Smtp-tls feature update (#459)

* Fix Log analytics & Fix save_smtp_tls bug * Updated documentation
domainaware · Jan 11, 2024 · 55ea280 · 55ea280
1 parent 5716a45
commit 55ea280
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 6 deletions.
diff --git a/docs/source/output.md b/docs/source/output.md
@@ -187,3 +187,46 @@ Thanks to GitHub user [xennn](https://github.com/xennn) for the anonymized
 feedback_type,user_agent,version,original_envelope_id,original_mail_from,original_rcpt_to,arrival_date,arrival_date_utc,subject,message_id,authentication_results,dkim_domain,source_ip_address,source_country,source_reverse_dns,source_base_domain,delivery_result,auth_failure,reported_domain,authentication_mechanisms,sample_headers_only
 auth-failure,Lua/1.0,1.0,,sharepoint@domain.de,peter.pan@domain.de,"Mon, 01 Oct 2018 11:20:27 +0200",2018-10-01 09:20:27,Subject,<38.E7.30937.BD6E1BB5@ mailrelay.de>,"dmarc=fail (p=none, dis=none) header.from=domain.de",,10.10.10.10,,,,policy,dmarc,domain.de,,False
 ```
+
+### JSON SMTP TLS report
+
+```json
+[
+  {
+    "organization_name": "Example Inc.",
+    "begin_date": "2024-01-09T00:00:00Z",
+    "end_date": "2024-01-09T23:59:59Z",
+    "report_id": "2024-01-09T00:00:00Z_example.com",
+    "policies": [
+      {
+        "policy_domain": "example.com",
+        "policy_type": "sts",
+        "policy_strings": [
+          "version: STSv1",
+          "mode: testing",
+          "mx: example.com",
+          "max_age: 86400"
+        ],
+        "successful_session_count": 0,
+        "failed_session_count": 3,
+        "failure_details": [
+          {
+            "result_type": "validation-failure",
+            "failed_session_count": 2,
+            "sending_mta_ip": "209.85.222.201",
+            "receiving_ip": "173.212.201.41",
+            "receiving_mx_hostname": "example.com"
+          },
+          {
+            "result_type": "validation-failure",
+            "failed_session_count": 1,
+            "sending_mta_ip": "209.85.208.176",
+            "receiving_ip": "173.212.201.41",
+            "receiving_mx_hostname": "example.com"
+          }
+        ]
+      }
+    ]
+  }
+]
+```
diff --git a/docs/source/usage.md b/docs/source/usage.md
@@ -300,6 +300,7 @@ The full set of configuration options are:
   - `dcr_immutable_id` - str: The immutable ID of the Data Collection Rule (DCR)
   - `dcr_aggregate_stream` - str: The stream name for aggregate reports in the DCR
   - `dcr_forensic_stream` - str: The stream name for the forensic reports in the DCR
+  - `dcr_smtp_tls_stream` - str: The stream name for the SMTP TLS reports in the DCR
 
   :::{note}
     Information regarding the setup of the Data Collection Rule can be found [here](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-portal).

diff --git a/parsedmarc/cli.py b/parsedmarc/cli.py
@@ -228,7 +228,8 @@ def process_reports(reports_):
                     dce=opts.la_dce,
                     dcr_immutable_id=opts.la_dcr_immutable_id,
                     dcr_aggregate_stream=opts.la_dcr_aggregate_stream,
-                    dcr_forensic_stream=opts.la_dcr_forensic_stream
+                    dcr_forensic_stream=opts.la_dcr_forensic_stream,
+                    dcr_smtp_tls_stream=opts.la_dcr_smtp_tls_stream
                 )
                 la_client.publish_results(
                     reports_,
@@ -406,7 +407,8 @@ def process_reports(reports_):
                      la_dce=None,
                      la_dcr_immutable_id=None,
                      la_dcr_aggregate_stream=None,
-                     la_dcr_forensic_stream=None
+                     la_dcr_forensic_stream=None,
+                     la_dcr_smtp_tls_stream=None
                      )
     args = arg_parser.parse_args()
 
@@ -454,7 +456,7 @@ def process_reports(reports_):
             if "save_forensic" in general_config:
                 opts.save_forensic = general_config["save_forensic"]
             if "save_smtp_tls" in general_config:
-                opts.save_forensic = general_config["save_smtp_tls"]
+                opts.save_smtp_tls = general_config["save_smtp_tls"]
             if "debug" in general_config:
                 opts.debug = general_config.getboolean("debug")
             if "verbose" in general_config:
@@ -846,6 +848,8 @@ def process_reports(reports_):
                 log_analytics_config.get("dcr_aggregate_stream")
             opts.la_dcr_forensic_stream = \
                 log_analytics_config.get("dcr_forensic_stream")
+            opts.la_dcr_smtp_tls_stream = \
+                log_analytics_config.get("dcr_smtp_tls_stream")
 
     logger.setLevel(logging.ERROR)
 

diff --git a/parsedmarc/loganalytics.py b/parsedmarc/loganalytics.py
@@ -36,6 +36,10 @@ class LogAnalyticsConfig():
             The Stream name where
             the Forensic DMARC reports
             need to be pushed.
+        dcr_smtp_tls_stream (str):
+            The Stream name where
+            the SMTP TLS Reports
+            need to be pushed.
     """
     def __init__(
             self,
@@ -45,14 +49,16 @@ def __init__(
             dce: str,
             dcr_immutable_id: str,
             dcr_aggregate_stream: str,
-            dcr_forensic_stream: str):
+            dcr_forensic_stream: str,
+            dcr_smtp_tls_stream: str):
         self.client_id = client_id
         self.client_secret = client_secret
         self.tenant_id = tenant_id
         self.dce = dce
         self.dcr_immutable_id = dcr_immutable_id
         self.dcr_aggregate_stream = dcr_aggregate_stream
         self.dcr_forensic_stream = dcr_forensic_stream
+        self.dcr_smtp_tls_stream = dcr_smtp_tls_stream
 
 
 class LogAnalyticsClient(object):
@@ -69,15 +75,17 @@ def __init__(
             dce: str,
             dcr_immutable_id: str,
             dcr_aggregate_stream: str,
-            dcr_forensic_stream: str):
+            dcr_forensic_stream: str,
+            dcr_smtp_tls_stream: str):
         self.conf = LogAnalyticsConfig(
             client_id=client_id,
             client_secret=client_secret,
             tenant_id=tenant_id,
             dce=dce,
             dcr_immutable_id=dcr_immutable_id,
             dcr_aggregate_stream=dcr_aggregate_stream,
-            dcr_forensic_stream=dcr_forensic_stream
+            dcr_forensic_stream=dcr_forensic_stream,
+            dcr_smtp_tls_stream=dcr_smtp_tls_stream
         )
         if (
                 not self.conf.client_id or

diff --git a/samples/smtp_tls/smtp_tls.json b/samples/smtp_tls/smtp_tls.json
@@ -0,0 +1,43 @@
+{
+    "organization-name":"Example Inc.",
+    "date-range":{
+       "start-datetime":"2024-01-09T00:00:00Z",
+       "end-datetime":"2024-01-09T23:59:59Z"
+    },
+    "contact-info":"smtp-tls-reporting@example.com",
+    "report-id":"2024-01-09T00:00:00Z_example.com",
+    "policies":[
+       {
+          "policy":{
+             "policy-type":"sts",
+             "policy-string":[
+                "version: STSv1",
+                "mode: testing",
+                "mx: example.com",
+                "max_age: 86400"
+             ],
+             "policy-domain":"example.com"
+          },
+          "summary":{
+             "total-successful-session-count":0,
+             "total-failure-session-count":3
+          },
+          "failure-details":[
+             {
+                "result-type":"validation-failure",
+                "sending-mta-ip":"209.85.222.201",
+                "receiving-ip":"173.212.201.41",
+                "receiving-mx-hostname":"example.com",
+                "failed-session-count":2
+             },
+             {
+                "result-type":"validation-failure",
+                "sending-mta-ip":"209.85.208.176",
+                "receiving-ip":"173.212.201.41",
+                "receiving-mx-hostname":"example.com",
+                "failed-session-count":1
+             }
+          ]
+       }
+    ]
+}