Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMTP TLS Report not parsed #568

Open
viglianesed opened this issue Oct 7, 2024 · 2 comments
Open

SMTP TLS Report not parsed #568

viglianesed opened this issue Oct 7, 2024 · 2 comments

Comments

@viglianesed
Copy link

The TLS reports from Google are not being parsed.

The attachment extension is .json.gz and it prints the following error:

ERROR:cli.py:1417:Failed to parse /input/google.com!xenith.co.uk!1727049600!1727135999!001.json.gz - Not a valid report

It works if the .json file is manually extracted and uploaded to the input folder.
@seanthegeek
Copy link
Contributor

Parsing SMTP TLS reports was recently fixed. Please make sure that you are using the latest release.

@viglianesed
Copy link
Author

I've tried both the current latest release 8.15.1 and built the docker image from source but the issue still present:

    INFO:cli.py:1204:Starting parsedmarc
   DEBUG:__init__.py:1365:Parsing /input/google.com!xenith.co.uk!1727049600!1727135999!001.json
   DEBUG:__init__.py:1365:Parsing /input/google.com!xenith.co.uk!1727136000!1727222399!001.json.gz
   DEBUG:__init__.py:1365:Parsing /input/microsoft.com!xenith.co.uk!1726963200!1727049599!133715927483468703.json.gz
   DEBUG:__init__.py:1365:Parsing /input/google.com!xenith.co.uk!1726963200!1727049599!001.json.gz
   DEBUG:__init__.py:1365:Parsing /input/google.com!ut-3.co.uk!1727136000!1727222399!001.json.gz
   DEBUG:__init__.py:1365:Parsing /input/google.com!xenith.co.uk!1727049600!1727135999!001.json.gz
   DEBUG:__init__.py:1365:Parsing /input/microsoft.com!xenith.co.uk!1727049600!1727135999!133716797973248040.json.gz
   ERROR:cli.py:1417:Failed to parse /input/google.com!xenith.co.uk!1727136000!1727222399!001.json.gz - Not a valid report
   ERROR:cli.py:1417:Failed to parse /input/microsoft.com!xenith.co.uk!1726963200!1727049599!133715927483468703.json.gz - Not a valid report
   ERROR:cli.py:1417:Failed to parse /input/google.com!xenith.co.uk!1726963200!1727049599!001.json.gz - Not a valid report
   ERROR:cli.py:1417:Failed to parse /input/google.com!ut-3.co.uk!1727136000!1727222399!001.json.gz - Not a valid report
   ERROR:cli.py:1417:Failed to parse /input/google.com!xenith.co.uk!1727049600!1727135999!001.json.gz - Not a valid report
   ERROR:cli.py:1417:Failed to parse /input/microsoft.com!xenith.co.uk!1727049600!1727135999!133716797973248040.json.gz - Not a valid report
    INFO:elastic.py:691:Saving smtp tls report to Elasticsearch
 WARNING:cli.py:299:An SMTP TLS report ID 2024-09-23T00:00:00Z_xenith.co.uk from  Google Inc. with a date range of 2024-09-23 00:00:00Z UTC to 2024-09-23 23:59:59Z UTC already exists in Elasticsearch

the only modification I made to the docker image is a start script that runs parsedmarc and then waits 60s.

I've also tried multiple attachments just in case it was a single corrupt file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seanthegeek @viglianesed