search

ZoeyVid / parsedmarc-dockerized

Dockerized self-initializing parsedmarc docker stack for lazy people
https://hub.docker.com/r/zoeyvid/parsedmarc-dockerized
GNU Lesser General Public License v3.0
2 stars 0 forks source link

Test the tools #73

Closed LMarly closed 3 months ago

LMarly commented 3 months ago

Hello,

I have finally finish to solve all the error. All the docker container are in green. But now I would like to send some test email to see if it's work well before putting the email address in the RUA.

How can I send manually some report ? I try to send to .xml and .txt file with fake information in it but the email just disappears after few second. When I send a .zip file with .xml in it, that just put the email in the folder Archive --> Invalid (it's done that just one time and now it's not working anymore).

Do you know if we have a template to respect for the email, like a specific word in the subject or the body of the mail.

Also, this is the .xml file that I put in the zip, maybe the problem come from him : 

<?xml version="1.0" encoding="UTF-8"?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>http://google.com/dmarc/support</extra_contact_info>
    <report_id>8293631894893125362</report_id>
    <date_range>
      <begin>1234573120</begin>
      <end>1234453590</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>yourdomain.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>302.0.214.308</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>yourdomain.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>yourdomain.com</domain>
        <result>fail</result>
        <human_result></human_result>
      </dkim>
      <spf>
        <domain>yourdomain.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

In the docker logs, I have nothing who appears, the last log I have is a elastic connection error on parsedmarc container so I do a curl to verify and the connection is good now, so I don't really understand where the problem come from

I just have a log for kibana but not sure it's related : 

2024-07-24 09:01:21 parsedmarc-kibana       | [2024-07-24T09:01:21.213+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"parsedmarc"}

Thank you for your help

Zoey2936 commented 3 months ago

I don't know how to cr4eate the xml file, but it should work if you put an email with the xml file attached in the inboix folder

LMarly commented 3 months ago

Did you get some log in the container when the email are analyse ?

Zoey2936 commented 3 months ago

sorry, I never checked that because it worked instantly for me and everything was in kibana

LMarly commented 3 months ago

Do you think that can come from kibana, I have this log : 

2024-07-24 09:44:24 parsedmarc-kibana       | [2024-07-24T09:44:24.228+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"parsedmarc"}
2024-07-24 09:59:18 parsedmarc-kibana       | [2024-07-24T09:59:18.287+02:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
2024-07-24 09:59:27 parsedmarc-kibana       | [2024-07-24T09:59:27.236+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"parsedmarc"}
Zoey2936 commented 3 months ago

yes that is kibana

LMarly commented 3 months ago

Yes, I know that come from kibana but do you think that this can be a blocking point ? That just [INFO] log but we never know

Zoey2936 commented 3 months ago

I think not

LMarly commented 3 months ago

Ok, thank you I add the email in the dmarc record, I will see if that change something

LMarly commented 3 months ago

So I put delete in false in the config.ini file and now the report send from my domain are well interpreted That all work well for the moment

Thank you