Note
+Note
In the event of a crash, systemd will restart the service after 5 minutes, but the service davmail status command will only show the logs for the current process. To vew the logs for previous runs as well as the current process (newest to oldest), run:
-journalctl -u davmail.service -r
+journalctl -u davmail.service -r
Elasticsearch and Kibana¶
Note
-Splunk is also supported starting with parsedmarc 4.3.0
Note
+Splunk is also supported starting with parsedmarc 4.3.0
To set up visual dashboards of DMARC data, install Elasticsearch and Kibana.
Note
-Elasticsearch and Kibana 6 or later are required
+Note
+Elasticsearch and Kibana 6 or later are required
On Debian/Ubuntu based systems, run:
sudo apt-get install -y apt-transport-https
@@ -955,7 +947,7 @@ sudo apt-get install -y default-jre-headless elasticsearch kibana
For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
Elasticsearch and Kibana.
-Warning
+Warning
The default JVM heap size for Elasticsearch is very small (1g), which will
cause it to crash under a heavy load. To fix this, increase the minimum and
maximum JVM heap sizes in /etc/elasticsearch/jvm.options to more
@@ -969,7 +961,7 @@ value.
-Xmx4g
See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +
See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html for more information.
sudo systemctl daemon-reload
@@ -1095,16 +1087,16 @@ Elasticsearch. if you are upgrading from a previous release of
parsedmarc, you need to complete the following steps to replace the
Kibana index patterns with versions that match the upgraded indexes:
-- Login in to Kibana, and click on Management
-- Under Kibana, click on Saved Objects
-- Check the checkboxes for the
dmarc_aggregate and dmarc_forensic
-index patterns
-- Click Delete
-- Click Delete on the conformation message
-- Download (right click the link and click save as)
-the latest version of kibana_saved_objects.json
-- Import
kibana_saved_objects.json by clicking Import from the Kibana
-Saved Objects page
+Login in to Kibana, and click on Management
Under Kibana, click on Saved Objects
Check the checkboxes for the dmarc_aggregate and dmarc_forensic
+index patterns
Click Delete
Click Delete on the conformation message
Download (right click the link and click save as)
+the latest version of kibana_saved_objects.json
Import kibana_saved_objects.json by clicking Import from the Kibana
+Saved Objects page
Copy and paste the contents of each file into a separate Splunk dashboard XML editor.
Warning
-Change all occurrences of index="email" in the XML to
+
Warning
+Change all occurrences of index="email" in the XML to
match your own index name.
The Splunk dashboards display the same content and layout as the Kibana @@ -1173,15 +1165,15 @@ sudo service parsedmarc restart
Note
-You must also run the above commands whenever you edit +
Note
+You must also run the above commands whenever you edit
parsedmarc.service.
Warning
+Warning
Always restart the service every time you upgrade to a new version of
parsedmarc:
sudo service parsedmarc restart
+sudo service parsedmarc restart
Note
+Note
In the event of a crash, systemd will restart the service after 10 minutes, but the service parsedmarc status command will only show the logs for the current process. To vew the logs for previous runs as well as the current process (newest to oldest), run:
-journalctl -u parsedmarc.service -r
+journalctl -u parsedmarc.service -r
The Kibana DMARC dashboards are a human-friendly way to understand the results from incoming DMARC reports.
Note
-The default dashboard is DMARC Summary. To switch between dashboards, +
Note
+The default dashboard is DMARC Summary. To switch between dashboards, click on the Dashboard link in the left side menu of Kibana.
Note
-Messages should not be considered malicious just because they failed to pass +
Note
+Messages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.
Note
-If you have a lot of B2C customers, you may see a high volume of emails as +
Note
+If you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM @@ -1259,8 +1251,8 @@ address.
Tables showing SPF and DKIM alignment details are located under the IP address table.
Note
-Previously, the alignment tables were included in a separate dashboard +
Note
+Previously, the alignment tables were included in a separate dashboard called DMARC Alignment Failures. That dashboard has been consolidated into the DMARC Summary dashboard. To view failures only, use the pie chart.
Note
-Most recipients do not send forensic/failure/ruf reports at all to avoid +
Note
+Most recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.
A message passes a DMARC check by passing DKIM or SPF, as long as the related indicators are also in alignment.
-| - | DKIM | -SPF | +|
| + | DKIM |
+SPF |
|
| Passing | -The signature in the + | ||
Passing |
+The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the -signature |
-The mail server’s IP +signature | +The mail server’s IP address is listed in the SPF record of the domain in the SMTP envelope’s mail from -header |
+header
| Alignment | -The signing domain + | ||
Alignment |
+The signing domain aligns with the domain in the -message’s from header |
-The domain in the +message’s from header | +The domain in the SMTP envelope’s mail from header aligns with the domain in the message’s from -header |
+header
What if a sender won’t support DKIM/DMARC?¶
-
-
- Some vendors don’t know about DMARC yet; ask about SPF and DKIM/email -authentication. -
- Check if they can send through your email relays instead of theirs. -
- Do they really need to spoof your domain? Why not use the display -name instead? -
- Worst case, have that vendor send email as a specific subdomain of +
Some vendors don’t know about DMARC yet; ask about SPF and DKIM/email +authentication.
+Check if they can send through your email relays instead of theirs.
+Do they really need to spoof your domain? Why not use the display +name instead?
+Worst case, have that vendor send email as a specific subdomain of your domain (e.g.
noreply@news.example.com), and then create separate SPF and DMARC records onnews.example.com, and set -p=nonein that DMARC record.
+
p=none in that DMARC record.
Warning
-Do not alter the p or sp values of the DMARC record on the
+
Warning
+Do not alter the p or sp values of the DMARC record on the
Top-Level Domain (TLD) – that would leave you vulnerable to spoofing of
your TLD and/or any subdomain.
Do
-
-
Retain headers from the original message
-
-Add RFC 2369 List-Unsubscribe headers to outgoing messages, instead of +
Retain headers from the original message
+Add RFC 2369 List-Unsubscribe headers to outgoing messages, instead of adding unsubscribe links to the body
-List-Unsubscribe: <https://list.example.com/unsubscribe-link> @@ -1372,7 +1363,7 @@ adding unsubscribe links to the body
Add RFC 2919 List-Id headers instead of modifying the subject
+Add RFC 2919 List-Id headers instead of modifying the subject
@@ -1384,10 +1375,10 @@ adding unsubscribe links to the body these headers.List-Id: Example Mailing List <list.example.com>
Do not
-
-
- Remove or modify any existing headers from the original message, including -From, Date, Subject, etc. -
- Add to or remove content from the message body, including traditional -disclaimers and unsubscribe footers +
Remove or modify any existing headers from the original message, including +From, Date, Subject, etc.
+Add to or remove content from the message body, including traditional +disclaimers and unsubscribe footers
In addition to complying with DMARC, this configuration ensures that Reply and Reply All actions work like they would with any email message. Reply @@ -1400,77 +1391,77 @@ to the mailing list post address, and not their email address.
Mailman 2¶
Navigate to General Settings, and configure the settings below
-+
- - -- + + Setting -Value +Setting
Value
subject_prefix -subject_prefix
from_is_list -No +from_is_list
No
first_strip_reply_to -No +first_strip_reply_to
No
reply_goes_to_list -Poster +reply_goes_to_list
Poster
include_rfc2369_headers -Yes +include_rfc2369_headers
Yes
include_list_post_header -Yes +include_list_post_header
Yes
include_sender_header -No +include_sender_header
No
Navigate to Non-digest options, and configure the settings below
-+
- - -- + + Setting -Value +Setting
Value
msg_header -msg_header
msg_footer -msg_footer
scrub_nondigest -No +scrub_nondigest
No
Navigate to Privacy Options> Sending Filters, and configure the settings below
-+
@@ -1481,51 +1472,51 @@ to the mailing list post address, and not their email address.- - -- + + Setting -Value +Setting
Value
dmarc_moderation_action -Accept +dmarc_moderation_action
Accept
dmarc_quarentine_moderation_action -Yes +dmarc_quarentine_moderation_action
Yes
dmarc_none_moderation_action -Yes +dmarc_none_moderation_action
Yes
Make Subject prefix blank.
Navigate to Settings> Alter Messages
Configure the settings below
-+
- - -- + + Setting -Value +Setting
Value
Convert html to plaintext -No +Convert html to plaintext
No
Include RFC2369 headers -Yes +Include RFC2369 headers
Yes
Include the list post header -Yes +Include the list post header
Yes
Explicit reply-to address -Explicit reply-to address
First strip replyo -No +First strip replyo
No
Reply goes to list -No munging +Reply goes to list
No munging
Navigate to Settings> DMARC Mitigation
Configure the settings below
-+
@@ -1551,28 +1542,28 @@ no longer spoof email addresses with domains protected by DMARC.- - -- + + Setting -Value +Setting
Value
DMARC mitigation action -No DMARC mitigations +DMARC mitigation action
No DMARC mitigations
DMARC mitigate unconditionally -No +DMARC mitigate unconditionally
No
Mailman 2¶
Navigate to Privacy Options> Sending Filters, and configure the settings below
-+
- - -- + + Setting -Value +Setting
Value
dmarc_moderation_action -Munge From +dmarc_moderation_action
Munge From
dmarc_quarentine_moderation_action -Yes +dmarc_quarentine_moderation_action
Yes
dmarc_none_moderation_action -Yes +dmarc_none_moderation_action
Yes
-Note
+Note
Message wrapping could be used as the DMARC mitigation action instead. In that case, the original message is added as an attachment to the mailing list message, but that could interfere with inbox searching, or mobile @@ -1580,36 +1571,36 @@ clients.
On the other hand, replacing the From address might cause users to accidentally reply to the entire list, when they only intended to reply to the original sender.
-Choose the option that best fits your community.
+Choose the option that best fits your community.
Mailman 3¶
In the DMARC Mitigations tab of the Settings page, configure the settings below
-+
- - -- + + Setting -Value +Setting
Value
DMARC mitigation action -Replace From: with list address +DMARC mitigation action
Replace From: with list address
DMARC mitigate unconditionally -No +DMARC mitigate unconditionally
No
-@@ -1665,28 +1656,24 @@ that enforce with a DMARC quarantine or reject policy.Note
+Note
Message wrapping could be used as the DMARC mitigation action instead. In that case, the original message is added as an attachment to the mailing list message, but that could interfere with inbox searching, or mobile clients.
-On the other hand, replacing the From address might cause users to +
On the other hand, replacing the From address might cause users to accidentally reply to the entire list, when they only intended to reply to the original sender.
parsedmarc.email_results(results, host, mail_from, mail_to, port=0, ssl=False, user=None, password=None, subject=None, attachment_filename=None, message=None, ssl_context=None)[source]¶Emails parsing results as a zip file
--
+- - - Parameters: -
-
- results (OrderedDict) – Parsing results -
- host – Mail server hostname or IP address -
- mail_from – The value of the message from header -
- mail_to – A list of addresses to mail to -
- port (int) – Port to use -
- ssl (bool) – Require a SSL connection from the start -
- user – An optional username -
- password – An optional password -
- subject – Overrides the default message subject -
- attachment_filename – Override the default attachment filename -
- message – Override the default plain text body -
- ssl_context – SSL context options +
- Parameters +
-
+
results (OrderedDict) – Parsing results
+host – Mail server hostname or IP address
+mail_from – The value of the message from header
+mail_to – A list of addresses to mail to
+port (int) – Port to use
+ssl (bool) – Require a SSL connection from the start
+user – An optional username
+password – An optional password
+subject – Overrides the default message subject
+attachment_filename – Override the default attachment filename
+message – Override the default plain text body
+ssl_context – SSL context options
-
+
-
@@ -1694,72 +1681,64 @@ that enforce with a DMARC quarantine or reject policy.
Extracts xml from a zip or gzip file at the given path, file-like object, or bytes.
--
+- - - Parameters: input – A path to a file, a file like object, or bytes -Returns: The extracted XML -Return type: str --
+
- Parameters +
input – A path to a file, a file like object, or bytes
+
+- Returns +
The extracted XML
+
+- Return type +
str
+
+
parsedmarc.extract_xml(input_)[source]¶-
parsedmarc.get_dmarc_reports_from_inbox(host=None, user=None, password=None, connection=None, port=None, ssl=True, ssl_context=None, move_supported=None, reports_folder='INBOX', archive_folder='Archive', delete=False, test=False, nameservers=None, dns_timeout=6.0, strip_attachment_payloads=False, results=None)[source]¶ Fetches and parses DMARC reports from sn inbox
--
+- - - Parameters: -
-
- host – The mail server hostname or IP address -
- user – The mail server user -
- password – The mail server password -
- connection – An IMAPCLient connection to reuse -
- port – The mail server port -
- ssl (bool) – Use SSL/TLS -
- ssl_context (SSLContext) – A SSL context -
- move_supported – Indicate if the IMAP server supports the MOVE command -
- if None) ((autodetect) – -
- reports_folder – The IMAP folder where reports can be found -
- archive_folder – The folder to move processed mail to -
- delete (bool) – Delete messages after processing them -
- test (bool) – Do not move or delete messages after processing them -
- nameservers (list) – A list of DNS nameservers to query -
- dns_timeout (float) – Set the DNS query timeout -
- strip_attachment_payloads (bool) – Remove attachment payloads from -
- report results (forensic) – -
- results (dict) – Results from the previous run +
- Parameters +
-
+
host – The mail server hostname or IP address
+user – The mail server user
+password – The mail server password
+connection – An IMAPCLient connection to reuse
+port – The mail server port
+ssl (bool) – Use SSL/TLS
+ssl_context (SSLContext) – A SSL context
+move_supported – Indicate if the IMAP server supports the MOVE command
+if None) ((autodetect) –
+reports_folder – The IMAP folder where reports can be found
+archive_folder – The folder to move processed mail to
+delete (bool) – Delete messages after processing them
+test (bool) – Do not move or delete messages after processing them
+nameservers (list) – A list of DNS nameservers to query
+dns_timeout (float) – Set the DNS query timeout
+strip_attachment_payloads (bool) – Remove attachment payloads from
+report results (forensic) –
+results (dict) – Results from the previous run
-
+
Returns: Lists of
-aggregate_reportsandforensic_reportsReturn type: OrderedDict
-
+- Returns +
Lists of
+aggregate_reportsandforensic_reports
+- Return type +
OrderedDict
+
+
-
parsedmarc.get_imap_capabilities(server)[source]¶ Returns a list of an IMAP server’s capabilities
--
+- - - Parameters: server (imapclient.IMAPClient) – An instance of imapclient.IMAPClient --
+
- Parameters +
server (imapclient.IMAPClient) – An instance of imapclient.IMAPClient
+
+
Returns (list): A list of capabilities
parsedmarc.get_report_zip(results)[source]¶Creates a zip file of parsed report output
--
+- - - Parameters: results (OrderedDict) – The parsed results -Returns: zip file bytes -Return type: bytes --
+
- Parameters +
results (OrderedDict) – The parsed results
+
+- Returns +
zip file bytes
+
+- Return type +
bytes
+
+
-
@@ -1786,117 +1764,101 @@ or bytes.
Parses a file at the given path, a file-like object. or bytes as a aggregate DMARC report
--
+- - - Parameters: -
-
- _input – A path to a file, a file like object, or bytes -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- dns_timeout (float) – Sets the DNS timeout in seconds -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
_input – A path to a file, a file like object, or bytes
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+dns_timeout (float) – Sets the DNS timeout in seconds
+parallel (bool) – Parallel processing
-
+
Returns: The parsed DMARC aggregate report
-Return type: OrderedDict
-
+- Returns +
The parsed DMARC aggregate report
+
+- Return type +
OrderedDict
+
+
parsedmarc.parse_aggregate_report_file(_input, nameservers=None, dns_timeout=2.0, parallel=False)[source]¶-
parsedmarc.parse_aggregate_report_xml(xml, nameservers=None, timeout=2.0, parallel=False)[source]¶ Parses a DMARC XML report string and returns a consistent OrderedDict
--
+- - - Parameters: -
-
- xml (str) – A string of DMARC aggregate report XML -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- timeout (float) – Sets the DNS timeout in seconds -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
xml (str) – A string of DMARC aggregate report XML
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+timeout (float) – Sets the DNS timeout in seconds
+parallel (bool) – Parallel processing
-
+
Returns: The parsed aggregate DMARC report
-Return type: OrderedDict
-
+- Returns +
The parsed aggregate DMARC report
+
+- Return type +
OrderedDict
+
+
-
parsedmarc.parse_forensic_report(feedback_report, sample, msg_date, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, parallel=False)[source]¶ Converts a DMARC forensic report and sample to a
-OrderedDict-
+- - - Parameters: -
-
- feedback_report (str) – A message’s feedback report as a string -
- sample (str) – The RFC 822 headers or RFC 822 message sample -
- msg_date (str) – The message’s date header -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- dns_timeout (float) – Sets the DNS timeout in seconds -
- strip_attachment_payloads (bool) – Remove attachment payloads from -
- report results (forensic) – -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
feedback_report (str) – A message’s feedback report as a string
+sample (str) – The RFC 822 headers or RFC 822 message sample
+msg_date (str) – The message’s date header
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+dns_timeout (float) – Sets the DNS timeout in seconds
+strip_attachment_payloads (bool) – Remove attachment payloads from
+report results (forensic) –
+parallel (bool) – Parallel processing
-
+
Returns: A parsed report and sample
-Return type: OrderedDict
-
+- Returns +
A parsed report and sample
+
+- Return type +
OrderedDict
+
+
-
parsedmarc.parse_report_email(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, parallel=False)[source]¶ Parses a DMARC report from an email
--
+- - - Parameters: -
-
- input – An emailed DMARC report in RFC 822 format, as bytes or a string -
- nameservers (list) – A list of one or more nameservers to use -
- dns_timeout (float) – Sets the DNS timeout in seconds -
- strip_attachment_payloads (bool) – Remove attachment payloads from -
- report results (forensic) – -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
input – An emailed DMARC report in RFC 822 format, as bytes or a string
+nameservers (list) – A list of one or more nameservers to use
+dns_timeout (float) – Sets the DNS timeout in seconds
+strip_attachment_payloads (bool) – Remove attachment payloads from
+report results (forensic) –
+parallel (bool) – Parallel processing
-
+
Returns: -
-
report_type:aggregateorforensic
-report: The parsed report
+
+- Returns +
-
+
report_type:aggregateorforensic
+report: The parsed report
Return type: OrderedDict
-
+- Return type +
OrderedDict
+
+
-
@@ -1904,29 +1866,25 @@ aggregate DMARC report
Parses a DMARC aggregate or forensic file at the given path, a file-like object. or bytes
--
+- - - Parameters: -
-
- input – A path to a file, a file like object, or bytes -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- dns_timeout (float) – Sets the DNS timeout in seconds -
- strip_attachment_payloads (bool) – Remove attachment payloads from -
- report results (forensic) – -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
input – A path to a file, a file like object, or bytes
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+dns_timeout (float) – Sets the DNS timeout in seconds
+strip_attachment_payloads (bool) – Remove attachment payloads from
+report results (forensic) –
+parallel (bool) – Parallel processing
-
+
Returns: The parsed DMARC report
-Return type: OrderedDict
-
+- Returns +
The parsed DMARC report
+
+- Return type +
OrderedDict
+
+
parsedmarc.parse_report_file(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, parallel=False)[source]¶-
@@ -1934,18 +1892,17 @@ file-like object. or bytes
Converts one or more parsed aggregate reports to flat CSV format, including headers
--
+- - - Parameters: reports – A parsed aggregate report or list of parsed aggregate reports -Returns: Parsed aggregate report data in flat CSV format, including headers -Return type: str --
+
- Parameters +
reports – A parsed aggregate report or list of parsed aggregate reports
+
+- Returns +
Parsed aggregate report data in flat CSV format, including headers
+
+- Return type +
str
+
+
parsedmarc.parsed_aggregate_reports_to_csv(reports)[source]¶-
@@ -1953,36 +1910,31 @@ headers
Converts one or more parsed forensic reports to flat CSV format, including headers
--
+- - - Parameters: reports – A parsed forensic report or list of parsed forensic reports -Returns: Parsed forensic report data in flat CSV format, including headers -Return type: str --
+
- Parameters +
reports – A parsed forensic report or list of parsed forensic reports
+
+- Returns +
Parsed forensic report data in flat CSV format, including headers
+
+- Return type +
str
+
+
parsedmarc.parsed_forensic_reports_to_csv(reports)[source]¶-
parsedmarc.save_output(results, output_directory='output')[source]¶ Save report data in the given directory
--
+- - - Parameters: -
-
- results (OrderedDict) – Parsing results -
- output_directory – The patch to the directory to save in +
- Parameters +
-
+
results (OrderedDict) – Parsing results
+output_directory – The patch to the directory to save in
-
+
+
-
@@ -1990,33 +1942,29 @@ headers
Use an IDLE IMAP connection to parse incoming emails, and pass the results to a callback function
--
+- - - Parameters: -
-
- host – The mail server hostname or IP address -
- username – The mail server username -
- password – The mail server password -
- callback – The callback function to receive the parsing results -
- port – The mail server port -
- ssl (bool) – Use SSL/TLS -
- ssl_context (SSLContext) – A SSL context -
- reports_folder – The IMAP folder where reports can be found -
- archive_folder – The folder to move processed mail to -
- delete (bool) – Delete messages after processing them -
- test (bool) – Do not move or delete messages after processing them -
- wait (int) – Number of seconds to wait for a IMAP IDLE response -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- dns_timeout (float) – Set the DNS query timeout -
- strip_attachment_payloads (bool) – Replace attachment payloads in -
- report samples with None (forensic) – +
- Parameters +
-
+
host – The mail server hostname or IP address
+username – The mail server username
+password – The mail server password
+callback – The callback function to receive the parsing results
+port – The mail server port
+ssl (bool) – Use SSL/TLS
+ssl_context (SSLContext) – A SSL context
+reports_folder – The IMAP folder where reports can be found
+archive_folder – The folder to move processed mail to
+delete (bool) – Delete messages after processing them
+test (bool) – Do not move or delete messages after processing them
+wait (int) – Number of seconds to wait for a IMAP IDLE response
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+dns_timeout (float) – Set the DNS query timeout
+strip_attachment_payloads (bool) – Replace attachment payloads in
+report samples with None (forensic) –
-
+
+
parsedmarc.watch_inbox(host, username, password, callback, port=None, ssl=True, ssl_context=None, reports_folder='INBOX', archive_folder='Archive', delete=False, test=False, wait=30, nameservers=None, dns_timeout=6.0, strip_attachment_payloads=False)[source]¶@@ -2037,100 +1985,80 @@ to a callback functionparsedmarc.elastic.create_indexes(names, settings=None)[source]¶Create Elasticsearch indexes
--
+- - - Parameters: -
-
- names (list) – A list of index names -
- settings (dict) – Index settings +
- Parameters +
-
+
names (list) – A list of index names
+settings (dict) – Index settings
-
+
-
parsedmarc.elastic.migrate_indexes(aggregate_indexes=None, forensic_indexes=None)[source]¶ Updates index mappings
--
+- - - Parameters: -
-
- aggregate_indexes (list) – A list of aggregate index names -
- forensic_indexes (list) – A list of forensic index names +
- Parameters +
-
+
aggregate_indexes (list) – A list of aggregate index names
+forensic_indexes (list) – A list of forensic index names
-
+
+
-
parsedmarc.elastic.save_aggregate_report_to_elasticsearch(aggregate_report, index_suffix=None, monthly_indexes=False)[source]¶ Saves a parsed DMARC aggregate report to ElasticSearch
--
+- - - Parameters: -
-
- aggregate_report (OrderedDict) – A parsed forensic report -
- index_suffix (str) – The suffix of the name of the index to save to -
- monthly_indexes (bool) – Use monthly indexes instead of daily indexes +
- Parameters +
-
+
aggregate_report (OrderedDict) – A parsed forensic report
+index_suffix (str) – The suffix of the name of the index to save to
+monthly_indexes (bool) – Use monthly indexes instead of daily indexes
-
+
Raises: - -
+- Raises +
- + +
-
parsedmarc.elastic.save_forensic_report_to_elasticsearch(forensic_report, index_suffix=None, monthly_indexes=False)[source]¶ Saves a parsed DMARC forensic report to ElasticSearch
--
+- - - Parameters: -
-
- forensic_report (OrderedDict) – A parsed forensic report -
- index_suffix (str) – The suffix of the name of the index to save to -
- monthly_indexes (bool) – Use monthly indexes instead of daily -indexes +
- Parameters +
-
+
forensic_report (OrderedDict) – A parsed forensic report
+index_suffix (str) – The suffix of the name of the index to save to
+monthly_indexes (bool) – Use monthly indexes instead of daily +indexes
-
+
Raises: - -
+- Raises +
- + +
-
parsedmarc.elastic.set_hosts(hosts, use_ssl=False, ssl_cert_path=None)[source]¶ Sets the Elasticsearch hosts to use
--
+- - - Parameters: -
-
- hosts (str) – A single hostname or URL, or list of hostnames or URLs -
- use_ssl (bool) – Use a HTTPS connection to the server -
- ssl_cert_path (str) – Path to the certificate chain +
- Parameters +
-
+
hosts (str) – A single hostname or URL, or list of hostnames or URLs
+use_ssl (bool) – Use a HTTPS connection to the server
+ssl_cert_path (str) – Path to the certificate chain
-
+
+
@@ -2148,36 +2076,28 @@ indexessave_aggregate_reports_to_splunk(aggregate_reports)[source]¶Saves aggregate DMARC reports to Splunk
--
+- - - Parameters: -
-
- aggregate_reports – A list of aggregate report dictionaries -
- save in Splunk (to) – +
- Parameters +
-
+
aggregate_reports – A list of aggregate report dictionaries
+save in Splunk (to) –
-
+
-
save_forensic_reports_to_splunk(forensic_reports)[source]¶ Saves forensic DMARC reports to Splunk
--
+- - - Parameters: -
-
- forensic_reports (list) – A list of forensic report dictionaries -
- save in Splunk (to) – +
- Parameters +
-
+
forensic_reports (list) – A list of forensic report dictionaries
+save in Splunk (to) –
-
+
+
parsedmarc.utils.convert_outlook_msg(msg_bytes)[source]¶Uses the
-msgconvertPerl utility to convert an Outlook MS file to standard RFC 822 format-
+- - - Parameters: msg_bytes (bytes) – the content of the .msg file -Returns: A RFC 822 string --
+
- Parameters +
msg_bytes (bytes) – the content of the .msg file
+
+- Returns +
A RFC 822 string
+
+
-
parsedmarc.utils.decode_base64(data)[source]¶ Decodes a base64 string, with padding being optional
--
+- - - Parameters: data – A base64 encoded string -Returns: The decoded bytes -Return type: bytes --
+
- Parameters +
data – A base64 encoded string
+
+- Returns +
The decoded bytes
+
+- Return type +
bytes
+
+
-
@@ -2240,28 +2157,24 @@ standard RFC 822 format
Gets the base domain name for the given domain
--Note
-Results are based on a list of public domain suffixes at +
Note
+Results are based on a list of public domain suffixes at https://publicsuffix.org/list/public_suffix_list.dat.
-
+- - - Parameters: -
-
- domain (str) – A domain or subdomain -
- use_fresh_psl (bool) – Download a fresh Public Suffix List +
- Parameters +
-
+
domain (str) – A domain or subdomain
+use_fresh_psl (bool) – Download a fresh Public Suffix List
-
+
Returns: The base domain of the given domain
-Return type: str
-
+- Returns +
The base domain of the given domain
+
+- Return type +
str
+
+
parsedmarc.utils.get_base_domain(domain, use_fresh_psl=False)[source]¶-
@@ -2270,16 +2183,14 @@ standard RFC 822 format
Converts a string to a string that is safe for a filename :param string: A string to make safe for a filename :type string: str
--
+- - - Returns: A string safe for a filename -Return type: str --
+
- Returns +
A string safe for a filename
+
+- Return type +
str
+
+
-
@@ -2287,157 +2198,135 @@ standard RFC 822 format
Uses the MaxMind Geolite2 Country database to return the ISO code for the country associated with the given IPv4 or IPv6 address
--
+- - - Parameters: -
-
- ip_address (str) – The IP address to query for -
- parallel (bool) – Parallel processing +
- Parameters +
-
+
ip_address (str) – The IP address to query for
+parallel (bool) – Parallel processing
-
+
Returns: And ISO country code associated with the given IP address
-Return type: str
-
+- Returns +
And ISO country code associated with the given IP address
+
+- Return type +
str
+
+
parsedmarc.utils.get_ip_address_country(ip_address, parallel=False)[source]¶-
parsedmarc.utils.get_ip_address_info(ip_address, cache=None, nameservers=None, timeout=2.0, parallel=False)[source]¶ Returns reverse DNS and country information for the given IP address
--
+- - - Parameters: -
-
- ip_address (str) – The IP address to check -
- cache (ExpiringDict) – Cache storage -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- timeout (float) – Sets the DNS timeout in seconds -
- parallel (bool) – parallel processing +
- Parameters +
-
+
ip_address (str) – The IP address to check
+cache (ExpiringDict) – Cache storage
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+timeout (float) – Sets the DNS timeout in seconds
+parallel (bool) – parallel processing
-
+
Returns:
-ip_address,reverse_dnsReturn type: OrderedDict
-
+- Returns +
+ip_address,reverse_dns
+- Return type +
OrderedDict
+
+
-
parsedmarc.utils.get_reverse_dns(ip_address, cache=None, nameservers=None, timeout=2.0)[source]¶ Resolves an IP address to a hostname using a reverse DNS query
--
+- - - Parameters: -
-
- ip_address (str) – The IP address to resolve -
- cache (ExpiringDict) – Cache storage -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- timeout (float) – Sets the DNS query timeout in seconds +
- Parameters +
-
+
ip_address (str) – The IP address to resolve
+cache (ExpiringDict) – Cache storage
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+timeout (float) – Sets the DNS query timeout in seconds
-
+
Returns: The reverse DNS hostname (if any)
-Return type: str
-
+- Returns +
The reverse DNS hostname (if any)
+
+- Return type +
str
+
+
-
parsedmarc.utils.human_timestamp_to_datetime(human_timestamp, to_utc=False)[source]¶ Converts a human-readable timestamp into a Python
-DateTimeobject-
+- - - Parameters: -
-
- human_timestamp (str) – A timestamp string -
- to_utc (bool) – Convert the timestamp to UTC +
- Parameters +
-
+
human_timestamp (str) – A timestamp string
+to_utc (bool) – Convert the timestamp to UTC
-
+
Returns: The converted timestamp
-Return type: DateTime
-
+- Returns +
The converted timestamp
+
+- Return type +
DateTime
+
+
-
parsedmarc.utils.human_timestamp_to_timestamp(human_timestamp)[source]¶ Converts a human-readable timestamp into a into a UNIX timestamp
--
+- - - Parameters: human_timestamp (str) – A timestamp in YYYY-MM-DD HH:MM:SS` format -Returns: The converted timestamp -Return type: float --
+
- Parameters +
human_timestamp (str) – A timestamp in YYYY-MM-DD HH:MM:SS` format
+
+- Returns +
The converted timestamp
+
+- Return type +
float
+
+
-
parsedmarc.utils.is_outlook_msg(content)[source]¶ Checks if the given content is a Outlook msg OLE file
--
+- - - Parameters: content – Content to check -Returns: A flag the indicates if a file is a Outlook MSG file -Return type: bool --
+
- Parameters +
content – Content to check
+
+- Returns +
A flag the indicates if a file is a Outlook MSG file
+
+- Return type +
bool
+
+
-
parsedmarc.utils.parse_email(data, strip_attachment_payloads=False)[source]¶ A simplified email parser
--
+- - - Parameters: -
-
- data – The RFC 822 message string, or MSG binary -
- strip_attachment_payloads (bool) – Remove attachment payloads +
- Parameters +
-
+
data – The RFC 822 message string, or MSG binary
+strip_attachment_payloads (bool) – Remove attachment payloads
-
+
+
Returns (dict): Parsed email data
@@ -2445,64 +2334,58 @@ country associated with the given IPv4 or IPv6 addressparsedmarc.utils.query_dns(domain, record_type, cache=None, nameservers=None, timeout=2.0)[source]¶Queries DNS
--
+- - - Parameters: -
-
- domain (str) – The domain or subdomain to query about -
- record_type (str) – The record type to query for -
- cache (ExpiringDict) – Cache storage -
- nameservers (list) – A list of one or more nameservers to use -
- public DNS resolvers by default) ((Cloudflare's) – -
- timeout (float) – Sets the DNS timeout in seconds +
- Parameters +
-
+
domain (str) – The domain or subdomain to query about
+record_type (str) – The record type to query for
+cache (ExpiringDict) – Cache storage
+nameservers (list) – A list of one or more nameservers to use
+public DNS resolvers by default) ((Cloudflare's) –
+timeout (float) – Sets the DNS timeout in seconds
-
+
Returns: A list of answers
-Return type: list
-- Returns
+A list of answers
+- Return type
+list
+-
parsedmarc.utils.timestamp_to_datetime(timestamp)[source]¶ Converts a UNIX/DMARC timestamp to a Python
-DateTimeobject-
+- - - Parameters: timestamp (int) – The timestamp -Returns: The converted timestamp as a Python -DateTimeobjectReturn type: DateTime --
+
- Parameters +
timestamp (int) – The timestamp
+
+- Returns +
The converted timestamp as a Python
+DateTimeobject
+- Return type +
DateTime
+
+
-
parsedmarc.utils.timestamp_to_human(timestamp)[source]¶ Converts a UNIX/DMARC timestamp to a human-readable string
--
+- - - Parameters: timestamp – The timestamp -Returns: The converted timestamp in -YYYY-MM-DD HH:MM:SSformatReturn type: str --
+
- Parameters +
timestamp – The timestamp
+
+- Returns +
The converted timestamp in
+YYYY-MM-DD HH:MM:SSformat
+- Return type +
str
+
+
@@ -2512,9 +2395,9 @@ country associated with the given IPv4 or IPv6 addressdiff --git a/objects.inv b/objects.inv index 673c2b6..49e1ef6 100644 Binary files a/objects.inv and b/objects.inv differ diff --git a/py-modindex.html b/py-modindex.html index bcfe694..7751af2 100644 --- a/py-modindex.html +++ b/py-modindex.html @@ -8,7 +8,7 @@ -Indices and tables¶
Python Module Index — parsedmarc 6.2.2 documentation +Python Module Index — parsedmarc 6.3.0 documentation @@ -61,7 +61,7 @@- 6.2.2 + 6.3.0@@ -162,17 +162,23 @@parsedmarc+ + ++ + parsedmarc+ parsedmarc.elastic+ parsedmarc.splunk+ parsedmarc.utilsdiff --git a/search.html b/search.html index 7a9f775..99474ec 100644 --- a/search.html +++ b/search.html @@ -8,7 +8,7 @@ - Search — parsedmarc 6.2.2 documentation +Search — parsedmarc 6.3.0 documentation @@ -59,7 +59,7 @@- 6.2.2 + 6.3.0diff --git a/searchindex.js b/searchindex.js index cd36a25..4e34c7d 100644 --- a/searchindex.js +++ b/searchindex.js @@ -1 +1 @@ -Search.setIndex({docnames:["index"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.cpp":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,"sphinx.ext.todo":1,"sphinx.ext.viewcode":1,sphinx:55},filenames:["index.rst"],objects:{"":{parsedmarc:[0,0,0,"-"]},"parsedmarc.elastic":{AlreadySaved:[0,1,1,""],ElasticsearchError:[0,1,1,""],create_indexes:[0,2,1,""],migrate_indexes:[0,2,1,""],save_aggregate_report_to_elasticsearch:[0,2,1,""],save_forensic_report_to_elasticsearch:[0,2,1,""],set_hosts:[0,2,1,""]},"parsedmarc.splunk":{HECClient:[0,3,1,""],SplunkError:[0,1,1,""]},"parsedmarc.splunk.HECClient":{save_aggregate_reports_to_splunk:[0,4,1,""],save_forensic_reports_to_splunk:[0,4,1,""]},"parsedmarc.utils":{EmailParserError:[0,1,1,""],convert_outlook_msg:[0,2,1,""],decode_base64:[0,2,1,""],get_base_domain:[0,2,1,""],get_filename_safe_string:[0,2,1,""],get_ip_address_country:[0,2,1,""],get_ip_address_info:[0,2,1,""],get_reverse_dns:[0,2,1,""],human_timestamp_to_datetime:[0,2,1,""],human_timestamp_to_timestamp:[0,2,1,""],is_outlook_msg:[0,2,1,""],parse_email:[0,2,1,""],query_dns:[0,2,1,""],timestamp_to_datetime:[0,2,1,""],timestamp_to_human:[0,2,1,""]},parsedmarc:{IMAPError:[0,1,1,""],InvalidAggregateReport:[0,1,1,""],InvalidDMARCReport:[0,1,1,""],InvalidForensicReport:[0,1,1,""],ParserError:[0,1,1,""],SMTPError:[0,1,1,""],elastic:[0,0,0,"-"],email_results:[0,2,1,""],extract_xml:[0,2,1,""],get_dmarc_reports_from_inbox:[0,2,1,""],get_imap_capabilities:[0,2,1,""],get_report_zip:[0,2,1,""],parse_aggregate_report_file:[0,2,1,""],parse_aggregate_report_xml:[0,2,1,""],parse_forensic_report:[0,2,1,""],parse_report_email:[0,2,1,""],parse_report_file:[0,2,1,""],parsed_aggregate_reports_to_csv:[0,2,1,""],parsed_forensic_reports_to_csv:[0,2,1,""],save_output:[0,2,1,""],splunk:[0,0,0,"-"],utils:[0,0,0,"-"],watch_inbox:[0,2,1,""]}},objnames:{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},objtypes:{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},terms:{"2017a":0,"50m":0,"\u00fcbersicht":0,"break":0,"byte":0,"case":0,"class":0,"default":0,"float":0,"function":0,"import":0,"int":0,"long":0,"new":0,"null":0,"public":0,"return":0,"switch":0,"true":0,"var":0,"while":0,And:0,DNS:0,For:0,OLE:0,TLS:0,That:0,The:0,Then:0,These:0,Use:0,Uses:0,With:0,Yes:0,_input:0,abl:0,abov:0,accept:0,access_token:0,accident:0,account:0,acm:0,across:0,action:0,actual:0,add:0,add_head:0,added:0,adding:0,addit:0,address:0,addresse:0,adkim:0,admin:0,administr:0,adsl:0,aes128:0,aes256:0,after:0,against:0,agari:0,age:0,aggregate_index:0,aggregate_report:0,aggregate_top:0,all:0,allow:0,allowremot:0,alreadysav:0,also:0,alter:0,altern:0,although:0,alwai:0,ani:0,anonym:0,anoth:0,answer:0,apach:0,apache2:0,appear:0,appendix:0,appli:0,approach:0,approxim:0,apt:0,archiv:0,archive_fold:0,argument:0,arriv:0,arrival_d:0,arrival_date_utc:0,artifact:0,ask:0,asmx:0,aspf:0,assign:0,associ:0,attach:0,attachment_filenam:0,auth:0,auth_bas:0,auth_basic_user_fil:0,auth_failur:0,auth_result:0,authent:0,authentication_mechan:0,authentication_result:0,auto:0,autodetect:0,avail:0,avoid:0,b2c:0,base64:0,base:0,base_domain:0,basic:0,bcc:0,bd6e1bb5:0,becaus:0,been:0,begin_d:0,behind:0,being:0,bellsouth:0,below:0,between:0,bin:0,binari:0,bind:0,bindaddress:0,bitbucket:0,blank:0,block:0,bodi:0,bool:0,brand:0,busi:0,button:0,bz2:0,cach:0,call:0,callback:0,came:0,can:0,capabl:0,caus:0,center:0,cento:0,cert:0,cert_path:0,certif:0,cest:0,chacha20:0,chain:0,chang:0,charact:0,charset:0,chart:0,check:0,checkbox:0,checkdmarc:0,chines:0,chmod:0,choos:0,chown:0,chunk_siz:0,cisco:0,click:0,client:0,clientsotimeout:0,cloudflar:0,code:0,collect:0,collector:0,com:0,come:0,comma:0,command:0,comment:0,commerci:0,common:0,commun:0,complet:0,compli:0,compliant:0,compress:0,config:0,config_fil:0,conform:0,connect:0,consid:0,consist:0,consolid:0,consum:0,contact:0,contain:0,content:0,context:0,control:0,convert:0,convert_outlook_msg:0,copi:0,core:0,correctli:0,could:0,count:0,countri:0,crash:0,creat:0,create_index:0,credenti:0,crt:0,csr:0,cumul:0,current:0,custom:0,daemon:0,dai:0,daili:0,dat:0,data:0,databas:0,date:0,date_utc:0,datetim:0,deb:0,debian:0,debug:0,decod:0,decode_base64:0,defens:0,delai:0,delet:0,delivery_result:0,demystifi:0,deploi:0,describ:0,descript:0,detail:0,develop:0,dict:0,dictionari:0,differ:0,digest:0,directli:0,directori:0,dis:0,disabl:0,disclaim:0,displai:0,display_nam:0,disposit:0,dkim_align:0,dkim_domain:0,dkim_result:0,dkim_selector:0,dkm:0,dmarc_aggreg:0,dmarc_forens:0,dmarc_moderation_act:0,dmarc_none_moderation_act:0,dmarc_quarentine_moderation_act:0,dmarcian:0,dmarcresport:0,dns_timeout:0,doctyp:0,doe:0,domainawar:0,don:0,down:0,download:0,draft:0,dtd:0,dure:0,each:0,earlier:0,easi:0,easier:0,easy_instal:0,ecdh:0,ecdsa:0,echo:0,edit:0,editor:0,effici:0,elasticsearcherror:0,els:0,email:0,email_result:0,emailparsererror:0,empti:0,enabl:0,enableew:0,enablekeepal:0,enableproxi:0,encod:0,encount:0,encrypt:0,end:0,end_dat:0,enforc:0,ensur:0,entir:0,envelop:0,envelope_from:0,envelope_to:0,environ:0,error:0,especi:0,etc:0,even:0,event:0,everi:0,exactli:0,exampl:0,exampleus:0,except:0,exchang:0,exclud:0,execstart:0,exist:0,exit:0,expiringdict:0,explain:0,explicit:0,extract:0,extract_xml:0,eyes:0,factor:0,fail:0,failur:0,fals:0,fantast:0,faster:0,feedback:0,feedback_report:0,feedback_typ:0,fetch:0,few:0,field:0,file_path:0,filenam:0,filename_safe_subject:0,fill:0,filter:0,financ:0,find:0,fine:0,first:0,first_strip_reply_to:0,fit:0,fix:0,flag:0,flat:0,flexibl:0,folder:0,foldersizelimit:0,follow:0,footer:0,fore:0,forensic_index:0,forensic_report:0,forensic_top:0,format:0,forward:0,found:0,foundat:0,fqdn:0,frame:0,fraud:0,free:0,fresh:0,friendli:0,from:0,from_is_list:0,ftp_proxi:0,full:0,fulli:0,further:0,gatewai:0,gcm:0,gdpr:0,gener:0,geoip:0,geoipupd:0,geolite2:0,get:0,get_base_domain:0,get_dmarc_reports_from_inbox:0,get_filename_safe_str:0,get_imap_cap:0,get_ip_address_countri:0,get_ip_address_info:0,get_report_zip:0,get_reverse_dn:0,git:0,github:0,give:0,given:0,glass:0,global:0,gmail:0,goe:0,googl:0,gpg:0,graph:0,group:0,gzip:0,hand:0,handl:0,has:0,has_defect:0,have:0,head:0,header:0,header_from:0,headless:0,healthcar:0,heap:0,heavi:0,hec:0,hecclient:0,hectokengoesher:0,here:0,high:0,higher:0,highli:0,his:0,hop:0,host:0,hostnam:0,hover:0,href:0,html:0,htpasswd:0,http2:0,http:0,http_proxi:0,httpasswd:0,httpd:0,https_proxi:0,human:0,human_timestamp:0,human_timestamp_to_datetim:0,human_timestamp_to_timestamp:0,icon:0,ideal:0,ident:0,identifi:0,idl:0,imap:0,imapalwaysapproxmsgs:0,imapautoexpung:0,imapcli:0,imaperror:0,imapidledelai:0,imapport:0,immedi:0,impli:0,improv:0,includ:0,include_list_post_head:0,include_rfc2369_head:0,include_sender_head:0,includesubdomain:0,incom:0,increas:0,index_suffix:0,industri:0,inform:0,ini:0,input:0,input_:0,insid:0,instanc:0,instead:0,intend:0,interact:0,interakt:0,interfer:0,invalid:0,invalidaggregatereport:0,invaliddmarcreport:0,invalidforensicreport:0,ip_address:0,ipv4:0,ipv6:0,is_outlook_msg:0,iso:0,issu:0,its:0,java:0,job:0,joe:0,journalctl:0,jre:0,just:0,jvm:0,jxf:0,kafka:0,kb4099855:0,kb4134118:0,kb4295699:0,keepal:0,kei:0,keyout:0,kibana_saved_object:0,kind:0,know:0,known:0,languag:0,larg:0,larger:0,later:0,latest:0,layout:0,leak:0,least:0,leav:0,left:0,legal:0,legitim:0,level:0,libemail:0,like:0,limit:0,line:0,link:0,linux:0,linux_x86_64:0,listen:0,load:0,local:0,localhost:0,locat:0,log:0,log_fil:0,login:0,longer:0,look:0,loopback:0,lot:0,lua:0,maco:0,magnifi:0,mai:0,mail_from:0,mail_to:0,mailbox:0,mailer:0,mailrelai:0,mailto:0,main:0,make:0,malici:0,manag:0,manual:0,map:0,market:0,match:0,max:0,maximum:0,maxmind:0,mechan:0,member:0,mention:0,menu:0,messag:0,message_id:0,meta:0,mfrom:0,microsoft:0,might:0,migrate_index:0,mime:0,minimum:0,minut:0,mitig:0,mkdir:0,mmdb:0,mobil:0,mode:0,modern:0,modifi:0,modul:0,mon:0,monitor:0,monthli:0,monthly_index:0,more:0,most:0,mous:0,move:0,move_support:0,msg:0,msg_byte:0,msg_date:0,msg_footer:0,msg_header:0,msgconvert:0,much:0,multi:0,mung:0,must:0,n_proc:0,name:0,nameserv:0,nano:0,navig:0,ncontent:0,ndate:0,need:0,neeed:0,nelson:0,net:0,network:0,newest:0,newkei:0,next:0,nfrom:0,nginx:0,nmessag:0,nmime:0,node:0,non:0,none:0,noproxyfor:0,norepli:0,normal:0,nosecureimap:0,nosniff:0,notabl:0,now:0,nsubject:0,nto:0,number:0,nwettbewerb:0,object:0,observ:0,occur:0,occurr:0,oct:0,off:0,office365:0,often:0,old:0,older:0,oldest:0,ondmarc:0,one:0,onli:0,onlin:0,opendn:0,openssl:0,opt:0,ordereddict:0,org:0,org_email:0,org_extra_contact_info:0,org_nam:0,organ:0,organis:0,origin:0,original_envelope_id:0,original_mail_from:0,original_rcpt_to:0,other:0,our:0,out:0,outdat:0,outgo:0,outlook:0,output_directori:0,outsid:0,over:0,overrid:0,overwrit:0,own:0,pack:0,packag:0,pad:0,page:0,pan:0,parallel:0,param:0,paramet:0,parent:0,pars:0,parse_aggregate_report_fil:0,parse_aggregate_report_xml:0,parse_email:0,parse_forensic_report:0,parse_report_email:0,parse_report_fil:0,parsed_aggregate_reports_to_csv:0,parsed_forensic_reports_to_csv:0,parsed_sampl:0,parser:0,parsererror:0,part:0,particular:0,particularli:0,pass:0,passag:0,passsword:0,password:0,past:0,patch:0,path:0,payload:0,pct:0,percentag:0,perform:0,period:0,perl:0,permiss:0,peter:0,pie:0,pip3:0,pip:0,place:0,plain:0,plaintext:0,platform:0,pleas:0,plu:0,polici:0,policy_evalu:0,policy_override_com:0,policy_override_reason:0,policy_publish:0,poll:0,poly1305:0,port:0,portabl:0,posit:0,possibl:0,post:0,poster:0,postoriu:0,prefix:0,preload:0,premad:0,previou:0,previous:0,print:0,printabl:0,privaci:0,process:0,produc:0,product:0,program:0,project:0,prompt:0,proofpoint:0,properti:0,protect:0,provid:0,prox:0,proxi:0,proxy_add_x_forwarded_for:0,proxy_pass:0,proxy_set_head:0,proxyhost:0,proxypassword:0,proxyport:0,proxyus:0,pry:0,public_suffix_list:0,publicsuffix:0,publish:0,pypi:0,python34:0,python3:0,python:0,quarantin:0,queri:0,query_dn:0,quot:0,rais:0,ram:0,rather:0,readabl:0,readonlyrest:0,real:0,realli:0,reason:0,receiv:0,recipi:0,recogn:0,recommend:0,record_typ:0,refer:0,regardless:0,regul:0,regular:0,reject:0,relai:0,relat:0,releas:0,reli:0,reliabl:0,reload:0,remain:0,remot:0,remote_addr:0,remov:0,repeat:0,replac:0,repli:0,reply_goes_to_list:0,reply_to:0,replyo:0,report_id:0,report_metadata:0,report_typ:0,reported_domain:0,reports_fold:0,repositori:0,req:0,request:0,request_uri:0,requir:0,resolv:0,respons:0,restart:0,restartsec:0,restor:0,result:0,retain:0,retriev:0,reus:0,revers:0,reverse_dn:0,review:0,rewrit:0,rfc2369:0,rfc822:0,rfc:0,rhel:0,right:0,rollup:0,root:0,rpm:0,rsa:0,rua:0,ruf:0,rule:0,safe:0,same:0,sameorigin:0,sample_headers_onli:0,save:0,save_aggreg:0,save_aggregate_report_to_elasticsearch:0,save_aggregate_reports_to_splunk:0,save_forens:0,save_forensic_report_to_elasticsearch:0,save_forensic_reports_to_splunk:0,save_output:0,schema:0,scope:0,scrub_nondigest:0,search:0,second:0,secret:0,secur:0,see:0,segment:0,selector:0,self:0,send:0,sensit:0,sent:0,separ:0,server:0,servernameon:0,session:0,set:0,set_host:0,setuptool:0,sha256:0,sha384:0,share:0,sharepoint:0,should:0,shouldn:0,show:0,shv:0,side:0,sign:0,signatur:0,silent:0,similar:0,simpl:0,simplifi:0,singl:0,sister:0,site:0,size:0,skip:0,skip_certificate_verif:0,slightli:0,small:0,smg:0,smtp:0,smtperror:0,socket:0,solut:0,some:0,someon:0,sometim:0,sort:0,source_base_domain:0,source_countri:0,source_ip_address:0,source_reverse_dn:0,sourceforg:0,special:0,specif:0,specifi:0,speed:0,spf_align:0,spf_domain:0,spf_result:0,spf_scope:0,splunk_hec:0,splunkerror:0,splunkhec:0,spoof:0,squeaki:0,ssl:0,ssl_cert_path:0,ssl_certif:0,ssl_certificate_kei:0,ssl_cipher:0,ssl_context:0,ssl_prefer_server_ciph:0,ssl_protocol:0,ssl_session_cach:0,ssl_session_ticket:0,ssl_session_timeout:0,sslcontext:0,stabl:0,standard:0,start:0,starttl:0,statu:0,step:0,still:0,storag:0,store:0,str:0,strict:0,string:0,strip:0,strip_attachment_payload:0,strongli:0,structur:0,subdomain:0,subject:0,subject_prefix:0,subsidiari:0,substitut:0,sudo:0,suffix:0,suggest:0,suppli:0,sure:0,sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq:0,symlink:0,syslog:0,system:0,systemctl:0,tab:0,tag:0,tar:0,target:0,tby:0,tee:0,tell:0,templat:0,temporari:0,text:0,than:0,thank:0,thei:0,theirs:0,them:0,therebi:0,thi:0,thousand:0,three:0,through:0,time:0,timeout:0,timestamp:0,timestamp_to_datetim:0,timestamp_to_human:0,timezon:0,tld:0,tlsv1:0,to_domain:0,to_utc:0,token:0,tool:0,top:0,topic:0,touch:0,tracker:0,tradit:0,transfer:0,transpar:0,transport:0,trust:0,tweak:0,two:0,type:0,ubuntu:0,uncom:0,uncondition:0,under:0,underneath:0,understand:0,unfortun:0,uninstal:0,unit:0,unix:0,unsubscrib:0,unzip:0,updat:0,upersecur:0,upper:0,uri:0,url:0,usag:0,use:0,use_fresh_psl:0,use_ssl:0,used:0,useful:0,user:0,user_ag:0,useradd:0,usernam:0,uses:0,usesystemproxi:0,usr:0,utc:0,utf:0,valimail:0,valu:0,vendor:0,venv:0,veri:0,verif:0,verifi:0,version:0,vew:0,view:0,virtualenv:0,volum:0,vulner:0,w3c:0,wai:0,wait:0,want:0,wantedbi:0,warn:0,watch:0,watch_inbox:0,watcher:0,web:0,webdav:0,webmail:0,well:0,were:0,wettbewerb:0,wget:0,when:0,whenev:0,where:0,wherea:0,which:0,who:0,why:0,wide:0,wiki:0,window:0,without:0,work:0,workstat:0,worst:0,would:0,wrap:0,write:0,www:0,x509:0,xennn:0,xml:0,xml_schema:0,xms4g:0,xmx4g:0,yahoo:0,yet:0,you:0,your:0,yum:0,yyyi:0,zip:0},titles:["parsedmarc documentation - Open source DMARC report analyzer and visualizer"],titleterms:{EWS:0,Using:0,about:0,access:0,aggreg:0,align:0,analyz:0,api:0,best:0,bug:0,cli:0,configur:0,csv:0,dashboard:0,davmail:0,depend:0,dkim:0,dmarc:0,document:0,domain:0,elast:0,elasticsearch:0,featur:0,file:0,forens:0,guid:0,help:0,inbox:0,index:0,indic:0,instal:0,json:0,kibana:0,list:0,listserv:0,lookalik:0,mail:0,mailman:0,multipl:0,open:0,option:0,output:0,owa:0,parsedmarc:0,pattern:0,practic:0,pypy3:0,record:0,report:0,resourc:0,retent:0,run:0,sampl:0,sender:0,servic:0,sourc:0,spf:0,splunk:0,summari:0,support:0,systemd:0,tabl:0,test:0,upgrad:0,using:0,util:0,valid:0,visual:0,what:0,won:0,workaround:0}}) \ No newline at end of file +Search.setIndex({docnames:["index"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.cpp":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,"sphinx.ext.todo":1,"sphinx.ext.viewcode":1,sphinx:56},filenames:["index.rst"],objects:{"":{parsedmarc:[0,0,0,"-"]},"parsedmarc.elastic":{AlreadySaved:[0,1,1,""],ElasticsearchError:[0,1,1,""],create_indexes:[0,2,1,""],migrate_indexes:[0,2,1,""],save_aggregate_report_to_elasticsearch:[0,2,1,""],save_forensic_report_to_elasticsearch:[0,2,1,""],set_hosts:[0,2,1,""]},"parsedmarc.splunk":{HECClient:[0,3,1,""],SplunkError:[0,1,1,""]},"parsedmarc.splunk.HECClient":{save_aggregate_reports_to_splunk:[0,4,1,""],save_forensic_reports_to_splunk:[0,4,1,""]},"parsedmarc.utils":{EmailParserError:[0,1,1,""],convert_outlook_msg:[0,2,1,""],decode_base64:[0,2,1,""],get_base_domain:[0,2,1,""],get_filename_safe_string:[0,2,1,""],get_ip_address_country:[0,2,1,""],get_ip_address_info:[0,2,1,""],get_reverse_dns:[0,2,1,""],human_timestamp_to_datetime:[0,2,1,""],human_timestamp_to_timestamp:[0,2,1,""],is_outlook_msg:[0,2,1,""],parse_email:[0,2,1,""],query_dns:[0,2,1,""],timestamp_to_datetime:[0,2,1,""],timestamp_to_human:[0,2,1,""]},parsedmarc:{IMAPError:[0,1,1,""],InvalidAggregateReport:[0,1,1,""],InvalidDMARCReport:[0,1,1,""],InvalidForensicReport:[0,1,1,""],ParserError:[0,1,1,""],SMTPError:[0,1,1,""],elastic:[0,0,0,"-"],email_results:[0,2,1,""],extract_xml:[0,2,1,""],get_dmarc_reports_from_inbox:[0,2,1,""],get_imap_capabilities:[0,2,1,""],get_report_zip:[0,2,1,""],parse_aggregate_report_file:[0,2,1,""],parse_aggregate_report_xml:[0,2,1,""],parse_forensic_report:[0,2,1,""],parse_report_email:[0,2,1,""],parse_report_file:[0,2,1,""],parsed_aggregate_reports_to_csv:[0,2,1,""],parsed_forensic_reports_to_csv:[0,2,1,""],save_output:[0,2,1,""],splunk:[0,0,0,"-"],utils:[0,0,0,"-"],watch_inbox:[0,2,1,""]}},objnames:{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},objtypes:{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},terms:{"2017a":0,"50m":0,"\u00fcbersicht":0,"break":0,"byte":0,"case":0,"class":0,"default":0,"float":0,"function":0,"import":0,"int":0,"long":0,"new":0,"null":0,"public":0,"return":0,"switch":0,"true":0,"var":0,"while":0,And:0,DNS:0,For:0,OLE:0,TLS:0,That:0,The:0,Then:0,These:0,Use:0,Uses:0,With:0,Yes:0,_input:0,abl:0,abov:0,accept:0,access_token:0,accident:0,account:0,acm:0,across:0,action:0,actual:0,add:0,add_head:0,added:0,adding:0,addit:0,address:0,addresse:0,adkim:0,admin:0,administr:0,adsl:0,aes128:0,aes256:0,after:0,against:0,agari:0,age:0,aggregate_index:0,aggregate_report:0,aggregate_top:0,all:0,allow:0,allowremot:0,alreadysav:0,also:0,alter:0,altern:0,although:0,alwai:0,ani:0,anonym:0,anoth:0,answer:0,apach:0,apache2:0,appear:0,appendix:0,appli:0,approach:0,approxim:0,apt:0,archiv:0,archive_fold:0,argument:0,arriv:0,arrival_d:0,arrival_date_utc:0,artifact:0,ask:0,asmx:0,aspf:0,assign:0,associ:0,attach:0,attachment_filenam:0,auth:0,auth_bas:0,auth_basic_user_fil:0,auth_failur:0,auth_result:0,authent:0,authentication_mechan:0,authentication_result:0,auto:0,autodetect:0,avail:0,avoid:0,b2c:0,base64:0,base:0,base_domain:0,basic:0,bcc:0,bd6e1bb5:0,becaus:0,been:0,begin_d:0,behind:0,being:0,bellsouth:0,below:0,between:0,bin:0,binari:0,bind:0,bindaddress:0,bitbucket:0,blank:0,block:0,bodi:0,bool:0,brand:0,busi:0,button:0,bz2:0,cach:0,call:0,callback:0,came:0,can:0,capabl:0,caus:0,center:0,cento:0,cert:0,cert_path:0,certif:0,cest:0,chacha20:0,chain:0,chang:0,charact:0,charset:0,chart:0,check:0,checkbox:0,checkdmarc:0,chines:0,chmod:0,choos:0,chown:0,chunk_siz:0,cisco:0,click:0,client:0,clientsotimeout:0,cloudflar:0,code:0,collect:0,collector:0,com:0,come:0,comma:0,command:0,comment:0,commerci:0,common:0,commun:0,complet:0,compli:0,compliant:0,compress:0,config:0,config_fil:0,conform:0,connect:0,consid:0,consist:0,consolid:0,consum:0,contact:0,contain:0,content:0,context:0,control:0,convert:0,convert_outlook_msg:0,copi:0,core:0,correctli:0,could:0,count:0,countri:0,crash:0,creat:0,create_index:0,credenti:0,crt:0,csr:0,cumul:0,current:0,custom:0,daemon:0,dai:0,daili:0,dat:0,data:0,databas:0,date:0,date_utc:0,datetim:0,deb:0,debian:0,debug:0,decod:0,decode_base64:0,defens:0,delai:0,delet:0,delivery_result:0,demystifi:0,deploi:0,describ:0,descript:0,detail:0,develop:0,dict:0,dictionari:0,differ:0,digest:0,directli:0,directori:0,dis:0,disabl:0,disclaim:0,displai:0,display_nam:0,disposit:0,dkim_align:0,dkim_domain:0,dkim_result:0,dkim_selector:0,dkm:0,dmarc_aggreg:0,dmarc_forens:0,dmarc_moderation_act:0,dmarc_none_moderation_act:0,dmarc_quarentine_moderation_act:0,dmarcian:0,dmarcresport:0,dns_timeout:0,doctyp:0,doe:0,domainawar:0,don:0,down:0,download:0,draft:0,dtd:0,dure:0,each:0,earlier:0,easi:0,easier:0,easy_instal:0,ecdh:0,ecdsa:0,echo:0,edit:0,editor:0,effici:0,elasticsearcherror:0,els:0,email:0,email_result:0,emailparsererror:0,empti:0,enabl:0,enableew:0,enablekeepal:0,enableproxi:0,encod:0,encount:0,encrypt:0,end:0,end_dat:0,enforc:0,ensur:0,entir:0,envelop:0,envelope_from:0,envelope_to:0,environ:0,error:0,especi:0,etc:0,even:0,event:0,everi:0,exactli:0,exampl:0,exampleus:0,except:0,exchang:0,exclud:0,execstart:0,exist:0,exit:0,expiringdict:0,explain:0,explicit:0,extract:0,extract_xml:0,eyes:0,factor:0,fail:0,failur:0,fals:0,fantast:0,faster:0,feedback:0,feedback_report:0,feedback_typ:0,fetch:0,few:0,field:0,file_path:0,filenam:0,filename_safe_subject:0,fill:0,filter:0,financ:0,find:0,fine:0,first:0,first_strip_reply_to:0,fit:0,fix:0,flag:0,flat:0,flexibl:0,folder:0,foldersizelimit:0,follow:0,footer:0,fore:0,forensic_index:0,forensic_report:0,forensic_top:0,format:0,forward:0,found:0,foundat:0,fqdn:0,frame:0,fraud:0,free:0,fresh:0,friendli:0,from:0,from_is_list:0,ftp_proxi:0,full:0,fulli:0,further:0,gatewai:0,gcm:0,gdpr:0,gener:0,geoip:0,geoipupd:0,geolite2:0,get:0,get_base_domain:0,get_dmarc_reports_from_inbox:0,get_filename_safe_str:0,get_imap_cap:0,get_ip_address_countri:0,get_ip_address_info:0,get_report_zip:0,get_reverse_dn:0,git:0,github:0,give:0,given:0,glass:0,global:0,gmail:0,goe:0,googl:0,gpg:0,graph:0,group:0,gzip:0,hand:0,handl:0,has:0,has_defect:0,have:0,head:0,header:0,header_from:0,headless:0,healthcar:0,heap:0,heavi:0,hec:0,hecclient:0,hectokengoesher:0,here:0,high:0,higher:0,highli:0,his:0,hop:0,host:0,hostnam:0,hover:0,href:0,html:0,htpasswd:0,http2:0,http:0,http_proxi:0,httpasswd:0,httpd:0,https_proxi:0,human:0,human_timestamp:0,human_timestamp_to_datetim:0,human_timestamp_to_timestamp:0,icon:0,ideal:0,ident:0,identifi:0,idl:0,imap:0,imapalwaysapproxmsgs:0,imapautoexpung:0,imapcli:0,imaperror:0,imapidledelai:0,imapport:0,immedi:0,impli:0,improv:0,includ:0,include_list_post_head:0,include_rfc2369_head:0,include_sender_head:0,includesubdomain:0,incom:0,increas:0,index_suffix:0,industri:0,inform:0,ini:0,input:0,input_:0,insid:0,instanc:0,instead:0,intend:0,interact:0,interakt:0,interfer:0,invalid:0,invalidaggregatereport:0,invaliddmarcreport:0,invalidforensicreport:0,ip_address:0,ipv4:0,ipv6:0,is_outlook_msg:0,iso:0,issu:0,its:0,java:0,job:0,joe:0,journalctl:0,jre:0,just:0,jvm:0,jxf:0,kafka:0,kb4099855:0,kb4134118:0,kb4295699:0,keepal:0,kei:0,keyout:0,kibana_saved_object:0,kind:0,know:0,known:0,languag:0,larg:0,larger:0,later:0,latest:0,layout:0,leak:0,least:0,leav:0,left:0,legal:0,legitim:0,level:0,libemail:0,like:0,limit:0,line:0,link:0,linux:0,linux_x86_64:0,listen:0,load:0,local:0,localhost:0,locat:0,log:0,log_fil:0,login:0,longer:0,look:0,loopback:0,lot:0,lua:0,maco:0,magnifi:0,mai:0,mail_from:0,mail_to:0,mailbox:0,mailer:0,mailrelai:0,mailto:0,main:0,make:0,malici:0,manag:0,manual:0,map:0,market:0,match:0,max:0,maximum:0,maxmind:0,mechan:0,member:0,mention:0,menu:0,messag:0,message_id:0,meta:0,mfrom:0,microsoft:0,might:0,migrate_index:0,mime:0,minimum:0,minut:0,mitig:0,mkdir:0,mmdb:0,mobil:0,mode:0,modern:0,modifi:0,modul:0,mon:0,monitor:0,monthli:0,monthly_index:0,more:0,most:0,mous:0,move:0,move_support:0,msg:0,msg_byte:0,msg_date:0,msg_footer:0,msg_header:0,msgconvert:0,much:0,multi:0,mung:0,must:0,n_proc:0,name:0,nameserv:0,nano:0,navig:0,ncontent:0,ndate:0,need:0,neeed:0,nelson:0,net:0,network:0,newest:0,newkei:0,next:0,nfrom:0,nginx:0,nmessag:0,nmime:0,node:0,non:0,none:0,noproxyfor:0,norepli:0,normal:0,nosecureimap:0,nosniff:0,notabl:0,now:0,nsubject:0,nto:0,number:0,nwettbewerb:0,object:0,observ:0,occur:0,occurr:0,oct:0,off:0,office365:0,often:0,old:0,older:0,oldest:0,ondmarc:0,one:0,onli:0,onlin:0,opendn:0,openssl:0,opt:0,ordereddict:0,org:0,org_email:0,org_extra_contact_info:0,org_nam:0,organ:0,organis:0,origin:0,original_envelope_id:0,original_mail_from:0,original_rcpt_to:0,other:0,our:0,out:0,outdat:0,outgo:0,outlook:0,output_directori:0,outsid:0,over:0,overrid:0,overwrit:0,own:0,pack:0,packag:0,pad:0,page:0,pan:0,parallel:0,param:0,paramet:0,parent:0,pars:0,parse_aggregate_report_fil:0,parse_aggregate_report_xml:0,parse_email:0,parse_forensic_report:0,parse_report_email:0,parse_report_fil:0,parsed_aggregate_reports_to_csv:0,parsed_forensic_reports_to_csv:0,parsed_sampl:0,parser:0,parsererror:0,part:0,particular:0,particularli:0,pass:0,passag:0,passsword:0,password:0,past:0,patch:0,path:0,payload:0,pct:0,percentag:0,perform:0,period:0,perl:0,permiss:0,peter:0,pie:0,pip3:0,pip:0,place:0,plain:0,plaintext:0,platform:0,pleas:0,plu:0,polici:0,policy_evalu:0,policy_override_com:0,policy_override_reason:0,policy_publish:0,poll:0,poly1305:0,port:0,portabl:0,posit:0,possibl:0,post:0,poster:0,postoriu:0,prefix:0,preload:0,premad:0,previou:0,previous:0,print:0,printabl:0,privaci:0,process:0,produc:0,product:0,program:0,project:0,prompt:0,proofpoint:0,properti:0,protect:0,provid:0,prox:0,proxi:0,proxy_add_x_forwarded_for:0,proxy_pass:0,proxy_set_head:0,proxyhost:0,proxypassword:0,proxyport:0,proxyus:0,pry:0,public_suffix_list:0,publicsuffix:0,publish:0,pypi:0,python34:0,python3:0,python:0,quarantin:0,queri:0,query_dn:0,quot:0,rais:0,ram:0,rather:0,readabl:0,readonlyrest:0,real:0,realli:0,reason:0,receiv:0,recipi:0,recogn:0,recommend:0,record_typ:0,refer:0,regardless:0,regul:0,regular:0,reject:0,relai:0,relat:0,releas:0,reli:0,reliabl:0,reload:0,remain:0,remot:0,remote_addr:0,remov:0,repeat:0,replac:0,repli:0,reply_goes_to_list:0,reply_to:0,replyo:0,report_id:0,report_metadata:0,report_typ:0,reported_domain:0,reports_fold:0,repositori:0,req:0,request:0,request_uri:0,requir:0,resolv:0,respons:0,restart:0,restartsec:0,restor:0,result:0,retain:0,retriev:0,reus:0,revers:0,reverse_dn:0,review:0,rewrit:0,rfc2369:0,rfc822:0,rfc:0,rhel:0,right:0,rollup:0,root:0,rpm:0,rsa:0,rua:0,ruf:0,rule:0,safe:0,same:0,sameorigin:0,sample_headers_onli:0,save:0,save_aggreg:0,save_aggregate_report_to_elasticsearch:0,save_aggregate_reports_to_splunk:0,save_forens:0,save_forensic_report_to_elasticsearch:0,save_forensic_reports_to_splunk:0,save_output:0,schema:0,scope:0,scrub_nondigest:0,search:0,second:0,secret:0,secur:0,see:0,segment:0,selector:0,self:0,send:0,sensit:0,sent:0,separ:0,server:0,servernameon:0,session:0,set:0,set_host:0,setuptool:0,sha256:0,sha384:0,share:0,sharepoint:0,should:0,shouldn:0,show:0,shv:0,side:0,sign:0,signatur:0,silent:0,similar:0,simpl:0,simplifi:0,singl:0,sister:0,site:0,size:0,skip:0,skip_certificate_verif:0,slightli:0,small:0,smg:0,smtp:0,smtperror:0,socket:0,solut:0,some:0,someon:0,sometim:0,sort:0,source_base_domain:0,source_countri:0,source_ip_address:0,source_reverse_dn:0,sourceforg:0,special:0,specif:0,specifi:0,speed:0,spf_align:0,spf_domain:0,spf_result:0,spf_scope:0,splunk_hec:0,splunkerror:0,splunkhec:0,spoof:0,squeaki:0,ssl:0,ssl_cert_path:0,ssl_certif:0,ssl_certificate_kei:0,ssl_cipher:0,ssl_context:0,ssl_prefer_server_ciph:0,ssl_protocol:0,ssl_session_cach:0,ssl_session_ticket:0,ssl_session_timeout:0,sslcontext:0,stabl:0,standard:0,start:0,starttl:0,statu:0,step:0,still:0,storag:0,store:0,str:0,strict:0,string:0,strip:0,strip_attachment_payload:0,strongli:0,structur:0,subdomain:0,subject:0,subject_prefix:0,subsidiari:0,substitut:0,sudo:0,suffix:0,suggest:0,suppli:0,sure:0,sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq:0,symlink:0,syslog:0,system:0,systemctl:0,tab:0,tag:0,tar:0,target:0,tby:0,tee:0,tell:0,templat:0,temporari:0,text:0,than:0,thank:0,thei:0,theirs:0,them:0,therebi:0,thi:0,thousand:0,three:0,through:0,time:0,timeout:0,timestamp:0,timestamp_to_datetim:0,timestamp_to_human:0,timezon:0,tld:0,tlsv1:0,to_domain:0,to_utc:0,token:0,tool:0,top:0,topic:0,touch:0,tracker:0,tradit:0,transfer:0,transpar:0,transport:0,trust:0,tweak:0,two:0,type:0,ubuntu:0,uncom:0,uncondition:0,under:0,underneath:0,understand:0,unfortun:0,uninstal:0,unit:0,unix:0,unsubscrib:0,unzip:0,updat:0,upersecur:0,upper:0,uri:0,url:0,usag:0,use:0,use_fresh_psl:0,use_ssl:0,used:0,useful:0,user:0,user_ag:0,useradd:0,usernam:0,uses:0,usesystemproxi:0,usr:0,utc:0,utf:0,valimail:0,valu:0,vendor:0,venv:0,veri:0,verif:0,verifi:0,version:0,vew:0,view:0,virtualenv:0,volum:0,vulner:0,w3c:0,wai:0,wait:0,want:0,wantedbi:0,warn:0,watch:0,watch_inbox:0,watcher:0,web:0,webdav:0,webmail:0,well:0,were:0,wettbewerb:0,wget:0,when:0,whenev:0,where:0,wherea:0,which:0,who:0,why:0,wide:0,wiki:0,window:0,without:0,work:0,workstat:0,worst:0,would:0,wrap:0,write:0,www:0,x509:0,xennn:0,xml:0,xml_schema:0,xms4g:0,xmx4g:0,yahoo:0,yet:0,you:0,your:0,yum:0,yyyi:0,zip:0},titles:["parsedmarc documentation - Open source DMARC report analyzer and visualizer"],titleterms:{EWS:0,Using:0,about:0,access:0,aggreg:0,align:0,analyz:0,api:0,best:0,bug:0,cli:0,configur:0,csv:0,dashboard:0,davmail:0,depend:0,dkim:0,dmarc:0,document:0,domain:0,elast:0,elasticsearch:0,featur:0,file:0,forens:0,guid:0,help:0,inbox:0,index:0,indic:0,instal:0,json:0,kibana:0,list:0,listserv:0,lookalik:0,mail:0,mailman:0,multipl:0,open:0,option:0,output:0,owa:0,parsedmarc:0,pattern:0,practic:0,pypy3:0,record:0,report:0,resourc:0,retent:0,run:0,sampl:0,sender:0,servic:0,sourc:0,spf:0,splunk:0,summari:0,support:0,systemd:0,tabl:0,test:0,upgrad:0,using:0,util:0,valid:0,visual:0,what:0,won:0,workaround:0}}) \ No newline at end of file
