search

domainaware / parsedmarc

A Python package and CLI for parsing aggregate and forensic DMARC reports
https://domainaware.github.io/parsedmarc/
Apache License 2.0
981 stars 212 forks source link

Issues starting ParseDMARC service #350

Closed highbrowed closed 1 year ago

highbrowed commented 1 year ago

I have had ParseDMARC working for over a year and it has worked beautifully. I logged in for the first time in several months and saw that there was no recent report data. After some digging I discovered that DMARC report ingestion stopped suddenly on 7/22. Tried a reboot of the server and it did not resolve the issue. Checking the parsedmarc service after reboot it is stuck in activating and will not start. 

 parsedmarc.service - parsedmarc mailbox watcher
   Loaded: loaded (/etc/systemd/system/parsedmarc.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Mon 2022-09-12 19:17:44 UTC; 1min 45s ago
     Docs: https://domainaware.github.io/parsedmarc/
  Process: 6848 ExecStart=/usr/local/bin/parsedmarc -c /etc/parsedmarc.ini (code=exited, status=1/FAILURE)
 Main PID: 6848 (code=exited, status=1/FAILURE)

Sep 12 19:17:44 c0pdmarc01-usea1a systemd[1]: parsedmarc.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 19:17:44 c0pdmarc01-usea1a systemd[1]: parsedmarc.service: Failed with result 'exit-code'.

dmarcadmin@c0pdmarc01-usea1a:/var/log$ sudo journalctl -eu parsedmarc
Sep 12 19:17:40 c0pdmarc01-usea1a systemd[1]: Started parsedmarc mailbox watcher.
Sep 12 19:17:41 c0pdmarc01-usea1a parsedmarc[6848]: /usr/local/lib/python3.6/dist-packages/elasticsearch/connection/base.py:200: ElasticsearchWarning: Elasticsearch built-in security features are not enabled. Without authentication, your
Sep 12 19:17:41 c0pdmarc01-usea1a parsedmarc[6848]:   warnings.warn(message, category=ElasticsearchWarning)
Sep 12 19:17:44 c0pdmarc01-usea1a parsedmarc[6848]:  WARNING:utils.py:311:IP database is more than a month old
Sep 12 19:17:44 c0pdmarc01-usea1a parsedmarc[6848]:    ERROR:cli.py:744:IMAP Error: Document is empty, line 1, column 1 (<string>, line 1)
Sep 12 19:17:44 c0pdmarc01-usea1a systemd[1]: parsedmarc.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 19:17:44 c0pdmarc01-usea1a systemd[1]: parsedmarc.service: Failed with result 'exit-code'.

Any thoughts on how I can troubleshoot this issue? I have searched the interwebs but have not been successful so I figured I'd ask the source.

Thanks!!

highbrowed commented 1 year ago

Disregard. After giving it some time it appears that the issue has been resolved and DMARC reports are being ingested. Thanks for all your work on this tool, it is amazing.