</span></code> - str: The Kafka password</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">ssl</span></code> - bool: Use an encrypted SSL/TLS connection (Default: True)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">aggregate_topic</span></code> - str: The Kafka topic for aggregate reports</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">forensic_topic</span></code> - str: The Kafka topic for forensic reports</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
<li><dl class="first docutils">
|
||||
<dt><code class="docutils literal notranslate"><span class="pre">smtp</span></code></dt>
|
||||
<dd><ul class="first last">
|
||||
<li><code class="docutils literal notranslate"><span class="pre">host</span></code> - str: The SMTP hostname</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">port</span></code> - int: The SMTP port (Default: 25)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">ssl</span></code> - bool: Require SSL/TLS instead of using STARTTLS</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">user</span></code> - str: the SMTP username</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">password</span></code> - str: the SMTP password</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">from</span></code> - str: The From header to use in the email</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">to</span></code> - list: A list of email addresses to send to</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">subject</span></code> - str: The Subject header to use in the email (Default: parsedmarc report)</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">attachment</span></code> - str: The ZIP attachment filenames</li>
|
||||
<li><code class="docutils literal notranslate"><span class="pre">message</span></code> - str: The email message (Default: Please see the attached parsedmarc report.)</li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="admonition warning">
|
||||
<p class="first admonition-title">Warning</p>
|
||||
<blockquote>
|
||||
<div><p><code class="docutils literal notranslate"><span class="pre">save_aggregate</span></code> and <code class="docutils literal notranslate"><span class="pre">save_forensic</span></code> are separate options because
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.</p>
|
||||
<p>Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organization.</p>
|
||||
<p>Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.</p>
|
||||
</div></blockquote>
|
||||
<p class="last">An alternative approach is to still collect forensic/failure/ruf reports
|
||||
in your DMARC inbox, but run <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> with <code class="docutils literal notranslate"><span class="pre">save_forensic</span> <span class="pre">=</span> <span class="pre">True</span></code> manually on a
|
||||
separate IMAP folder (using the <code class="docutils literal notranslate"><span class="pre">reports_folder</span></code> option), after you have manually
|
||||
moved known samples you want to save to that folder (e.g. malicious
|
||||
samples and non-sensitive legitimate samples).</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" id="sample-aggregate-report-output">
|
||||
<h2>Sample aggregate report output<a class="headerlink" href="#sample-aggregate-report-output" title="Permalink to this headline">¶</a></h2>
|
||||
@@ -705,65 +756,65 @@ as a local EWS/OWA IMAP gateway.</p>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Configure Davmail by creating a <code class="docutils literal notranslate"><span class="pre">davmail.properties</span></code> file</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># DavMail settings, see http://davmail.sourceforge.net/ for documentation</span>
|
||||
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="c"># DavMail settings, see http://davmail.sourceforge.net/ for documentation</span>
|
||||
|
||||
<span class="c1">#############################################################</span>
|
||||
<span class="c1"># Basic settings</span>
|
||||
<span class="c">#############################################################</span>
|
||||
<span class="c"># Basic settings</span>
|
||||
|
||||
<span class="c1"># Server or workstation mode</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">server</span><span class="o">=</span><span class="n">true</span>
|
||||
<span class="c"># Server or workstation mode</span>
|
||||
<span class="na">davmail.server</span><span class="o">=</span><span class="s">true</span>
|
||||
|
||||
<span class="c1"># connection mode auto, EWS or WebDav</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">enableEws</span><span class="o">=</span><span class="n">auto</span>
|
||||
<span class="c"># connection mode auto, EWS or WebDav</span>
|
||||
<span class="na">davmail.enableEws</span><span class="o">=</span><span class="s">auto</span>
|
||||
|
||||
<span class="c1"># base Exchange OWA or EWS url</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">url</span><span class="o">=</span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">outlook</span><span class="o">.</span><span class="n">office365</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">EWS</span><span class="o">/</span><span class="n">Exchange</span><span class="o">.</span><span class="n">asmx</span>
|
||||
<span class="c"># base Exchange OWA or EWS url</span>
|
||||
<span class="na">davmail.url</span><span class="o">=</span><span class="s">https://outlook.office365.com/EWS/Exchange.asmx</span>
|
||||
|
||||
<span class="c1"># Listener ports</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">imapPort</span><span class="o">=</span><span class="mi">1143</span>
|
||||
<span class="c"># Listener ports</span>
|
||||
<span class="na">davmail.imapPort</span><span class="o">=</span><span class="s">1143</span>
|
||||
|
||||
<span class="c1">#############################################################</span>
|
||||
<span class="c1"># Network settings</span>
|
||||
<span class="c">#############################################################</span>
|
||||
<span class="c"># Network settings</span>
|
||||
|
||||
<span class="c1"># Network proxy settings</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">enableProxy</span><span class="o">=</span><span class="n">false</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">useSystemProxies</span><span class="o">=</span><span class="n">false</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">proxyHost</span><span class="o">=</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">proxyPort</span><span class="o">=</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">proxyUser</span><span class="o">=</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">proxyPassword</span><span class="o">=</span>
|
||||
<span class="c"># Network proxy settings</span>
|
||||
<span class="na">davmail.enableProxy</span><span class="o">=</span><span class="s">false</span>
|
||||
<span class="na">davmail.useSystemProxies</span><span class="o">=</span><span class="s">false</span>
|
||||
<span class="na">davmail.proxyHost</span><span class="o">=</span>
|
||||
<span class="na">davmail.proxyPort</span><span class="o">=</span>
|
||||
<span class="na">davmail.proxyUser</span><span class="o">=</span>
|
||||
<span class="na">davmail.proxyPassword</span><span class="o">=</span>
|
||||
|
||||
<span class="c1"># proxy exclude list</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">noProxyFor</span><span class="o">=</span>
|
||||
<span class="c"># proxy exclude list</span>
|
||||
<span class="na">davmail.noProxyFor</span><span class="o">=</span>
|
||||
|
||||
<span class="c1"># allow remote connection to DavMail</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">allowRemote</span><span class="o">=</span><span class="n">false</span>
|
||||
<span class="c"># allow remote connection to DavMail</span>
|
||||
<span class="na">davmail.allowRemote</span><span class="o">=</span><span class="s">false</span>
|
||||
|
||||
<span class="c1"># bind server sockets to the loopback address</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">bindAddress</span><span class="o">=</span><span class="mf">127.0</span><span class="o">.</span><span class="mf">0.1</span>
|
||||
<span class="c"># bind server sockets to the loopback address</span>
|
||||
<span class="na">davmail.bindAddress</span><span class="o">=</span><span class="s">127.0.0.1</span>
|
||||
|
||||
<span class="c1"># disable SSL for specified listeners</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">nosecureimap</span><span class="o">=</span><span class="n">false</span>
|
||||
<span class="c"># disable SSL for specified listeners</span>
|
||||
<span class="na">davmail.ssl.nosecureimap</span><span class="o">=</span><span class="s">false</span>
|
||||
|
||||
<span class="c1"># Send keepalive character during large folder and messages download</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">enableKeepalive</span><span class="o">=</span><span class="n">true</span>
|
||||
<span class="c1"># Message count limit on folder retrieval</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">folderSizeLimit</span><span class="o">=</span><span class="mi">0</span>
|
||||
<span class="c"># Send keepalive character during large folder and messages download</span>
|
||||
<span class="na">davmail.enableKeepalive</span><span class="o">=</span><span class="s">true</span>
|
||||
<span class="c"># Message count limit on folder retrieval</span>
|
||||
<span class="na">davmail.folderSizeLimit</span><span class="o">=</span><span class="s">0</span>
|
||||
|
||||
<span class="c1">#############################################################</span>
|
||||
<span class="c1"># IMAP settings</span>
|
||||
<span class="c">#############################################################</span>
|
||||
<span class="c"># IMAP settings</span>
|
||||
|
||||
<span class="c1"># Delete messages immediately on IMAP STORE \Deleted flag</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">imapAutoExpunge</span><span class="o">=</span><span class="n">true</span>
|
||||
<span class="c"># Delete messages immediately on IMAP STORE \Deleted flag</span>
|
||||
<span class="na">davmail.imapAutoExpunge</span><span class="o">=</span><span class="s">true</span>
|
||||
|
||||
<span class="c1"># Enable IDLE support, set polling delay in minutes</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">imapIdleDelay</span><span class="o">=</span><span class="mi">1</span>
|
||||
<span class="c"># Enable IDLE support, set polling delay in minutes</span>
|
||||
<span class="na">davmail.imapIdleDelay</span><span class="o">=</span><span class="s">1</span>
|
||||
|
||||
<span class="c1"># Always reply to IMAP RFC822.SIZE requests with Exchange approximate</span>
|
||||
<span class="c1"># message size for performance reasons</span>
|
||||
<span class="n">davmail</span><span class="o">.</span><span class="n">imapAlwaysApproxMsgSize</span><span class="o">=</span><span class="n">true</span>
|
||||
<span class="c"># Always reply to IMAP RFC822.SIZE requests with Exchange approximate</span>
|
||||
<span class="c"># message size for performance reasons</span>
|
||||
<span class="na">davmail.imapAlwaysApproxMsgSize</span><span class="o">=</span><span class="s">true</span>
|
||||
|
||||
<span class="c1">#############################################################</span>
|
||||
<span class="c">#############################################################</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Run Davmail</p>
|
||||
@@ -822,7 +873,7 @@ sudo service elasticsearch start
|
||||
sudo service kibana start
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Without the commercial <a class="reference external" href="https://www.elastic.co/products/x-pack">X-Pack</a>, Kibana does not have any authentication
|
||||
<p>Without the commercial <a class="reference external" href="https://www.elastic.co/products/x-pack">X-Pack</a> or <a class="reference external" href="https://readonlyrest.com/">ReadonlyREST</a> products, Kibana does not have any authentication
|
||||
mechanism of its own. You can use nginx as a reverse proxy that provides basic
|
||||
authentication.</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y nginx apache2-utils
|
||||
@@ -922,30 +973,6 @@ sudo chmod <span class="nv">u</span><span class="o">=</span>rw,g<span class="o">
|
||||
</div>
|
||||
<p>Now that Elasticsearch is up and running, use <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> to send data to
|
||||
it.</p>
|
||||
<p>Om the same system as Elasticsearch, pass <code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and/or
|
||||
<code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> to <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> save the results in Elasticsearch.</p>
|
||||
<div class="admonition warning">
|
||||
<p class="first admonition-title">Warning</p>
|
||||
<blockquote>
|
||||
<div><p><code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and <code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> are separate options because
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.</p>
|
||||
<p>Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organization.</p>
|
||||
<p>Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.</p>
|
||||
</div></blockquote>
|
||||
<p class="last">An alternative approach is to still collect forensic/failure/ruf reports
|
||||
in your DMARC inbox, but run <code class="docutils literal notranslate"><span class="pre">parsedmarc</span> <span class="pre">--save-forensic</span></code> manually on a
|
||||
separate IMAP folder (using the <code class="docutils literal notranslate"><span class="pre">-r</span></code> option), after you have manually
|
||||
moved known samples you want to save to that folder (e.g. malicious
|
||||
samples and non-sensitive legitimate samples).</p>
|
||||
</div>
|
||||
<p>Download (right click the link and click save as) <a class="reference external" href="https://raw.githubusercontent.com/domainaware/parsedmarc/master/kibana/kibana_saved_objects.json">kibana_saved_objects.json</a>.</p>
|
||||
<p>Import <code class="docutils literal notranslate"><span class="pre">kibana_saved_objects.json</span></code> the Saved Objects tab of the management
|
||||
page of Kibana.</p>
|
||||
@@ -985,29 +1012,7 @@ check out the Elastic guide to <a class="reference external" href="https://www.e
|
||||
<div class="section" id="splunk">
|
||||
<h3>Splunk<a class="headerlink" href="#splunk" title="Permalink to this headline">¶</a></h3>
|
||||
<p>Starting in version 4.3.0 <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> supports sending aggregate and/or
|
||||
forensic DMARC data to a Splunk <a class="reference external" href="http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC">HTTP Event collector (HEC)</a>. Simply use the
|
||||
following command line options, along with <code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and/or
|
||||
<code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code>:</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">--</span><span class="n">hec</span> <span class="n">HEC</span> <span class="n">URL</span> <span class="n">to</span> <span class="n">a</span> <span class="n">Splunk</span> <span class="n">HTTP</span> <span class="n">Event</span> <span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">token</span> <span class="n">HEC_TOKEN</span>
|
||||
<span class="n">The</span> <span class="n">authorization</span> <span class="n">token</span> <span class="k">for</span> <span class="n">a</span> <span class="n">Splunk</span> <span class="n">HTTP</span> <span class="n">Event</span>
|
||||
<span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">index</span> <span class="n">HEC_INDEX</span>
|
||||
<span class="n">The</span> <span class="n">index</span> <span class="n">to</span> <span class="n">use</span> <span class="n">when</span> <span class="n">sending</span> <span class="n">events</span> <span class="n">to</span> <span class="n">the</span> <span class="n">Splunk</span>
|
||||
<span class="n">HTTP</span> <span class="n">Event</span> <span class="n">Collector</span> <span class="p">(</span><span class="n">HEC</span><span class="p">)</span>
|
||||
<span class="o">--</span><span class="n">hec</span><span class="o">-</span><span class="n">skip</span><span class="o">-</span><span class="n">certificate</span><span class="o">-</span><span class="n">verification</span>
|
||||
<span class="n">Skip</span> <span class="n">certificate</span> <span class="n">verification</span> <span class="k">for</span> <span class="n">Splunk</span> <span class="n">HEC</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p>To maintain CLI backwards compatibility with previous versions of
|
||||
<code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code>, if <code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and/or <code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> are used
|
||||
without the <code class="docutils literal notranslate"><span class="pre">--hec</span></code> or <code class="docutils literal notranslate"><span class="pre">-E</span></code> options, <code class="docutils literal notranslate"><span class="pre">-E</span> <span class="pre">localhost:9200</span></code> is implied.</p>
|
||||
<p class="last">It is possible to save data in Elasticsearch and Splunk at the same time by
|
||||
supplying <code class="docutils literal notranslate"><span class="pre">-E</span></code> and the HEC options, along with <code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and/or
|
||||
<code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code>.</p>
|
||||
</div>
|
||||
forensic DMARC data to a Splunk <a class="reference external" href="http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC">HTTP Event collector (HEC)</a>.</p>
|
||||
<p>The project repository contains <a class="reference external" href="https://github.com/domainaware/parsedmarc/tree/master/splunk">XML files</a> for premade Splunk dashboards for
|
||||
aggregate and forensic DMARC reports.</p>
|
||||
<p>Copy and paste the contents of each file into a separate Splunk dashboard XML
|
||||
@@ -1025,6 +1030,10 @@ flexible filtering options.</p>
|
||||
<h3>Running parsedmarc as a systemd service<a class="headerlink" href="#running-parsedmarc-as-a-systemd-service" title="Permalink to this headline">¶</a></h3>
|
||||
<p>Use systemd to run <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> as a service and process reports as they
|
||||
arrive.</p>
|
||||
<p>Create a system user</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo useradd parsedmarc -r -s /bin/false
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Create the service configuration file</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo nano /etc/systemd/system/parsedmarc.service
|
||||
</pre></div>
|
||||
@@ -1036,7 +1045,9 @@ arrive.</p>
|
||||
<span class="na">After</span><span class="o">=</span><span class="s">network.target network-online.target elasticsearch.service</span>
|
||||
|
||||
<span class="k">[Service]</span>
|
||||
<span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/local/bin/parsedmarc --watch --silent --save-aggregate --save-forensic -H "outlook.office365.com" -u "dmarc@example.com" -p "FooBar!"</span>
|
||||
<span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/local/bin/parsedmarc -c /etc/parsedmarc.ini</span>
|
||||
<span class="na">User</span><span class="o">=</span><span class="s">parsedmarc</span>
|
||||
<span class="na">Group</span><span class="o">=</span><span class="s">parsedmarc</span>
|
||||
<span class="na">Restart</span><span class="o">=</span><span class="s">always</span>
|
||||
<span class="na">RestartSec</span><span class="o">=</span><span class="s">5m</span>
|
||||
|
||||
@@ -1044,22 +1055,6 @@ arrive.</p>
|
||||
<span class="na">WantedBy</span><span class="o">=</span><span class="s">multi-user.target</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Edit the command line options of <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> in the service’s <code class="docutils literal notranslate"><span class="pre">ExecStart</span></code>
|
||||
setting to suit your needs.</p>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">Always pass the <code class="docutils literal notranslate"><span class="pre">--watch</span></code> option to <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> when running it as a
|
||||
service. Use <code class="docutils literal notranslate"><span class="pre">--silent</span></code> to only log errors.</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="first admonition-title">Warning</p>
|
||||
<p class="last">As mentioned earlier, forensic/failure reports contain copies of emails
|
||||
that failed DMARC, including emails that may be legitimate and contain
|
||||
sensitive customer or business information. For privacy and/or regulatory
|
||||
reasons, you may not want to use the <code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> flag included in
|
||||
the example service configuration <code class="docutils literal notranslate"><span class="pre">ExecStart</span></code> setting, which would save
|
||||
these samples to Elasticsearch.</p>
|
||||
</div>
|
||||
<p>Then, enable the service</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl daemon-reload
|
||||
sudo systemctl <span class="nb">enable</span> parsedmarc.service
|
||||
@@ -1406,7 +1401,7 @@ or bytes.</p>
|
||||
|
||||
<dl class="function">
|
||||
<dt id="parsedmarc.parse_aggregate_report_file">
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_aggregate_report_file</code><span class="sig-paren">(</span><em>_input</em>, <em>nameservers=None</em>, <em>timeout=2.0</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_aggregate_report_file"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_aggregate_report_file" title="Permalink to this definition">¶</a></dt>
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_aggregate_report_file</code><span class="sig-paren">(</span><em>_input</em>, <em>nameservers=None</em>, <em>dns_timeout=2.0</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_aggregate_report_file"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_aggregate_report_file" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>Parses a file at the given path, a file-like object. or bytes as a
|
||||
aggregate DMARC report</p>
|
||||
<table class="docutils field-list" frame="void" rules="none">
|
||||
@@ -1417,7 +1412,7 @@ aggregate DMARC report</p>
|
||||
<li><strong>_input</strong> – A path to a file, a file like object, or bytes</li>
|
||||
<li><strong>nameservers</strong> (<em>list</em>) – A list of one or more nameservers to use</li>
|
||||
<li><strong>public DNS resolvers by default</strong><strong>)</strong> (<em>(</em><em>Cloudflare's</em>) – </li>
|
||||
<li><strong>timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>dns_timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
</ul>
|
||||
</td>
|
||||
</tr>
|
||||
@@ -1459,7 +1454,7 @@ aggregate DMARC report</p>
|
||||
|
||||
<dl class="function">
|
||||
<dt id="parsedmarc.parse_forensic_report">
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_forensic_report</code><span class="sig-paren">(</span><em>feedback_report</em>, <em>sample</em>, <em>msg_date</em>, <em>nameservers=None</em>, <em>timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_forensic_report"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_forensic_report" title="Permalink to this definition">¶</a></dt>
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_forensic_report</code><span class="sig-paren">(</span><em>feedback_report</em>, <em>sample</em>, <em>msg_date</em>, <em>nameservers=None</em>, <em>dns_timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_forensic_report"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_forensic_report" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>Converts a DMARC forensic report and sample to a <code class="docutils literal notranslate"><span class="pre">OrderedDict</span></code></p>
|
||||
<table class="docutils field-list" frame="void" rules="none">
|
||||
<col class="field-name" />
|
||||
@@ -1471,7 +1466,7 @@ aggregate DMARC report</p>
|
||||
<li><strong>msg_date</strong> (<em>str</em>) – The message’s date header</li>
|
||||
<li><strong>nameservers</strong> (<em>list</em>) – A list of one or more nameservers to use</li>
|
||||
<li><strong>public DNS resolvers by default</strong><strong>)</strong> (<em>(</em><em>Cloudflare's</em>) – </li>
|
||||
<li><strong>timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>dns_timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>strip_attachment_payloads</strong> (<em>bool</em>) – Remove attachment payloads from</li>
|
||||
<li><strong>report results</strong> (<em>forensic</em>) – </li>
|
||||
</ul>
|
||||
@@ -1489,7 +1484,7 @@ aggregate DMARC report</p>
|
||||
|
||||
<dl class="function">
|
||||
<dt id="parsedmarc.parse_report_email">
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_report_email</code><span class="sig-paren">(</span><em>input_</em>, <em>nameservers=None</em>, <em>timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_report_email"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_report_email" title="Permalink to this definition">¶</a></dt>
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_report_email</code><span class="sig-paren">(</span><em>input_</em>, <em>nameservers=None</em>, <em>dns_timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_report_email"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_report_email" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>Parses a DMARC report from an email</p>
|
||||
<table class="docutils field-list" frame="void" rules="none">
|
||||
<col class="field-name" />
|
||||
@@ -1498,7 +1493,7 @@ aggregate DMARC report</p>
|
||||
<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
|
||||
<li><strong>input</strong> – An emailed DMARC report in RFC 822 format, as bytes or a string</li>
|
||||
<li><strong>nameservers</strong> (<em>list</em>) – A list of one or more nameservers to use</li>
|
||||
<li><strong>timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>dns_timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>strip_attachment_payloads</strong> (<em>bool</em>) – Remove attachment payloads from</li>
|
||||
<li><strong>report results</strong> (<em>forensic</em>) – </li>
|
||||
</ul>
|
||||
@@ -1520,7 +1515,7 @@ aggregate DMARC report</p>
|
||||
|
||||
<dl class="function">
|
||||
<dt id="parsedmarc.parse_report_file">
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_report_file</code><span class="sig-paren">(</span><em>input_</em>, <em>nameservers=None</em>, <em>timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_report_file"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_report_file" title="Permalink to this definition">¶</a></dt>
|
||||
<code class="descclassname">parsedmarc.</code><code class="descname">parse_report_file</code><span class="sig-paren">(</span><em>input_</em>, <em>nameservers=None</em>, <em>dns_timeout=2.0</em>, <em>strip_attachment_payloads=False</em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#parse_report_file"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#parsedmarc.parse_report_file" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>Parses a DMARC aggregate or forensic file at the given path, a
|
||||
file-like object. or bytes</p>
|
||||
<table class="docutils field-list" frame="void" rules="none">
|
||||
@@ -1531,7 +1526,7 @@ file-like object. or bytes</p>
|
||||
<li><strong>input</strong> – A path to a file, a file like object, or bytes</li>
|
||||
<li><strong>nameservers</strong> (<em>list</em>) – A list of one or more nameservers to use</li>
|
||||
<li><strong>public DNS resolvers by default</strong><strong>)</strong> (<em>(</em><em>Cloudflare's</em>) – </li>
|
||||
<li><strong>timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>dns_timeout</strong> (<em>float</em>) – Sets the DNS timeout in seconds</li>
|
||||
<li><strong>strip_attachment_payloads</strong> (<em>bool</em>) – Remove attachment payloads from</li>
|
||||
<li><strong>report results</strong> (<em>forensic</em>) – </li>
|
||||
</ul>
|
||||
@@ -2137,7 +2132,7 @@ country associated with the given IPv4 or IPv6 address</p>
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -2156,20 +2151,14 @@ country associated with the given IPv4 or IPv6 address</p>
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'./',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
BIN
Binary file not shown.
+11
-17
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Python Module Index — parsedmarc 5.3.0 documentation</title>
|
||||
<title>Python Module Index — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -188,7 +188,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -207,20 +207,14 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'./',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="_static/language_data.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+12
-18
@@ -8,7 +8,7 @@
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Search — parsedmarc 5.3.0 documentation</title>
|
||||
<title>Search — parsedmarc 6.0.0 documentation</title>
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
|
||||
<div class="version">
|
||||
5.3.0
|
||||
6.0.0
|
||||
</div>
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@
|
||||
|
||||
<div role="contentinfo">
|
||||
<p>
|
||||
© Copyright 2018, Sean Whalen.
|
||||
© Copyright 2018, Sean Whalen
|
||||
|
||||
</p>
|
||||
</div>
|
||||
@@ -185,21 +185,15 @@
|
||||
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT:'./',
|
||||
VERSION:'5.3.0',
|
||||
LANGUAGE:'None',
|
||||
COLLAPSE_INDEX:false,
|
||||
FILE_SUFFIX:'.html',
|
||||
HAS_SOURCE: true,
|
||||
SOURCELINK_SUFFIX: '.txt'
|
||||
};
|
||||
</script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="_static/searchtools.js"></script>
|
||||
|
||||
|
||||
<script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
|
||||
<script type="text/javascript" src="_static/jquery.js"></script>
|
||||
<script type="text/javascript" src="_static/underscore.js"></script>
|
||||
<script type="text/javascript" src="_static/doctools.js"></script>
|
||||
<script type="text/javascript" src="_static/language_data.js"></script>
|
||||
<script type="text/javascript" src="_static/searchtools.js"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user