Re: DMARC report analyzer - Open Source solution

[Roberto Carna]

Dear Jonhatan, I'm using the same solutions as you:

dmarcts-report-parser + dmatcts-report-viewer

But I'm seeing that I receive just aggregate reports and not forensic
reports.

Please can you tell me if you receive forensic reports ???

Thanks a lot !!!

El mar., 7 ene. 2020 a las 10:46, Jonathan Sélea ()
escribió:

> Hi,
>
> I use the following:
>
> https://github.com/techsneeze/dmarcts-report-parser
>
> Together with:
>
> https://github.com/techsneeze/dmarcts-report-viewer
>
> It is not the best looking tool but it does the job :)
> Jonathan Sélea
>
> PGP Key: 0x8B35B3C894B964DD
> Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
>
>
> On tor, dec 26, 2019 at 8:54 PM, Roberto Carna 
> wrote:
>
> Dear, I'm receiving DMARC reports in one mail account from my domain. All
> the reports coming for Google and Yahoo mainly are attached in ZIP format,
> and they are XML files.
>
> Is there any open source DMARC report analyzer for a Linux platform ??? I
> prefer Debian or Ubuntu.
>
> Thanks a lot !!!
>
>

Re: DMARC report analyzer - Open Source solution

[Jonathan Sélea]

Hi,

I use the following:



Together with:



It is not the best looking tool but it does the job :)
Jonathan Sélea

PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD


On tor, dec 26, 2019 at 8:54 PM, Roberto Carna 
 wrote:
Dear, I'm receiving DMARC reports in one mail account from my domain. 
All the reports coming for Google and Yahoo mainly are attached in 
ZIP format, and they are XML files.


Is there any open source DMARC report analyzer for a Linux platform 
??? I prefer Debian or Ubuntu.


Thanks a lot !!!

Re: DMARC report analyzer - Open Source solution

[Roberto Carna]

Dear Julian, when you use Parsedmarc for aggregate and forensic reports, do
you receive any forensic report ??? Because I've read that just a few
remote mail servers with DMARC support send this type of report, so it's no
sense to implement the feature I'm asking for, just aggregate reports
visualization is OK.

Thanks again, greetings !!!

El lun., 6 ene. 2020 a las 11:37, Julian Kippels ()
escribió:

> Hi,
>
> I am using parsedmarc (https://domainaware.github.io/parsedmarc/) for
> both aggregate and forensic reports, including sending the results to
> our Splunk server with Dashboard.
>
> Julian
>
>
> Am Mon, 6 Jan 2020 10:46:57 -0300
> schrieb Roberto Carna :
>
> > Dear Kevin, I've implemented dmarcts-report-viewer and now it runs
> > OK,..It gives me veri relevant information.
> >
> > My new question is this:
> >
> > dmarcts-report-viewer is only for DMARC aggregation reports ? What
> > can I do to get and ser DMARC forensic reports ?
> >
> > Thanks a lot again !!!
> >
> > El jue., 26 dic. 2019 a las 17:34, Kevin Miller
> > () escribió:
> >
> > > I just went through this.  Here’s some notes I kept.  Note that
> > > we’re using Exchange.  I created a mailbox/user called dmarc and
> > > pull reports from it via IMAP.
> > >
> > >
> > >
> > > Reports are retrieved from Exchange based on the following
> > > software/process:
> > >   http://www.techsneeze.com/how-parse-dmarc-reports-imap/
> > >   http://www.techsneeze.com/how-parse-dmarc-reports/ (obsolete -
> > > superseded by the above)
> > >   Source:
> > >   https://github.com/techsneeze/dmarcts-report-parser
> > >
> > > Reports are viewable via a browser using
> > >   https://github.com/techsneeze/dmarcts-report-viewer/
> > >   (view the README.md for details)
> > >
> > >
> > > The IMAP retrieval and import into a database are accomplished via
> > > a perl script.  It is instantiated in crontab to run nightly:
> > >   45  5   *   *   *   /usr/local/bin/dmarcts/
> > > dmarcts-report-parser.pl -i
> > >
> > > If run from the CLI, the usage is as follows:
> > >
> > >
> > >
> ===
> > >
> > > Usage:
> > > ./dmarcts-report-parser.pl [OPTIONS] [PATH]
> > >
> > >  This script needs a configuration file called
> > >  in
> > >  the current working directory, which defines a database server with
> > > credentials
> > >  and (if used) an IMAP server with credentials.
> > >
> > >  Additionally, one of the following source options must be provided:
> > > -i : Read reports from messages on IMAP server as defined
> > > in the config file.
> > > -m : Read reports from mbox file(s) provided in PATH.
> > > -e : Read reports from MIME email file(s) provided in PATH.
> > > -x : Read reports from xml file(s) provided in PATH.
> > >
> > >  The following optional options are allowed:
> > > -d : Print debug info.
> > > -r : Replace existing reports rather than skipping them.
> > >   --delete : Delete processed message files (the XML is stored in
> > > the database for later reference).
> > > --info : Print out number of XML files or emails processed.
> > >
> > > The provided source option requires a PATH.
> > >
> > >
> > > After retrieval, messages are moved to a subfolder called
> > > "Processed" if the import was successful, or notProcessed if it
> > > fails for some reason.
> > >
> > > HTH…
> > >
> > >
> > >
> > > ...Kevin
> > >
> > > --
> > >
> > > Kevin Miller
> > >
> > > Network/email Administrator, CBJ MIS Dept.
> > >
> > > 155 South Seward Street
> > >
> > > Juneau, Alaska 99801
> > >
> > > Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User
> > > No: 307357
> > >
> > >
> > >
> > > *From:* owner-postfix-us...@postfix.org
> > >  *On Behalf Of *Roberto Carna
> > > *Sent:* Thursday, December 26, 2019 10:54 AM
> > > *To:* Postfix 
> > > *Subject:* DMARC report analyzer - Open Source solution
> > >
> > >
> > >
> > > EXTERNAL E-MAIL: BE CAUTIOUS WHEN OPENING FILES OR FOLLOWING LINKS
> > > --
> > >
> > > Dear, I'm receiving DMARC reports in one mail account from my
> > > domain. All the reports coming for Google and Yahoo mainly are
> > > attached in ZIP format, and they are XML files.
> > >
> > >
> > >
> > > Is there any open source DMARC report analyzer for a Linux platform
> > > ??? I prefer Debian or Ubuntu.
> > >
> > >
> > >
> > > Thanks a lot !!!
> > >
>
>
>
> --
> -
> | | Julian Kippels
> | | M.Sc. Informatik
> | |
> | | Zentrum für Informations- und Medientechnologie
> | | Heinrich-Heine-Universität Düsseldorf
> | | Universitätsstr. 1
> | | Raum 25.41.O1.32
> | | 40225 Düsseldorf / Germany
> | |
> | | Tel: +49-211-81-14920
> | | mail: kipp...@hhu.de
> -
>
>

Re: Ready: PROXY protocol v2 support

[Tamás Gérczei]

I've just tested it by spinning up an instance of this version behind an
AWS NLB and connecting to the load balancer from the outside - it worked
well, nevertheless I'd encourage others to test as well. Log snippets
follow:

# with smtpd_upstream_proxy_protocol defaulted to empty
postfix-test-7cbd54cdfc-twv79 postfix Jan 07 10:50:55 mail
postfix/master[1]: daemon started -- version 3.5-20200105-nonprod,
configuration /postfix/config-live
postfix-test-7cbd54cdfc-twv79 postfix Jan 07 10:51:19 mail
postfix/smtpd[76]: connect from
ip-10-36-0-0.eu-central-1.compute.internal[10.36.0.0]
postfix-test-7cbd54cdfc-twv79 postfix Jan 07 10:51:19 mail
postfix/smtpd[76]: improper command pipelining after QUIT from
ip-10-36-0-0.eu-central-1.compute.internal[10.36.0.0]:
!\021\000T\2620\030\265\254\024\000\272\260\273\000\031\003\000\004\206n\304Q\004\000>\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000

# with smtpd_upstream_proxy_protocol = haproxy
postfix-test-7cbd54cdfc-65x22 postfix Jan 07 10:52:24 mail
postfix/master[1]: daemon started -- version 3.5-20200105-nonprod,
configuration /postfix/config-live
postfix-test-7cbd54cdfc-65x22 postfix Jan 07 10:52:28 mail
postfix/smtpd[76]: connect from fejezd.be[178.48.24.181]

Again: thanks Wietse!

T.

On 1/6/20 12:42 AM, Wietse Venema wrote:
> You can test haproxy v2 protocol support in postfix-3.5-20200105-nonprod
> (http://ftp.porcupine.org/mirrors/postfix-release/index.html). I
> have done all the testing that I can do. It would be great is someone
> can test it against some real haproxy client.
>
> Haproxy v2 protocol support is limited to TCP over IPv4 and TCP
> over IPv6. It supports non-proxied connections (typically used for
> heartbeats).
>
> This will be part of the Postfix 3.5 stable release early this year.
>
>   Wietse

Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant future

[lists]

https://metacpan.org/pod/MIME::Lite

Sort of not recommended, but a few alternatives provided. Thanks. 





  Original Message  


From: will...@uubeta.com
Sent: January 7, 2020 12:51 AM
To: postfix-users@postfix.org
Subject: Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant 
future


You can use MIME::Lite (or something similiar) to build a message
including body and headers with wrong date format then forward the
message to Postfix for testing.

regards.

on 2020/1/7 16:47, lists wrote:
> Is there some easy way to send email with the wrong date to test this? We'll 
> other than setting the wrong date on the computer.
>

Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant future

[William C]

You can use MIME::Lite (or something similiar) to build a message 
including body and headers with wrong date format then forward the 
message to Postfix for testing.


regards.

on 2020/1/7 16:47, lists wrote:

Is there some easy way to send email with the wrong date to test this? We'll 
other than setting the wrong date on the computer.

Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant future

[lists]

Is there some easy way to send email with the wrong date to test this? We'll 
other than setting the wrong date on the computer. 





  Original Message  


From: r...@wagenaar.nu
Sent: January 7, 2020 12:37 AM
To: postfix-users@postfix.org
Reply-to: r...@wagenaar.nu
Subject: Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant 
future


Wietse Venema  wrote:

> Regexps that accept exactly one the year in the Date: field will bounce
> some email around the end of the year, because year changes don't happen
> globally at the same time, and email may be in transit for up to a few
> days.
>
> By the end of 2019 the patterns should be:
>
> /^Date: .* 2019/    DUNNO /^Date: .* 2020/
> DUNNO /^Date: .* [0-9][0-9][0-9][0-9]/    REJECT bad year
> in date
>
> And by the end of 2020:
>
> /^Date: .* 2020/    DUNNO /^Date: .* 2021/
> DUNNO /^Date: .* [0-9][0-9][0-9][0-9]/    REJECT bad year
> in date
>
> This could be automated by a cronjob.
>
> Wietse
>
>

SPOT on!

Thanks for the hint, an opportunity to revise all my checks, the majority
are a number of years old and apperantly need checking.


--
Roel Wagenaar,

telegram: 0630865765
Linux-User #469851 with the Linux Counter; http://linuxcounter.net/

Antw.: Omdat het de volgorde verstoord waarin mensen tekst lezen.
Vraag: Waarom is top-posting een slechte gewoonte?
Antw.: Top-posting.
Vraag: Wat is het meest ergerlijke in e-mail?

In a world without doors and walls who needs Windows and Gates?

Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant future

[Roel Wagenaar]

Wietse Venema  wrote:

> Regexps that accept exactly one the year in the Date: field will bounce
> some email around the end of the year, because year changes don't happen
> globally at the same time, and email may be in transit for up to a few
> days.
> 
> By the end of 2019 the patterns should be:
> 
> /^Date: .* 2019/DUNNO /^Date: .* 2020/
> DUNNO /^Date: .* [0-9][0-9][0-9][0-9]/REJECT bad year
> in date
> 
> And by the end of 2020:
> 
> /^Date: .* 2020/DUNNO /^Date: .* 2021/
> DUNNO /^Date: .* [0-9][0-9][0-9][0-9]/REJECT bad year
> in date
> 
> This could be automated by a cronjob.
> 
> Wietse
> 
> 

SPOT on!

Thanks for the hint, an opportunity to revise all my checks, the majority
are a number of years old and apperantly need checking.

 
-- 
Roel Wagenaar,

telegram: 0630865765
Linux-User #469851 with the Linux Counter; http://linuxcounter.net/

Antw.: Omdat het de volgorde verstoord waarin mensen tekst lezen.
Vraag: Waarom is top-posting een slechte gewoonte?
Antw.: Top-posting.
Vraag: Wat is het meest ergerlijke in e-mail?

In a world without doors and walls who needs Windows and Gates?