mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-07-11 11:15:09 +00:00
Update GitHub pages
This commit is contained in:
+30
-23
@@ -410,17 +410,17 @@ Om the same system as Elasticsearch, pass ``--save-aggregate`` and/or
|
||||
.. warning::
|
||||
|
||||
``--save-aggregate`` and ``--save-forensic`` are separate options because
|
||||
you may not want to save forensic reports to your Elasticsearch instance,
|
||||
particularly if you are in a highly-regulated industry that handles
|
||||
sensitive data, such as healthcare or finance. If your legitimate outgoing
|
||||
email fails DMARC, it is possible that email may appear later in a
|
||||
forensic report.
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.
|
||||
|
||||
Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organisation.
|
||||
depending on the policy of the reporting organization.
|
||||
|
||||
Most reporting organisations do not send forensic reports of any kind for
|
||||
Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.
|
||||
|
||||
@@ -495,14 +495,6 @@ Create the service configuration file
|
||||
|
||||
sudo nano /etc/systemd/system/parsedmarc.service
|
||||
|
||||
Edit the command line options of ``parsedmarc`` in the service's ``ExecStart``
|
||||
setting to suit your needs.
|
||||
|
||||
.. note::
|
||||
|
||||
Always pass the ``--watch`` option to ``parsedmarc`` when running it as a
|
||||
service. Use ``--silent`` to only log errors.
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[Unit]
|
||||
@@ -517,6 +509,23 @@ setting to suit your needs.
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Edit the command line options of ``parsedmarc`` in the service's ``ExecStart``
|
||||
setting to suit your needs.
|
||||
|
||||
.. note::
|
||||
|
||||
Always pass the ``--watch`` option to ``parsedmarc`` when running it as a
|
||||
service. Use ``--silent`` to only log errors.
|
||||
|
||||
.. warning::
|
||||
|
||||
As mentioned earlier, forensic/failure reports contain copies of emails
|
||||
that failed DMARC, including emails that may be legitimate and contain
|
||||
sensitive customer or business information. For privacy and/or regulatory
|
||||
reasons, You may not want to use the ``--save-forensic`` flag included in
|
||||
the example service configuration ``ExecStart`` setting, which would save
|
||||
these samples to Elasticsearch.
|
||||
|
||||
Then, enable the service
|
||||
|
||||
.. code-block:: bash
|
||||
@@ -600,16 +609,14 @@ have them set up DKIM.
|
||||
parent, subsidiary, and outdated brands.
|
||||
|
||||
|
||||
Any other filters work the same way. Further down the dashboard, you can filter
|
||||
by source country or source IP address. You can also add your own custom
|
||||
temporary filters by clicking on Add Filter at the upper right of the page.
|
||||
Further down the dashboard, you can filter by source country or source IP
|
||||
address.
|
||||
|
||||
DMARC Failures
|
||||
--------------
|
||||
Tables showing SPF and DKIM alignment details are located under the IP address
|
||||
table.
|
||||
|
||||
The DMARC Failures dashboard contains data tables showing the details of
|
||||
misaligned SPF and DKIM results, which may be useful for identifying the
|
||||
specific application or service that is generating failing email messages.
|
||||
Any other filters work the same way. You can also add your own custom temporary
|
||||
filters by clicking on Add Filter at the upper right of the page.
|
||||
|
||||
DMARC Forensic Samples
|
||||
----------------------
|
||||
|
||||
+32
-26
@@ -102,7 +102,6 @@
|
||||
</li>
|
||||
<li><a class="reference internal" href="#using-the-kibana-dashboards">Using the Kibana dashboards</a><ul>
|
||||
<li><a class="reference internal" href="#dmarc-summary">DMARC Summary</a></li>
|
||||
<li><a class="reference internal" href="#dmarc-failures">DMARC Failures</a></li>
|
||||
<li><a class="reference internal" href="#dmarc-forensic-samples">DMARC Forensic Samples</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
@@ -519,15 +518,15 @@ it.</p>
|
||||
<div class="admonition warning">
|
||||
<p class="first admonition-title">Warning</p>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">--save-aggregate</span></code> and <code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> are separate options because
|
||||
you may not want to save forensic reports to your Elasticsearch instance,
|
||||
particularly if you are in a highly-regulated industry that handles
|
||||
sensitive data, such as healthcare or finance. If your legitimate outgoing
|
||||
email fails DMARC, it is possible that email may appear later in a
|
||||
forensic report.</p>
|
||||
you may not want to save forensic reports (also known as failure reports)
|
||||
to your Elasticsearch instance, particularly if you are in a
|
||||
highly-regulated industry that handles sensitive data, such as healthcare
|
||||
or finance. If your legitimate outgoing email fails DMARC, it is possible
|
||||
that email may appear later in a forensic report.</p>
|
||||
<p>Forensic reports contain the original headers of an email that failed a
|
||||
DMARC check, and sometimes may also include the full message body,
|
||||
depending on the policy of the reporting organisation.</p>
|
||||
<p class="last">Most reporting organisations do not send forensic reports of any kind for
|
||||
depending on the policy of the reporting organization.</p>
|
||||
<p class="last">Most reporting organizations do not send forensic reports of any kind for
|
||||
privacy reasons. While aggregate DMARC reports are sent at least daily,
|
||||
it is normal to receive very few forensic reports.</p>
|
||||
</div>
|
||||
@@ -563,13 +562,6 @@ arrive.</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo nano /etc/systemd/system/parsedmarc.service
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Edit the command line options of <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> in the service’s <code class="docutils literal notranslate"><span class="pre">ExecStart</span></code>
|
||||
setting to suit your needs.</p>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">Always pass the <code class="docutils literal notranslate"><span class="pre">--watch</span></code> option to <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> when running it as a
|
||||
service. Use <code class="docutils literal notranslate"><span class="pre">--silent</span></code> to only log errors.</p>
|
||||
</div>
|
||||
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[Unit]</span>
|
||||
<span class="na">Description</span><span class="o">=</span><span class="s">parsedmarc mailbox watcher</span>
|
||||
<span class="na">Documentation</span><span class="o">=</span><span class="s">https://domainaware.github.io/parsedmarc/</span>
|
||||
@@ -583,6 +575,22 @@ service. Use <code class="docutils literal notranslate"><span class="pre">--sile
|
||||
<span class="na">WantedBy</span><span class="o">=</span><span class="s">multi-user.target</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Edit the command line options of <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> in the service’s <code class="docutils literal notranslate"><span class="pre">ExecStart</span></code>
|
||||
setting to suit your needs.</p>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">Always pass the <code class="docutils literal notranslate"><span class="pre">--watch</span></code> option to <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> when running it as a
|
||||
service. Use <code class="docutils literal notranslate"><span class="pre">--silent</span></code> to only log errors.</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="first admonition-title">Warning</p>
|
||||
<p class="last">As mentioned earlier, forensic/failure reports contain copies of emails
|
||||
that failed DMARC, including emails that may be legitimate and contain
|
||||
sensitive customer or business information. For privacy and/or regulatory
|
||||
reasons, You may not want to use the <code class="docutils literal notranslate"><span class="pre">--save-forensic</span></code> flag included in
|
||||
the example service configuration <code class="docutils literal notranslate"><span class="pre">ExecStart</span></code> setting, which would save
|
||||
these samples to Elasticsearch.</p>
|
||||
</div>
|
||||
<p>Then, enable the service</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl daemon-reload
|
||||
sudo systemctl <span class="nb">enable</span> parsedmarc.service
|
||||
@@ -645,23 +653,21 @@ is using a particular service. With that information, you can contact them and
|
||||
have them set up DKIM.</p>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">If you have a lot of B2C customers, you may see a high volume of emails as
|
||||
<blockquote>
|
||||
<div>If you have a lot of B2C customers, you may see a high volume of emails as
|
||||
your domains coming from consumer email services, such as Google/Gmail and
|
||||
Yahoo! This occurs when customers have mailbox rules in place that forward
|
||||
emails from an old account to a new account, which is why DKIM
|
||||
authentication is so important, as mentioned earlier. Similar patterns may
|
||||
be observed with businesses who send from reverse DNS addressees of
|
||||
parent, subsidiary, and outdated brands.</p>
|
||||
parent, subsidiary, and outdated brands.</div></blockquote>
|
||||
<p class="last">Further down the dashboard, you can filter by source country or source IP
|
||||
address.</p>
|
||||
</div>
|
||||
<p>Any other filters work the same way. Further down the dashboard, you can filter
|
||||
by source country or source IP address. You can also add your own custom
|
||||
temporary filters by clicking on Add Filter at the upper right of the page.</p>
|
||||
</div>
|
||||
<div class="section" id="dmarc-failures">
|
||||
<h3>DMARC Failures<a class="headerlink" href="#dmarc-failures" title="Permalink to this headline">¶</a></h3>
|
||||
<p>The DMARC Failures dashboard contains data tables showing the details of
|
||||
misaligned SPF and DKIM results, which may be useful for identifying the
|
||||
specific application or service that is generating failing email messages.</p>
|
||||
<p>Tables showing SPF and DKIM alignment details are located under the IP address
|
||||
table.</p>
|
||||
<p>Any other filters work the same way. You can also add your own custom temporary
|
||||
filters by clicking on Add Filter at the upper right of the page.</p>
|
||||
</div>
|
||||
<div class="section" id="dmarc-forensic-samples">
|
||||
<h3>DMARC Forensic Samples<a class="headerlink" href="#dmarc-forensic-samples" title="Permalink to this headline">¶</a></h3>
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user