jertel
commented
6 years ago You'll need to provide a sample of one of these DMARC reports and emails. However, I don't see how it would be different. The DMARC reports I currently receive are all standardized, regardless of them being sent by Yahoo, Comcast, Amazon, etc. They are also consistently named, consistently gzipped, etc. So I can't help but wonder if you have some email preprocess that is manipulating the reports before they reach the dmarc2logstash POP3 account.
Twibow
Hello,
Thank's for your stuff, but I encounter two problem :
First : The script does not recognize attachments (with true DMARC Report). My mail is in "read" status in my mailbox, but dmarc2logstash consider it "Preserving email message since it is not a DMARC report;"
Second : I've test to send a XML DMARC report unzip directly in my dedicated mailbox. The script connect and read the mail, but don't interpreter it and generate a Python error :
Traceback (most recent call last): File "dmarc2logstash.py", line 150, in <module> sys.exit(main()) File "dmarc2logstash.py", line 147, in main start(server, username, password, sleepSec, jsonOutputFile) File "dmarc2logstash.py", line 114, in start download(server, username, password, jsonOutputFile) File "dmarc2logstash.py", line 44, in download successCount = parseAttachments(jsonOutputFile, msg) File "dmarc2logstash.py", line 64, in parseAttachments if parse(jsonOutputFile, str(data)): File "dmarc2logstash.py", line 91, in parse record['auth_dkim_domain'] = child.find('auth_results').find('dkim').find('domain').text AttributeError: 'NoneType' object has no attribute 'find'