search

domainaware / parsedmarc

A Python package and CLI for parsing aggregate and forensic DMARC reports
https://domainaware.github.io/parsedmarc/
Apache License 2.0
995 stars 213 forks source link

ERROR:cli.py:165:Forensic report missing required field: 'feedback_type' #332

Open martinwrightgithub opened 2 years ago

martinwrightgithub commented 2 years ago

I would appreciate your help with this issue I'm having...

Parsedmarc is moving reports from inbox to archived/forensic in outlook, but Kibana shows no data only the message No matching indices found: No indices match pattern "dmarc_aggregate*"

Looking at in parsedmarc I found this message. 


   DEBUG:__init__.py:1176:Moving forensic report messages from INBOX to Archive/Forensic
   DEBUG:__init__.py:1183:Moving message 1 of 4: UID 89
   DEBUG:__init__.py:1183:Moving message 2 of 4: UID 90
   DEBUG:__init__.py:1183:Moving message 3 of 4: UID 91
   DEBUG:__init__.py:1183:Moving message 4 of 4: UID 92
    INFO:elastic.py:431:Saving forensic report to Elasticsearch
   ERROR:cli.py:165:Forensic report missing required field: 'feedback_type'
    INFO:elastic.py:431:Saving forensic report to Elasticsearch
   ERROR:cli.py:165:Forensic report missing required field: 'feedback_type'
    INFO:elastic.py:431:Saving forensic report to Elasticsearch
   ERROR:cli.py:165:Forensic report missing required field: 'feedback_type'
    INFO:elastic.py:431:Saving forensic report to Elasticsearch
   ERROR:cli.py:165:Forensic report missing required field: 'feedback_type'```
rainer-tammer commented 2 years ago

Hello, I do have the same/a similar problem:

parsedmarc 8.3.1 elasticsearch-8.4.2-1.x86_64 kibana-8.4.2-1.x86_64

DEBUG:init.py:1152:Moving aggregate report messages from INBOX to Archive/Aggregate DEBUG:init.py:1159:Moving message 1 of 2: UID 9 DEBUG:init.py:1159:Moving message 2 of 2: UID 10 DEBUG:init.py:1171:Moving forensic report messages from INBOX to Archive/Forensic DEBUG:init.py:1179:Moving message 1 of 2: UID 11 DEBUG:init.py:1179:Moving message 2 of 2: UID 12 INFO:elastic.py:295:Saving aggregate report to Elasticsearch DEBUG:elastic.py:215:Creating Elasticsearch index: dmarc_aggregate-2022-09-19 INFO:elastic.py:295:Saving aggregate report to Elasticsearch INFO:elastic.py:428:Saving forensic report to Elasticsearch ERROR:cli.py:183:Forensic report missing required field: 'feedback_type' INFO:elastic.py:428:Saving forensic report to Elasticsearch ERROR:cli.py:183:Forensic report missing required field: 'feedback_type' DEBUG:init.py:1430:Emailing report to: xxx@acme.com ERROR:cli.py:988:[Errno 2] No such file or directory: '/tmp/tmpwhm4yr9j/aggregate.json'

Any help is appreciated.

Bye Rainer

rainer-tammer commented 2 years ago

Hello, I have downgraded elasticsearch/kibane to 7.17.6.

Different issue:

DEBUG:cli.py:889:Skipping IMAP certificate verification DEBUG:init.py:1087:Found 3 messages in INBOX DEBUG:init.py:1095:Processing 3 messages DEBUG:init.py:1099:Processing message 1 of 3: UID 14 INFO:init.py:805:Parsing mail from xx xx xxx@acme.com DEBUG:init.py:1099:Processing message 2 of 3: UID 15 INFO:init.py:805:Parsing mail from xx xx xxx@acme.com DEBUG:init.py:1099:Processing message 3 of 3: UID 16 INFO:init.py:805:Parsing mail from xx xx xxx@acme.com DEBUG:init.py:1152:Moving aggregate report messages from INBOX to Archive/Aggregate DEBUG:init.py:1159:Moving message 1 of 3: UID 14 DEBUG:init.py:1159:Moving message 2 of 3: UID 15 DEBUG:init.py:1159:Moving message 3 of 3: UID 16 INFO:elastic.py:295:Saving aggregate report to Elasticsearch DEBUG:elastic.py:215:Creating Elasticsearch index: dmarc_aggregate-2022-09-19 INFO:elastic.py:295:Saving aggregate report to Elasticsearch INFO:elastic.py:295:Saving aggregate report to Elasticsearch DEBUG:init.py:1430:Emailing report to: xxx@acme.com ERROR:cli.py:988:[Errno 2] No such file or directory: '/tmp/tmp3vzxibsh/aggregate.json' <--- here

Bye Rainer

rainer-tammer commented 2 years ago

Hello, I think that the "feedback_type" problem was coming from a V8 elasticsearch/kibana.

The ERROR:cli.py:988:[Errno 2] No such file or directory: '/tmp/tmp3vzxibsh/aggregate.json' is probably an unrelated issue.

Bye Rainer

hlager commented 2 years ago

Hello, We are facing the same issue with Elasticsearch 8.4.2. Is there any possibility to get parsedmarc running with an newer version of Elasticsearch?

Thanks and best regards Hendrik

rainer-tammer commented 2 years ago

Hello, I had major problem with the V8 elasticsearch/kibana. I have downgraded to the last 7.x releases. I still get the error:

ERROR:cli.py:183:Forensic report missing required field: 'feedback_type'

Bye Rainer

rileonar commented 1 year ago

Hello, I have the same error: ERROR - [cli.py:183] - Forensic report missing required field: 'feedback_type'

No elasticsearch index created for forensic reports.

parsedmarc version: 8.3.2 elasticsearch version: 7.17.6

Any help is appreciated. Riccardo

rainer-tammer commented 1 year ago

Hello, Any news about this problem? Is someone still working on this project?

Bye Rainer

eekdood commented 1 year ago

I am working through the same issue. One thing that I have found is the differences in "Content-Type" headers.

Successfully imported reports seem to contain Content-Type: multipart/report; report-type=feedback-report or no "Content-Type" header at all. While failed imports contain Content-Type: multipart/report;