search

aholzel / TA-dmarc

Splunk app for the processing and ingestion of DMARC RUA reports
4 stars 2 forks source link

App does not run, no logs etc. #4

Closed fraserc182 closed 4 years ago

fraserc182 commented 4 years ago

Hi,

After seeing this app in the .conf slides - https://conf.splunk.com/files/2019/slides/SEC1106.pdf, I am keen to get it working! I have installed the app and I can get to the setup page and enter all the correct information.

But after that, nothing happens. The scripts don't seem to run and no mail is retrieved from my dmarc mailbox. Is there something I am missing, how does the app actually run?

Cheers!

fraserc182 commented 4 years ago

After configuring the application and restarting the heavy forwarder. The add-on is now running. However I am getting an error message when it tries to read the xml files.

2020-08-06 08:25:03,368 loglevel=ERROR file=dmarc-parser.py line=234 message="A exception occured with file '/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_xml/fastmail.MYDOMAIN.co.uk_1596585600_1596671999_351097408.xml', traceback=" Traceback (most recent call last):   File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc-parser.py", line 190, in process_dmarc_xml     cli_output = run("nslookup -q=a " + str(source_ip), resolve_timeout)   File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc-parser.py", line 181, in run     process = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE)   File "/opt/splunk/lib/python2.7/subprocess.py", line 394, in __init__     errread, errwrite)   File "/opt/splunk/lib/python2.7/subprocess.py", line 1047, in _execute_child     raise child_exception OSError: [Errno 2] No such file or directory
--

I am now wondering if this is because the app is written in python3 and my heavy forwarder is still on python2.7 ?

DBorGe commented 4 years ago

How did you set it up? WHen I install it and try to setup. I always get the bellow error: The server encountered an unexpected condition which prevented it from fulfilling the request. Click here to return to Splunk homepage.

Looking at the error I see: 2020-08-20 09:19:23,237 ERROR [5f3e320a2020f4f094860] error:325 - Traceback (most recent call last): File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cprequest.py", line 606, in respond cherrypy.response.body = self.handler() File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\htmlinjectiontoolfactory.py", line 72, in wrapper resp = handler(*args, **kwargs) File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cpdispatch.py", line 25, in __call__ return self.callable(*self.args, **self.kwargs) File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\routes.py", line 366, in default return route.target(self, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 38, in rundecs return fn(*a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 119, in check return fn(self, *a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 167, in validate_ip return fn(self, *a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 335, in preform_sso_check return fn(self, *a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 374, in check_login return fn(self, *a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 394, in handle_exceptions return fn(self, *a, **kw) File "<string>", line 1, in <lambda> File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 449, in apply_cache_headers response = fn(self, *a, **kw) File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\admin.py", line 1715, in listEntities app_name = eai_acl.get('app') AttributeError: 'NoneType' object has no attribute 'get'

I've already tried in splunk 8.0.5 and 7.2.6 and never works.

aholzel commented 4 years ago

Hello,

Sorry for not responding to this earlier I didn't get any notification about it (will look into that...) I will have a look at your problems and see if I can repoduce it. On thing I can say is that the app was build on linux and on python 2.7 I didn't had time to make/test is on python 3.

DBorGe commented 4 years ago

Hi @aholzel thank you. I've tried install it in splunk version 7.2.6 which uses python 2.7 if I'm not mistaken. but I also get that same error. I'm changing the folder name to TA-dmarc also. and I already tried version 3.6.3 and 3.5.1 of your addon. Would really appreciate your help. thank you.

fraserc182 commented 4 years ago

Hi @aholzel, thanks for getting back to me. Like I say I can get the add-on running but then when it tries to read the xml files it errors. I have made sure permissions are all correct on the folders so it has the rights to read them.

Thanks for confirming it is written in 2.7. My HF is on linux also.

DBorGe commented 4 years ago

@aholzel I've found the problem with the setup was related to splunk instance beeing a windows machine. tried like 3 splunk evrsions in windows without success. then tried in linux and worked. Now i could setup the app. However, the dmarc-converter shows me this error: loglevel=CRITICAL file=dmarc-convertor.py line=234 message="Mail needs to be downloaded but only default values are set, please change ta-dmarc.conf in default or local directory. Or use the setup page for the app." But I've configured it

DBorGe commented 4 years ago

@aholzel Managed to make it work. However I had some issues with the password which doesn't make sense. It gives me this output when I set it up: 2020-08-20 12:15:17,814 loglevel=ERROR file=setup_handler.py line=200 message="An error occurred updating credentials. Please ensure your user account has admin_all_objects and/or list_storage_passwords capabilities." Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-dmarc/bin/setup_handler.py", line 193, in handleEdit service.storage_passwords.delete(username=storage_password.username) File "/opt/splunk/etc/apps/TA-dmarc/bin/splunklib/client.py", line 1857, in delete return Collection.delete(self, name) File "/opt/splunk/etc/apps/TA-dmarc/bin/splunklib/client.py", line 1597, in delete raise KeyError("No such entity %s" % name) KeyError: 'No such entity MYDOMAIN%5CMYUSER%3A'

However the TA finally is working :) thanks a lot. It seems that it doesn't work in Windows Splunk Instance.

fraserc182 commented 4 years ago

Hi @aholzel I am glad this other guy managed to get his problem sorted.

However I am now at the point where the add-on is not downloading mail from the inbox anymore. It was working initially but I moved all the xml files to the problems folder so it would stop erroring. And now it thinks there is nothing to download from the folder.

Any help would be greatly appreciated, it's very frustrating I can't seem to get this working.

Cheers.

aholzel commented 4 years ago

@fraserc182 I will have a look at it tonight when I am done with work. Do you get any errors in the connection to the mailserver? if you use pop3 and put the log_level on 10 you will also get pop3 detailed connection logs.

@DBorGe The last error message suggests a permissions/capability problem: _message="An error occurred updating credentials. Please ensure your user account has admin_all_objects and/or list_storage_passwords capabilities."_

aholzel commented 4 years ago

@fraserc182 one more question what OS are you using? and to what mailserver type are you connecting?

fraserc182 commented 4 years ago

@aholzel Yup that's perfect, appreciate you looking at this for me. I don't see any errors with connecting to the mailserver. I have got debug logs on. I'll paste the output from one run of the add-on.

2020-08-20 15:18:00,148 loglevel=DEBUG file=dmarc-convertor.py line=226 message="mailserver_host: outlook.office365.com"
2020-08-20 15:18:00,148 loglevel=DEBUG file=dmarc-convertor.py line=227 message="mailserver_port: 993"
2020-08-20 15:18:00,149 loglevel=DEBUG file=dmarc-convertor.py line=228 message="mailserver_protocol: IMAPS"
2020-08-20 15:18:00,149 loglevel=DEBUG file=dmarc-convertor.py line=229 message="mailserver_user: ppl.dmarc@DOMAIN.onmicrosoft.com"
2020-08-20 15:18:00,149 loglevel=DEBUG file=dmarc-convertor.py line=230 message="mailserver_mailboxfolder: Testing"
2020-08-20 15:18:00,149 loglevel=DEBUG file=dmarc-convertor.py line=238 message="script_dir=/opt/splunk/etc/apps/TA-dmarc/bin"
2020-08-20 15:18:00,149 loglevel=DEBUG file=dmarc-convertor.py line=239 message="app_root_dir=/opt/splunk/etc/apps/TA-dmarc"
2020-08-20 15:18:00,150 loglevel=DEBUG file=dmarc-convertor.py line=240 message="log_root_dir=/opt/splunk/etc/apps/TA-dmarc/logs"
2020-08-20 15:18:00,150 loglevel=DEBUG file=dmarc-convertor.py line=241 message="attachment_dir=/opt/splunk/etc/apps/TA-dmarc/logs/attach_raw"
2020-08-20 15:18:00,150 loglevel=DEBUG file=dmarc-convertor.py line=242 message="problem_dir=/opt/splunk/etc/apps/TA-dmarc/logs/problems"
2020-08-20 15:18:00,150 loglevel=DEBUG file=dmarc-convertor.py line=243 message="xml_dir=/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_xml"
2020-08-20 15:18:00,150 loglevel=DEBUG file=dmarc-convertor.py line=244 message="app_log_dir=/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_splunk"
2020-08-20 15:18:00,151 loglevel=DEBUG file=dmarc-convertor.py line=245 message="splunk_bin_dir=/opt/splunk/bin"
2020-08-20 15:18:00,151 loglevel=DEBUG file=dmarc-convertor.py line=248 message="mailserver_host=outlook.office365.com"
2020-08-20 15:18:00,151 loglevel=DEBUG file=dmarc-convertor.py line=249 message="mailserver_port=993"
2020-08-20 15:18:00,151 loglevel=DEBUG file=dmarc-convertor.py line=250 message="mailserver_protocol=IMAPS"
2020-08-20 15:18:00,151 loglevel=DEBUG file=dmarc-convertor.py line=251 message="mailserver_user=ppl.dmarc@DOMAIN.onmicrosoft.com"
2020-08-20 15:18:00,152 loglevel=DEBUG file=dmarc-convertor.py line=252 message="mailserver_mailboxfolder=Testing"
2020-08-20 15:18:00,152 loglevel=DEBUG file=dmarc-convertor.py line=254 message="skip_mail_download=0, (0 = download mails from server, 1 =  do not download mails from server)"
2020-08-20 15:18:00,152 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/logs" already exists"
2020-08-20 15:18:00,152 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/logs/attach_raw" already exists"
2020-08-20 15:18:00,153 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/logs/problems" already exists"
2020-08-20 15:18:00,153 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_xml" already exists"
2020-08-20 15:18:00,153 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_splunk" already exists"
2020-08-20 15:18:00,153 loglevel=DEBUG file=dmarc-convertor.py line=107 message="Directory "/opt/splunk/etc/apps/TA-dmarc/local" already exists"
2020-08-20 15:18:00,154 loglevel=INFO file=dmarc-convertor.py line=287 message="Start the download of mails"
2020-08-20 15:18:00,154 loglevel=DEBUG file=dmarc-convertor.py line=291 message="mail_client_command: ['/opt/splunk/bin/splunk', 'cmd', 'python', '/opt/splunk/etc/apps/TA-dmarc/bin/mail-client.py', '--use_conf_file', '--sessionKey', 'cDWVxUtVdwV9ie18CfrD^qTFNShLXxz4SfPN38HfLeat^25R7UXdRGSAptm3W3d5sl8uwqVUHBFoWx^wvBrZj2iUtJ6u9NJ2QzjZIR_caU7']"
2020-08-20 15:18:00,292 loglevel=INFO file=mail-client.py line=138 message="Getting configuration from conf file ta-dmarc.conf"
2020-08-20 15:18:00,485 loglevel=INFO file=dmarc-convertor.py line=299 message="Done fetching emails."
2020-08-20 15:18:00,485 loglevel=INFO file=dmarc-convertor.py line=307 message="Start uncompressing files in the attachment directory"
2020-08-20 15:18:00,486 loglevel=INFO file=dmarc-convertor.py line=392 message="Done uncompressing 0 file(s) in the attachment directory"
2020-08-20 15:18:00,486 loglevel=INFO file=dmarc-convertor.py line=454 message="Start processing files in the xml directory"
2020-08-20 15:18:00,486 loglevel=INFO file=dmarc-convertor.py line=507 message="Done processing 0 file(s) in the xml directory"
2020-08-20 15:18:00,486 loglevel=DEBUG file=dmarc-convertor.py line=516 message="Check to see if there are still files left in the attachment_dir."
2020-08-20 15:18:00,486 loglevel=DEBUG file=dmarc-convertor.py line=536 message="No files left in "/opt/splunk/etc/apps/TA-dmarc/logs/attach_raw""

And the mailserver is office365 over IMAPS, the OS is centos7.

DBorGe commented 4 years ago

@fraserc182 are you sure you still have emails in the "Inbox" ? (make sure its in English, that mailbox language) Also, make sure you have in the "Inbox" folder emails with subject: "Report Domain"

It seems you are connecting, but no emails are found.

aholzel commented 4 years ago

@fraserc182 it look like that you don't have any emails in that Testing folder that you specified in the config, just as @DBorGe also suggested. I just tested it with a normal outlook account and it works "out-of-the-box"

You should also see something like this in the logs/Splunk:

2020-08-20 20:06:00,195 loglevel=DEBUG file=mail-client.py line=147 message="host: Outlook.office365.com; port: 993; protocol: IMAPS; user: *****@outlook.com; folder: dmarc_test"
2020-08-20 20:06:00,195 loglevel=DEBUG file=mail-client.py line=160 message="Setting up a IMAP SSL connection to server: Outlook.office365.com on port: 993"
2020-08-20 20:06:00,267 loglevel=INFO file=mail-client.py line=175 message="Logging in as user: *****@outlook.com"
2020-08-20 20:06:00,373 loglevel=DEBUG file=mail-client.py line=180 message="Authentication succesfull for user: *****@outlook.com"
2020-08-20 20:06:00,433 loglevel=INFO file=mail-client.py line=188 message="There are 1 messages in folder: dmarc_test"
2020-08-20 20:06:00,438 loglevel=DEBUG file=mail-client.py line=195 message="Mailbox status: ('OK', ['dmarc_test (MESSAGES 1 RECENT 1 UIDNEXT 2 UIDVALIDITY 300 UNSEEN 1) '])"
2020-08-20 20:06:00,443 loglevel=DEBUG file=mail-client.py line=200 message="Message ID's currently in the mailbox: ['1']"
2020-08-20 20:06:00,482 loglevel=DEBUG file=mail-client.py line=206 message="Message id: 1, flags: ['1 (FLAGS (\\Recent))']"
2020-08-20 20:06:00,587 loglevel=DEBUG file=mail-client.py line=217 message="Message id: 1, Response is OK, continue"
2020-08-20 20:06:00,587 loglevel=DEBUG file=mail-client.py line=226 message="Message id: 1, Sender: FIRST LAST <*****@outlook.com>"
2020-08-20 20:06:00,587 loglevel=DEBUG file=mail-client.py line=228 message="Message id: 1, Content main type: multipart, content type: multipart/mixed"
2020-08-20 20:06:00,587 loglevel=DEBUG file=mail-client.py line=238 message="Message id: 1, Attachment found, name: google.com!DOMAIN.com!1525903200!1525978800.zip"

I also eddited you comment and changed the email address that was still in there.

fraserc182 commented 4 years ago

@aholzel thanks for removing that email address for me, I didn't notice it. Okay so I've made a new folder, named dmarc_test and pointed the configuration towards it. There are currently 6 dmarc aggregate emails within the folder.

But the output is the same, it still thinks there is nothing for it to do. I think it has stopped trying to log in to the mailbox. I haven;t had that mesage "Logging in as User" since 11am this morning.

So now it seems I have two issues. I am going to test with a new mailbox to see if that is the problem.

Edit: Tested with a new mailbox and the result is the same. Doesn't seem to log in to the mailbox and doesn't give any error messages as to why not.

aholzel commented 4 years ago

@fraserc182 do you see anything in your splunk internal log?

index=_internal sourcetype=splunkd dmarc ExecProcessor | reverse

will sometimes give you some uncatched exeptions that I didn't think of when building the script..

fraserc182 commented 4 years ago

@aholzel Right enough there are errors in there since 11am today.

08-20-2020   12:01:21.901 +0100 INFO  ExecProcessor   - New scheduled exec process: python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py
--
08-20-2020 12:02:00.006 +0100 INFO  ExecProcessor - setting   reschedule_ms=119994, for command=python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py" Traceback (most   recent call last):
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/mail-client.py", line 144, in   <module>
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     args.password =   splunk_info.get_credentials(args.user)
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/classes/splunk_info.py", line   249, in get_credentials
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     for i, c in entities.items():
08-20-2020 12:02:00.852 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py" UnboundLocalError:   local variable 'entities' referenced before assignment
08-20-2020 12:04:00.003 +0100 INFO  ExecProcessor - setting   reschedule_ms=119997, for command=python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py" Traceback (most   recent call last):
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/mail-client.py", line 144, in   <module>
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     args.password =   splunk_info.get_credentials(args.user)
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/classes/splunk_info.py", line   249, in get_credentials
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     for i, c in entities.items():
08-20-2020 12:04:00.530 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py" UnboundLocalError:   local variable 'entities' referenced before assignment
08-20-2020 12:06:00.000 +0100 INFO  ExecProcessor - setting   reschedule_ms=120000, for command=python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py
08-20-2020 12:06:00.455 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py" Traceback (most   recent call last):
08-20-2020 12:06:00.456 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/mail-client.py", line 144, in   <module>
08-20-2020 12:06:00.456 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     args.password =   splunk_info.get_credentials(args.user)
08-20-2020 12:06:00.456 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"   File   "/opt/splunk/etc/apps/TA-dmarc/bin/classes/splunk_info.py", line   249, in get_credentials
08-20-2020 12:06:00.456 +0100 ERROR   ExecProcessor - message from "python   /opt/splunk/etc/apps/TA-dmarc/bin/dmarc-convertor.py"     for i, c in entities.items():

I am going to reinstall the add-on completely to have a fresh start. Is there a preferred method of installing? I think I just copied the folder into into /opt/splunk/etc/apps/ the first time but it can be installed through the gui as well.

fraserc182 commented 4 years ago

Hi @aholzel I reinstalled the add-on, everything is vanilla except my ta-dmarc.conf file of course. The add-on is now logging in and retrieving the files and I am still getting the original error message.

 2020-08-20 22:34:02,008 loglevel=ERROR file=dmarc-parser.py line=234 message="A exception occured with file '/opt/splunk/etc/apps/TA-dmarc/logs/dmarc_xml/google.com_domain_1597795200_1597881599.xml', traceback="
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc-parser.py", line 190, in process_dmarc_xml
    cli_output = run("nslookup -q=a " + str(source_ip), resolve_timeout)
  File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc-parser.py", line 181, in run
    process = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  File "/opt/splunk/lib/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/opt/splunk/lib/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
2020-08-20 22:34:02,009 loglevel=ERROR file=dmarc-parser.py line=243 message="Could not move file to the problem directory, please remove the file manually"
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc-parser.py", line 239, in process_dmarc_xml
    os.rename(xml_file,new_problem_file)
OSError: [Errno 2] No such file or directory
aholzel commented 4 years ago

hello @fraserc182

Can you check on the cli if you have nslookup available? I think on Centos7 it is not by default installed anymore, that might be the problem of the above error.

fraserc182 commented 4 years ago

@aholzel Yup that was it! Installed bind-utils on the box and it runs without any problems now.

Many thanks for your help on this one. I'll mark this closed off now.

aholzel commented 4 years ago

@fraserc182 Great! I will look into it and try to remove that dependency. I will see if i can use dnspyhton as i already do in my TA-dnslookup

hope the app helps you in getting more insight in you dmarc reports

DBorGe commented 4 years ago

@aholzel if you can have a look at my open issue on SA-dmarc I would really appreciate it. Thank you.