IP field in wrong order relativ to other values for this host

LoremoCH commented 3 years ago

I am using dmarc-cat 0.14 installed via debian bullseye/testing 1.

I currently have a very strange error with dmarc-cat.The first column (IP) is sometimes (not always) displayed in the wrong order, the other columns are correct. The behaviour is the same, no matter from whom the report comes. It behaves the same whether dns ptr requests are active or not.

The video below shows the behaviour. The part of the IP, FROM and RFROM fields are displayed correctly, I removed them for privacy reasons.

https://user-images.githubusercontent.com/6465374/127348725-a8972141-0402-4f1c-8911-bd5d1b618fe1.mp4

pschonmann commented 3 years ago

Same shit here ! Actually cloned repo and installed. Still not working. Im getting fail result on ips where in report i see everything pass. Option -N /w or /wo, same situation

lillesvin commented 3 years ago

I ran into this as well. The issue seems to be in the parralellization. Running it with -j 1 seems to work around the issue but makes the program much slower if you're doing rDNS lookups, so adding -N too might be a good idea.

darioseidl commented 1 year ago

I noticed this as well today, here is the output for a report with default options:

dmarc-cat 0.15.0,parallel/j8 by Ollivier Robert

Reporting by: Enterprise Outlook — dmarcreport@microsoft.com
From 2023-11-26 01:00:00 +0100 CET to 2023-11-27 01:00:00 +0100 CET

Domain: [redacted]
Policy: p=none; dkim=r; spf=r

Reports(14):
IP                                      Count   From          RFrom         RDKIM   RSPF    
mail30.world4you.com.                   21      [redacted] amazonses.com pass    fail    
a7-51.smtp-out.eu-west-1.amazonses.com. 16      [redacted] amazonses.com pass    fail    
a7-43.smtp-out.eu-west-1.amazonses.com. 2       [redacted] amazonses.com pass    pass    
a7-42.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-45.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-51.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
mail16.world4you.com.                   1       [redacted] amazonses.com pass    pass    
a7-39.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-41.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-44.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-32.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-45.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-33.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-47.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass

and the output for the same report with no rRDS lookups (-N):

dmarc-cat 0.15.0,parallel/j8 by Ollivier Robert

Reporting by: Enterprise Outlook — dmarcreport@microsoft.com
From 2023-11-26 01:00:00 +0100 CET to 2023-11-27 01:00:00 +0100 CET

Domain: [redacted]
Policy: p=none; dkim=r; spf=r

Reports(14):
IP           Count   From          RFrom         RDKIM   RSPF    
81.19.149.85 21      [redacted] amazonses.com pass    fail    
81.19.149.36 16      [redacted] amazonses.com pass    fail    
54.240.7.43  2       [redacted] amazonses.com pass    pass    
54.240.7.51  1       [redacted] amazonses.com pass    pass    
54.240.7.51  1       [redacted] amazonses.com pass    pass    
54.240.7.45  1       [redacted] amazonses.com pass    pass    
54.240.7.42  1       [redacted] amazonses.com pass    pass    
54.240.7.39  1       [redacted] amazonses.com pass    pass    
54.240.7.45  1       [redacted] amazonses.com pass    pass    
54.240.7.32  1       [redacted] amazonses.com pass    pass    
54.240.7.44  1       [redacted] amazonses.com pass    pass    
54.240.7.41  1       [redacted] amazonses.com pass    pass    
54.240.7.33  1       [redacted] amazonses.com pass    pass    
54.240.7.47  1       [redacted] amazonses.com pass    pass

Without rRDS lookups, the IP addresses are correct. In the first ouput the "IP" column is wrong, e.g. it shows amazonses where it should say world4you in the second line.

Edit: Using -j 1 to disable parallelization indeed returns the correct output:

dmarc-cat 0.15.0,parallel/j1 by Ollivier Robert

Reporting by: Enterprise Outlook — dmarcreport@microsoft.com
From 2023-11-26 01:00:00 +0100 CET to 2023-11-27 01:00:00 +0100 CET

Domain: [redacted]
Policy: p=none; dkim=r; spf=r

Reports(14):
IP                                      Count   From          RFrom         RDKIM   RSPF    
mail30.world4you.com.                   21      [redacted] amazonses.com pass    fail    
mail16.world4you.com.                   16      [redacted] amazonses.com pass    fail    
a7-43.smtp-out.eu-west-1.amazonses.com. 2       [redacted] amazonses.com pass    pass    
a7-51.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-51.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-45.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-42.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-39.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-45.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-32.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-44.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-41.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-33.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass    
a7-47.smtp-out.eu-west-1.amazonses.com. 1       [redacted] amazonses.com pass    pass

keltia / dmarc-cat

IP field in wrong order relativ to other values for this host #12