From d964dc621451bd5d95fb641170fc733548979fb4 Mon Sep 17 00:00:00 2001 From: Sean Whalen Date: Tue, 2 Apr 2024 12:35:26 -0400 Subject: [PATCH] Update docs --- _modules/index.html | 4 +- _modules/parsedmarc.html | 208 ++++++++++++++++++++-------- _modules/parsedmarc/elastic.html | 8 +- _modules/parsedmarc/opensearch.html | 8 +- _modules/parsedmarc/splunk.html | 4 +- _modules/parsedmarc/utils.html | 47 +++++-- _sources/usage.md.txt | 5 + _static/documentation_options.js | 2 +- api.html | 41 ++++-- contributing.html | 4 +- davmail.html | 4 +- dmarc.html | 4 +- elasticsearch.html | 4 +- genindex.html | 4 +- index.html | 4 +- installation.html | 4 +- kibana.html | 4 +- mailing-lists.html | 4 +- objects.inv | 2 +- opensearch.html | 4 +- output.html | 4 +- py-modindex.html | 4 +- search.html | 4 +- searchindex.js | 2 +- splunk.html | 4 +- usage.html | 9 +- 26 files changed, 269 insertions(+), 127 deletions(-) diff --git a/_modules/index.html b/_modules/index.html index 761a4360..a99020f2 100644 --- a/_modules/index.html +++ b/_modules/index.html @@ -3,7 +3,7 @@ - Overview: module code — parsedmarc 8.10.3 documentation + Overview: module code — parsedmarc 8.11.0 documentation @@ -35,7 +35,7 @@ parsedmarc
- 8.10.3 + 8.11.0
diff --git a/_modules/parsedmarc.html b/_modules/parsedmarc.html index 847f70c2..ab1dc15a 100644 --- a/_modules/parsedmarc.html +++ b/_modules/parsedmarc.html @@ -3,7 +3,7 @@ - parsedmarc — parsedmarc 8.10.3 documentation + parsedmarc — parsedmarc 8.11.0 documentation @@ -35,7 +35,7 @@ parsedmarc
- 8.10.3 + 8.11.0
@@ -121,7 +121,7 @@

Source code for parsedmarc

 from parsedmarc.utils import parse_email
 from parsedmarc.utils import timestamp_to_human, human_timestamp_to_datetime
 
-__version__ = "8.10.3"
+__version__ = "8.11.0"
 
 logger.debug("parsedmarc v{0}".format(__version__))
 
@@ -135,7 +135,7 @@ 
Source code for parsedmarc
 MAGIC_XML = b"\x3c\x3f\x78\x6d\x6c\x20"
 MAGIC_JSON = b"\7b"
 
-IP_ADDRESS_CACHE = ExpiringDict(max_len=10000, max_age_seconds=1800)
+IP_ADDRESS_CACHE = ExpiringDict(max_len=10000, max_age_seconds=14400)
 REVERSE_DNS_MAP = dict()
 
 
@@ -159,7 +159,11 @@ 
Source code for parsedmarc
     """Raised when an invalid DMARC forensic report is encountered"""

 
 
-def _parse_report_record(record, ip_db_path=None, offline=False,
+def _parse_report_record(record, ip_db_path=None,
+                         always_use_local_files=False,
+                         reverse_dns_map_path=None,
+                         reverse_dns_map_url=None,
+                         offline=False,
                          nameservers=None, dns_timeout=2.0):
     """
     Converts a record from a DMARC aggregate report into a more consistent
@@ -167,6 +171,9 @@ 
Source code for parsedmarc
 
     Args:
         record (OrderedDict): The record to convert
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map file
+        reverse_dns_map_url (str): URL to a reverse DNS map file
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
         offline (bool): Do not query online for geolocation or DNS
         nameservers (list): A list of one or more nameservers to use
@@ -178,12 +185,16 @@ 
Source code for parsedmarc
     """
     record = record.copy()
     new_record = OrderedDict()
-    new_record_source = get_ip_address_info(record["row"]["source_ip"],
-                                            cache=IP_ADDRESS_CACHE,
-                                            ip_db_path=ip_db_path,
-                                            offline=offline,
-                                            nameservers=nameservers,
-                                            timeout=dns_timeout)
+    new_record_source = get_ip_address_info(
+        record["row"]["source_ip"],
+        cache=IP_ADDRESS_CACHE,
+        ip_db_path=ip_db_path,
+        always_use_local_files=always_use_local_files,
+        reverse_dns_map_path=reverse_dns_map_path,
+        reverse_dns_map_url=reverse_dns_map_url,
+        offline=offline,
+        nameservers=nameservers,
+        timeout=dns_timeout)
     new_record["source"] = new_record_source
     new_record["count"] = int(record["row"]["count"])
     policy_evaluated = record["row"]["policy_evaluated"].copy()
@@ -474,14 +485,24 @@ 
Source code for parsedmarc
     return csv_file_object.getvalue()

 
 
-
[docs]def parse_aggregate_report_xml(xml, ip_db_path=None, offline=False,
-                               nameservers=None, timeout=2.0,
-                               keep_alive=None):
+
[docs]def parse_aggregate_report_xml(
+        xml,
+        ip_db_path=None,
+        always_use_local_files=False,
+        reverse_dns_map_path=None,
+        reverse_dns_map_url=None,
+        offline=False,
+        nameservers=None,
+        timeout=2.0,
+        keep_alive=None):
     """Parses a DMARC XML report string and returns a consistent OrderedDict
 
     Args:
         xml (str): A string of DMARC aggregate report XML
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map file
+        reverse_dns_map_url (str): URL to a reverse DNS map file
         offline (bool): Do not query online for geolocation or DNS
         nameservers (list): A list of one or more nameservers to use
             (Cloudflare's public DNS resolvers by default)
@@ -603,19 +624,27 @@ 
Source code for parsedmarc
                     keep_alive()
                     logger.debug("Processed {0}/{1}".format(
                         i, len(report["record"])))
-                report_record = _parse_report_record(report["record"][i],
-                                                     ip_db_path=ip_db_path,
-                                                     offline=offline,
-                                                     nameservers=nameservers,
-                                                     dns_timeout=timeout)
+                report_record = _parse_report_record(
+                    report["record"][i],
+                    ip_db_path=ip_db_path,
+                    offline=offline,
+                    always_use_local_files=always_use_local_files,
+                    reverse_dns_map_path=reverse_dns_map_path,
+                    reverse_dns_map_url=reverse_dns_map_url,
+                    nameservers=nameservers,
+                    dns_timeout=timeout)
                 records.append(report_record)
 
         else:
-            report_record = _parse_report_record(report["record"],
-                                                 ip_db_path=ip_db_path,
-                                                 offline=offline,
-                                                 nameservers=nameservers,
-                                                 dns_timeout=timeout)
+            report_record = _parse_report_record(
+                report["record"],
+                ip_db_path=ip_db_path,
+                always_use_local_files=always_use_local_files,
+                reverse_dns_map_path=reverse_dns_map_path,
+                reverse_dns_map_url=reverse_dns_map_url,
+                offline=offline,
+                nameservers=nameservers,
+                dns_timeout=timeout)
             records.append(report_record)
 
         new_report["records"] = records
@@ -694,16 +723,25 @@ 
Source code for parsedmarc
     return report

 
 
-
[docs]def parse_aggregate_report_file(_input, offline=False, ip_db_path=None,
-                                nameservers=None,
-                                dns_timeout=2.0,
-                                keep_alive=None):
+
[docs]def parse_aggregate_report_file(
+        _input,
+        offline=False,
+        always_use_local_files=None,
+        reverse_dns_map_path=None,
+        reverse_dns_map_url=None,
+        ip_db_path=None,
+        nameservers=None,
+        dns_timeout=2.0,
+        keep_alive=None):
     """Parses a file at the given path, a file-like object. or bytes as an
     aggregate DMARC report
 
     Args:
         _input: A path to a file, a file like object, or bytes
         offline (bool): Do not query online for geolocation or DNS
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map file
+        reverse_dns_map_url (str): URL to a reverse DNS map file
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
         nameservers (list): A list of one or more nameservers to use
             (Cloudflare's public DNS resolvers by default)
@@ -719,12 +757,16 @@ 
Source code for parsedmarc
     except Exception as e:
         raise InvalidAggregateReport(e)
 
-    return parse_aggregate_report_xml(xml,
-                                      ip_db_path=ip_db_path,
-                                      offline=offline,
-                                      nameservers=nameservers,
-                                      timeout=dns_timeout,
-                                      keep_alive=keep_alive)

+    return parse_aggregate_report_xml(
+        xml,
+        always_use_local_files=always_use_local_files,
+        reverse_dns_map_path=reverse_dns_map_path,
+        reverse_dns_map_url=reverse_dns_map_url,
+        ip_db_path=ip_db_path,
+        offline=offline,
+        nameservers=nameservers,
+        timeout=dns_timeout,
+        keep_alive=keep_alive)

 
 
 
[docs]def parsed_aggregate_reports_to_csv_rows(reports):
@@ -868,18 +910,28 @@ 
Source code for parsedmarc
     return csv_file_object.getvalue()

 
 
-
[docs]def parse_forensic_report(feedback_report, sample, msg_date,
-                          offline=False, ip_db_path=None,
-                          nameservers=None, dns_timeout=2.0,
+
[docs]def parse_forensic_report(feedback_report,
+                          sample,
+                          msg_date,
+                          always_use_local_files=False,
+                          reverse_dns_map_path=None,
+                          reverse_dns_map_url=None,
+                          offline=False,
+                          ip_db_path=None,
+                          nameservers=None,
+                          dns_timeout=2.0,
                           strip_attachment_payloads=False):
     """
     Converts a DMARC forensic report and sample to a ``OrderedDict``
 
     Args:
         feedback_report (str): A message's feedback report as a string
+        sample (str): The RFC 822 headers or RFC 822 message sample
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map file
+        reverse_dns_map_url (str): URL to a reverse DNS map file
         offline (bool): Do not query online for geolocation or DNS
-        sample (str): The RFC 822 headers or RFC 822 message sample
         msg_date (str): The message's date header
         nameservers (list): A list of one or more nameservers to use
             (Cloudflare's public DNS resolvers by default)
@@ -927,12 +979,16 @@ 
Source code for parsedmarc
         parsed_report["arrival_date_utc"] = arrival_utc
 
         ip_address = re.split(r'\s', parsed_report["source_ip"]).pop(0)
-        parsed_report_source = get_ip_address_info(ip_address,
-                                                   cache=IP_ADDRESS_CACHE,
-                                                   ip_db_path=ip_db_path,
-                                                   offline=offline,
-                                                   nameservers=nameservers,
-                                                   timeout=dns_timeout)
+        parsed_report_source = get_ip_address_info(
+            ip_address,
+            cache=IP_ADDRESS_CACHE,
+            ip_db_path=ip_db_path,
+            always_use_local_files=always_use_local_files,
+            reverse_dns_map_path=reverse_dns_map_path,
+            reverse_dns_map_url=reverse_dns_map_url,
+            offline=offline,
+            nameservers=nameservers,
+            timeout=dns_timeout)
         parsed_report["source"] = parsed_report_source
         del parsed_report["source_ip"]
 
@@ -1060,16 +1116,25 @@ 
Source code for parsedmarc
     return csv_file.getvalue()

 
 
-
[docs]def parse_report_email(input_, offline=False, ip_db_path=None,
-                       nameservers=None, dns_timeout=2.0,
-                       strip_attachment_payloads=False,
-                       keep_alive=None):
+
[docs]def parse_report_email(
+        input_,
+        offline=False,
+        ip_db_path=None,
+        always_use_local_files=False,
+        reverse_dns_map_path=None,
+        reverse_dns_map_url=None,
+        nameservers=None, dns_timeout=2.0,
+        strip_attachment_payloads=False,
+        keep_alive=None):
     """
     Parses a DMARC report from an email
 
     Args:
         input_: An emailed DMARC report in RFC 822 format, as bytes or a string
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map
+        reverse_dns_map_url (str): URL to a reverse DNS map
         offline (bool): Do not query online for geolocation on DNS
         nameservers (list): A list of one or more nameservers to use
         dns_timeout (float): Sets the DNS timeout in seconds
@@ -1179,6 +1244,9 @@ 
Source code for parsedmarc
                     aggregate_report = parse_aggregate_report_xml(
                         payload,
                         ip_db_path=ip_db_path,
+                        always_use_local_files=always_use_local_files,
+                        reverse_dns_map_path=reverse_dns_map_path,
+                        reverse_dns_map_url=reverse_dns_map_url,
                         offline=offline,
                         nameservers=ns,
                         timeout=dns_timeout,
@@ -1208,6 +1276,10 @@ 
Source code for parsedmarc
                 sample,
                 date,
                 offline=offline,
+                ip_db_path=ip_db_path,
+                always_use_local_files=always_use_local_files,
+                reverse_dns_map_path=reverse_dns_map_path,
+                reverse_dns_map_url=reverse_dns_map_url,
                 nameservers=nameservers,
                 dns_timeout=dns_timeout,
                 strip_attachment_payloads=strip_attachment_payloads)
@@ -1231,6 +1303,9 @@ 
Source code for parsedmarc
 
 
[docs]def parse_report_file(input_, nameservers=None, dns_timeout=2.0,
                       strip_attachment_payloads=False, ip_db_path=None,
+                      always_use_local_files=False,
+                      reverse_dns_map_path=None,
+                      reverse_dns_map_url=None,
                       offline=False, keep_alive=None):
     """Parses a DMARC aggregate or forensic file at the given path, a
     file-like object. or bytes
@@ -1243,6 +1318,9 @@ 
Source code for parsedmarc
         strip_attachment_payloads (bool): Remove attachment payloads from
             forensic report results
         ip_db_path (str): Path to a MMDB file from MaxMind or DBIP
+        always_use_local_files (bool): Do not download files
+        reverse_dns_map_path (str): Path to a reverse DNS map
+        reverse_dns_map_url (str): URL to a reverse DNS map
         offline (bool): Do not make online queries for geolocation or DNS
         keep_alive (callable): Keep alive function
 
@@ -1260,12 +1338,16 @@ 
Source code for parsedmarc
     content = file_object.read()
     file_object.close()
     try:
-        report = parse_aggregate_report_file(content,
-                                             ip_db_path=ip_db_path,
-                                             offline=offline,
-                                             nameservers=nameservers,
-                                             dns_timeout=dns_timeout,
-                                             keep_alive=keep_alive)
+        report = parse_aggregate_report_file(
+            content,
+            ip_db_path=ip_db_path,
+            always_use_local_files=always_use_local_files,
+            reverse_dns_map_path=reverse_dns_map_path,
+            reverse_dns_map_url=reverse_dns_map_url,
+            offline=offline,
+            nameservers=nameservers,
+            dns_timeout=dns_timeout,
+            keep_alive=keep_alive)
         results = OrderedDict([("report_type", "aggregate"),
                                ("report", report)])
     except InvalidAggregateReport:
@@ -1276,13 +1358,17 @@ 
Source code for parsedmarc
         except InvalidSMTPTLSReport:
             try:
                 sa = strip_attachment_payloads
-                results = parse_report_email(content,
-                                             ip_db_path=ip_db_path,
-                                             offline=offline,
-                                             nameservers=nameservers,
-                                             dns_timeout=dns_timeout,
-                                             strip_attachment_payloads=sa,
-                                             keep_alive=keep_alive)
+                results = parse_report_email(
+                    content,
+                    ip_db_path=ip_db_path,
+                    always_use_local_files=always_use_local_files,
+                    reverse_dns_map_path=reverse_dns_map_path,
+                    reverse_dns_map_url=reverse_dns_map_url,
+                    offline=offline,
+                    nameservers=nameservers,
+                    dns_timeout=dns_timeout,
+                    strip_attachment_payloads=sa,
+                    keep_alive=keep_alive)
             except InvalidDMARCReport:
                 raise ParserError("Not a valid report")
     return results

diff --git a/_modules/parsedmarc/elastic.html b/_modules/parsedmarc/elastic.html
index 1a5f556e..445054bc 100644
--- a/_modules/parsedmarc/elastic.html
+++ b/_modules/parsedmarc/elastic.html
@@ -3,7 +3,7 @@
 
   
   
-  parsedmarc.elastic — parsedmarc 8.10.3 documentation
+  parsedmarc.elastic — parsedmarc 8.11.0 documentation
       
       
 
@@ -35,7 +35,7 @@
             parsedmarc
           
               

-                8.10.3
+                8.11.0
               

 

   
@@ -148,7 +148,7 @@ 
Source code for parsedmarc.elastic
     source_ip_address = Ip()
     source_country = Text()
     source_reverse_dns = Text()
-    source_Base_domain = Text()
+    source_base_domain = Text()
     source_type = Text()
     source_name = Text()
     message_count = Integer
@@ -530,6 +530,8 @@ 
Source code for parsedmarc.elastic
             source_country=record["source"]["country"],
             source_reverse_dns=record["source"]["reverse_dns"],
             source_base_domain=record["source"]["base_domain"],
+            source_type=record["source"]["type"],
+            source_name=record["source"]["name"],
             message_count=record["count"],
             disposition=record["policy_evaluated"]["disposition"],
             dkim_aligned=record["policy_evaluated"]["dkim"] is not None and
diff --git a/_modules/parsedmarc/opensearch.html b/_modules/parsedmarc/opensearch.html
index 45ab09dc..c7faaf6f 100644
--- a/_modules/parsedmarc/opensearch.html
+++ b/_modules/parsedmarc/opensearch.html
@@ -3,7 +3,7 @@
 
   
   
-  parsedmarc.opensearch — parsedmarc 8.10.3 documentation
+  parsedmarc.opensearch — parsedmarc 8.11.0 documentation
       
       
 
@@ -35,7 +35,7 @@
             parsedmarc
           
               

-                8.10.3
+                8.11.0
               

 

   
@@ -147,7 +147,7 @@ 
Source code for parsedmarc.opensearch
     source_ip_address = Ip()
     source_country = Text()
     source_reverse_dns = Text()
-    source_Base_domain = Text()
+    source_base_domain = Text()
     source_type = Text()
     source_name = Text()
     message_count = Integer
@@ -526,6 +526,8 @@ 
Source code for parsedmarc.opensearch
             source_country=record["source"]["country"],
             source_reverse_dns=record["source"]["reverse_dns"],
             source_base_domain=record["source"]["base_domain"],
+            source_type=record["source"]["type"],
+            source_name=record["source"]["name"],
             message_count=record["count"],
             disposition=record["policy_evaluated"]["disposition"],
             dkim_aligned=record["policy_evaluated"]["dkim"] is not None and
diff --git a/_modules/parsedmarc/splunk.html b/_modules/parsedmarc/splunk.html
index 75787a03..dd9257eb 100644
--- a/_modules/parsedmarc/splunk.html
+++ b/_modules/parsedmarc/splunk.html
@@ -3,7 +3,7 @@
 
   
   
-  parsedmarc.splunk — parsedmarc 8.10.3 documentation
+  parsedmarc.splunk — parsedmarc 8.11.0 documentation
       
       
 
@@ -35,7 +35,7 @@
             parsedmarc
           
               

-                8.10.3
+                8.11.0
               

 

   
diff --git a/_modules/parsedmarc/utils.html b/_modules/parsedmarc/utils.html
index c8c6c335..f0d48f5e 100644
--- a/_modules/parsedmarc/utils.html
+++ b/_modules/parsedmarc/utils.html
@@ -3,7 +3,7 @@
 
   
   
-  parsedmarc.utils — parsedmarc 8.10.3 documentation
+  parsedmarc.utils — parsedmarc 8.11.0 documentation
       
       
 
@@ -35,7 +35,7 @@
             parsedmarc
           
               

-                8.10.3
+                8.11.0
               

 

   
@@ -260,7 +260,8 @@ 
Source code for parsedmarc.utils
                              nameservers=nameservers,
                              timeout=timeout)[0]
 
-    except dns.exception.DNSException:
+    except dns.exception.DNSException as e:
+        logger.warning(f"get_reverse_dns({ip_address}) exception: {e}")
         pass
 
     return hostname

@@ -387,6 +388,9 @@ 
Source code for parsedmarc.utils
 
 
 
[docs]def get_service_from_reverse_dns_base_domain(base_domain,
+                                             always_use_local_file=False,
+                                             local_file_path=None,
+                                             url=None,
                                              offline=False,
                                              reverse_dns_map=None):
     """
@@ -394,6 +398,9 @@ 
Source code for parsedmarc.utils
 
     Args:
         base_domain (str): The base domain of the reverse DNS lookup
+        always_use_local_file (bool): Always use a local map file
+        local_file_path (str): Path to a local map file
+        url (str): URL ro a reverse DNS map
         offline (bool): Use the built-in copy of the reverse DNS map
         reverse_dns_map (dict): A reverse DNS map
     Returns:
@@ -410,13 +417,16 @@ 
Source code for parsedmarc.utils
                 type=row["type"])
 
     base_domain = base_domain.lower().strip()
-    url = ("https://raw.githubusercontent.com/domainaware/parsedmarc/master/"
-           "parsedmarc/resources/maps/base_reverse_dns_map.csv")
+    if url is None:
+        url = ("https://raw.githubusercontent.com/domainaware"
+               "/parsedmarc/master/parsedmarc/"
+               "resources/maps/base_reverse_dns_map.csv")
     if reverse_dns_map is None:
         reverse_dns_map = dict()
     csv_file = io.StringIO()
 
-    if not offline and len(reverse_dns_map) == 0:
+    if (not (offline or always_use_local_file)
+            and len(reverse_dns_map) == 0):
         try:
             logger.debug(f"Trying to fetch "
                          f"reverse DNS map from {url}...")
@@ -429,6 +439,8 @@ 
Source code for parsedmarc.utils
         logger.info("Loading included reverse DNS map...")
         with pkg_resources.path(parsedmarc.resources.maps,
                                 "base_reverse_dns_map.csv") as path:
+            if local_file_path is not None:
+                path = local_file_path
             with open(path) as csv_file:
                 load_csv(csv_file)
     try:
@@ -439,7 +451,11 @@ 
Source code for parsedmarc.utils
     return service

 
 
-
[docs]def get_ip_address_info(ip_address, ip_db_path=None,
+
[docs]def get_ip_address_info(ip_address,
+                        ip_db_path=None,
+                        reverse_dns_map_path=None,
+                        always_use_local_files=False,
+                        reverse_dns_map_url=None,
                         cache=None,
                         reverse_dns_map=None,
                         offline=False,
@@ -450,6 +466,9 @@ 
Source code for parsedmarc.utils
     Args:
         ip_address (str): The IP address to check
         ip_db_path (str): path to a MMDB file from MaxMind or DBIP
+        reverse_dns_map_path (str): Path to a reverse DNS map file
+        reverse_dns_map_url (str): URL to the reverse DNS map file
+        always_use_local_files (bool): Do not download files
         cache (ExpiringDict): Cache storage
         reverse_dns_map (dict): A reverse DNS map
         offline (bool): Do not make online queries for geolocation or DNS
@@ -467,10 +486,6 @@ 
Source code for parsedmarc.utils
         if info:
             logger.debug(f"IP address {ip_address} was found in cache")
             return info
-        else:
-            logger.debug(f"IP address {ip_address} not found in cache")
-    else:
-        logger.debug("IP address cache was not specified")
     info = OrderedDict()
     info["ip_address"] = ip_address
     if offline:
@@ -490,13 +505,19 @@ 
Source code for parsedmarc.utils
         service = get_service_from_reverse_dns_base_domain(
             base_domain,
             offline=offline,
+            local_file_path=reverse_dns_map_path,
+            url=reverse_dns_map_url,
+            always_use_local_file=always_use_local_files,
             reverse_dns_map=reverse_dns_map)
         info["base_domain"] = base_domain
         info["type"] = service["type"]
         info["name"] = service["name"]
 
-    if cache is not None:
-        cache[ip_address] = info
+        if cache is not None:
+            cache[ip_address] = info
+            logger.debug(f"IP address {ip_address} added to cache")
+    else:
+        logger.debug(f"IP address {ip_address} reverse_dns not found")
 
     return info

 
diff --git a/_sources/usage.md.txt b/_sources/usage.md.txt
index cb73223c..bc142a16 100644
--- a/_sources/usage.md.txt
+++ b/_sources/usage.md.txt
@@ -107,6 +107,8 @@ The full set of configuration options are:
       Elasticsearch, Splunk and/or S3
   - `save_forensic` - bool: Save forensic report data to
       Elasticsearch, Splunk and/or S3
+  - `save_smtp_sts` - bool: Save SMTP-STS report data to
+      Elasticsearch, Splunk and/or S3
   - `strip_attachment_payloads` - bool: Remove attachment
       payloads from results
   - `output` - str: Directory to place JSON and CSV files in.  This is required if you set either of the JSON output file options.
@@ -118,6 +120,9 @@ The full set of configuration options are:
       from MaxMind or DBIP
   - `offline` - bool: Do not use online queries for geolocation
       or DNS
+  - `always_use_local_files` - Disables the download of the reverse DNS map
+  - `local_reverse_dns_map_path` - Overrides the default local file path to use for the reverse DNS map
+  - `reverse_dns_map_url` - Overrides the default download URL for the reverse DNS map
   - `nameservers` - str: A comma separated list of
       DNS resolvers (Default: `[Cloudflare's public resolvers]`)
   - `dns_timeout` - float: DNS timeout period
diff --git a/_static/documentation_options.js b/_static/documentation_options.js
index ae79d502..79043215 100644
--- a/_static/documentation_options.js
+++ b/_static/documentation_options.js
@@ -1,6 +1,6 @@
 var DOCUMENTATION_OPTIONS = {
     URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
-    VERSION: '8.10.3',
+    VERSION: '8.11.0',
     LANGUAGE: 'en',
     COLLAPSE_INDEX: false,
     BUILDER: 'html',
diff --git a/api.html b/api.html
index 3a8b3bcb..c10fc8fb 100644
--- a/api.html
+++ b/api.html
@@ -4,7 +4,7 @@
   
 
   
-  API reference — parsedmarc 8.10.3 documentation
+  API reference — parsedmarc 8.11.0 documentation
       
       
 
@@ -37,7 +37,7 @@
             parsedmarc
           
               

-                8.10.3
+                8.11.0
               

 

   
@@ -328,7 +328,7 @@ 
API reference
 

-parsedmarc.parse_aggregate_report_file(_input, offline=False, ip_db_path=None, nameservers=None, dns_timeout=2.0, keep_alive=None)[source]ïƒ

+parsedmarc.parse_aggregate_report_file(_input, offline=False, always_use_local_files=None, reverse_dns_map_path=None, reverse_dns_map_url=None, ip_db_path=None, nameservers=None, dns_timeout=2.0, keep_alive=None)[source]ïƒ
 
Parses a file at the given path, a file-like object. or bytes as an
 aggregate DMARC report

 

@@ -336,6 +336,9 @@ 
API reference
    
 
  • _input – A path to a file, a file like object, or bytes
    • 
 
  • offline (bool) – Do not query online for geolocation or DNS
    • 
+
  • always_use_local_files (bool) – Do not download files
    • 
+
  • reverse_dns_map_path (str) – Path to a reverse DNS map file
    • 
+
  • reverse_dns_map_url (str) – URL to a reverse DNS map file
    • 
 
  • ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
    • 
 
  • nameservers (list) – A list of one or more nameservers to use
 (Cloudflare’s public DNS resolvers by default)
    • 
@@ -354,13 +357,16 @@ 
    API reference
 
    
-parsedmarc.parse_aggregate_report_xml(xml, ip_db_path=None, offline=False, nameservers=None, timeout=2.0, keep_alive=None)[source]ïƒ
    
+parsedmarc.parse_aggregate_report_xml(xml, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, nameservers=None, timeout=2.0, keep_alive=None)[source]ïƒ
 
    Parses a DMARC XML report string and returns a consistent OrderedDict
    
 
    
 
    Parameters
    
 
      
 
    • xml (str) – A string of DMARC aggregate report XML
      • 
 
    • ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
      • 
+
    • always_use_local_files (bool) – Do not download files
      • 
+
    • reverse_dns_map_path (str) – Path to a reverse DNS map file
      • 
+
    • reverse_dns_map_url (str) – URL to a reverse DNS map file
      • 
 
    • offline (bool) – Do not query online for geolocation or DNS
      • 
 
    • nameservers (list) – A list of one or more nameservers to use
 (Cloudflare’s public DNS resolvers by default)
      • 
@@ -379,15 +385,18 @@ 
      API reference
 
      
-parsedmarc.parse_forensic_report(feedback_report, sample, msg_date, offline=False, ip_db_path=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False)[source]ïƒ
      
+parsedmarc.parse_forensic_report(feedback_report, sample, msg_date, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, ip_db_path=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False)[source]ïƒ
 
      Converts a DMARC forensic report and sample to a OrderedDict
      
 
      
 
      Parameters
      
 
        
 
      • feedback_report (str) – A message’s feedback report as a string
        • 
+
      • sample (str) – The RFC 822 headers or RFC 822 message sample
        • 
 
      • ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
        • 
+
      • always_use_local_files (bool) – Do not download files
        • 
+
      • reverse_dns_map_path (str) – Path to a reverse DNS map file
        • 
+
      • reverse_dns_map_url (str) – URL to a reverse DNS map file
        • 
 
      • offline (bool) – Do not query online for geolocation or DNS
        • 
-
      • sample (str) – The RFC 822 headers or RFC 822 message sample
        • 
 
      • msg_date (str) – The message’s date header
        • 
 
      • nameservers (list) – A list of one or more nameservers to use
 (Cloudflare’s public DNS resolvers by default)
        • 
@@ -407,13 +416,16 @@ 
        API reference
 
        
-parsedmarc.parse_report_email(input_, offline=False, ip_db_path=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, keep_alive=None)[source]ïƒ
        
+parsedmarc.parse_report_email(input_, offline=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, keep_alive=None)[source]ïƒ
 
        Parses a DMARC report from an email
        
 
        
 
        Parameters
        
 
          
 
        • input – An emailed DMARC report in RFC 822 format, as bytes or a string
          • 
 
        • ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
          • 
+
        • always_use_local_files (bool) – Do not download files
          • 
+
        • reverse_dns_map_path (str) – Path to a reverse DNS map
          • 
+
        • reverse_dns_map_url (str) – URL to a reverse DNS map
          • 
 
        • offline (bool) – Do not query online for geolocation on DNS
          • 
 
        • nameservers (list) – A list of one or more nameservers to use
          • 
 
        • dns_timeout (float) – Sets the DNS timeout in seconds
          • 
@@ -437,7 +449,7 @@ 
          API reference
 
          
-parsedmarc.parse_report_file(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, ip_db_path=None, offline=False, keep_alive=None)[source]ïƒ
          
+parsedmarc.parse_report_file(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, keep_alive=None)[source]ïƒ
 
          Parses a DMARC aggregate or forensic file at the given path, a
 file-like object. or bytes
          
 
          
@@ -450,6 +462,9 @@ 
          API reference
 
          
-parsedmarc.utils.get_ip_address_info(ip_address, ip_db_path=None, cache=None, reverse_dns_map=None, offline=False, nameservers=None, timeout=2.0)[source]ïƒ
          
+parsedmarc.utils.get_ip_address_info(ip_address, ip_db_path=None, reverse_dns_map_path=None, always_use_local_files=False, reverse_dns_map_url=None, cache=None, reverse_dns_map=None, offline=False, nameservers=None, timeout=2.0)[source]ïƒ
 
          Returns reverse DNS and country information for the given IP address
          
 
          
 
          Parameters
          
 
            
 
          • ip_address (str) – The IP address to check
            • 
 
          • ip_db_path (str) – path to a MMDB file from MaxMind or DBIP
            • 
+
          • reverse_dns_map_path (str) – Path to a reverse DNS map file
            • 
+
          • reverse_dns_map_url (str) – URL to the reverse DNS map file
            • 
+
          • always_use_local_files (bool) – Do not download files
            • 
 
          • cache (ExpiringDict) – Cache storage
            • 
 
          • reverse_dns_map (dict) – A reverse DNS map
            • 
 
          • offline (bool) – Do not make online queries for geolocation or DNS
            • 
@@ -1089,12 +1107,15 @@ 
            API reference
 
            
-parsedmarc.utils.get_service_from_reverse_dns_base_domain(base_domain, offline=False, reverse_dns_map=None)[source]ïƒ
            
+parsedmarc.utils.get_service_from_reverse_dns_base_domain(base_domain, always_use_local_file=False, local_file_path=None, url=None, offline=False, reverse_dns_map=None)[source]ïƒ
 
            Returns the service name of a given base domain name from reverse DNS.
            
 
            
 
            Parameters
            
 
              
 
            • base_domain (str) – The base domain of the reverse DNS lookup
              • 
+
            • always_use_local_file (bool) – Always use a local map file
              • 
+
            • local_file_path (str) – Path to a local map file
              • 
+
            • url (str) – URL ro a reverse DNS map
              • 
 
            • offline (bool) – Use the built-in copy of the reverse DNS map
              • 
 
            • reverse_dns_map (dict) – A reverse DNS map
              • 
 
            
diff --git a/contributing.html b/contributing.html
index 2fb870c9..74a755c6 100644
--- a/contributing.html
+++ b/contributing.html
@@ -4,7 +4,7 @@
   
 
   
-  Contributing to parsedmarc — parsedmarc 8.10.3 documentation
+  Contributing to parsedmarc — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/davmail.html b/davmail.html
index 16054c7f..5ee80a38 100644
--- a/davmail.html
+++ b/davmail.html
@@ -4,7 +4,7 @@
   
 
   
-  Accessing an inbox using OWA/EWS — parsedmarc 8.10.3 documentation
+  Accessing an inbox using OWA/EWS — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/dmarc.html b/dmarc.html
index 8e688857..2934ea0d 100644
--- a/dmarc.html
+++ b/dmarc.html
@@ -4,7 +4,7 @@
   
 
   
-  Understanding DMARC — parsedmarc 8.10.3 documentation
+  Understanding DMARC — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/elasticsearch.html b/elasticsearch.html
index 34e982ce..26fe93f6 100644
--- a/elasticsearch.html
+++ b/elasticsearch.html
@@ -4,7 +4,7 @@
   
 
   
-  Elasticsearch and Kibana — parsedmarc 8.10.3 documentation
+  Elasticsearch and Kibana — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/genindex.html b/genindex.html
index 40b648e1..8ded84e0 100644
--- a/genindex.html
+++ b/genindex.html
@@ -3,7 +3,7 @@
 
   
   
-  Index — parsedmarc 8.10.3 documentation
+  Index — parsedmarc 8.11.0 documentation
       
       
 
@@ -35,7 +35,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/index.html b/index.html
index bf2b6194..37cf3861 100644
--- a/index.html
+++ b/index.html
@@ -4,7 +4,7 @@
   
 
   
-  parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 8.10.3 documentation
+  parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 8.11.0 documentation
       
       
 
@@ -37,7 +37,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/installation.html b/installation.html
index 0256df36..705ed7bd 100644
--- a/installation.html
+++ b/installation.html
@@ -4,7 +4,7 @@
   
 
   
-  Installation — parsedmarc 8.10.3 documentation
+  Installation — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/kibana.html b/kibana.html
index 7e4bf7b2..f582b2b4 100644
--- a/kibana.html
+++ b/kibana.html
@@ -4,7 +4,7 @@
   
 
   
-  Using the Kibana dashboards — parsedmarc 8.10.3 documentation
+  Using the Kibana dashboards — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/mailing-lists.html b/mailing-lists.html
index b6851c25..e917d46e 100644
--- a/mailing-lists.html
+++ b/mailing-lists.html
@@ -4,7 +4,7 @@
   
 
   
-  What about mailing lists? — parsedmarc 8.10.3 documentation
+  What about mailing lists? — parsedmarc 8.11.0 documentation
       
       
 
@@ -36,7 +36,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/objects.inv b/objects.inv
index 5098ee19..6c71ffa4 100644
--- a/objects.inv
+++ b/objects.inv
@@ -1,6 +1,6 @@
 # Sphinx inventory version 2
 # Project: parsedmarc
-# Version: 8.10.3
+# Version: 8.11.0
 # The remainder of this file is compressed using zlib.
 xÚ­XßoÛ ~÷_ai{M¶IÓú2E]¶U[Õ¨ÙÔG‹ÀÅfÅàN“þõ;À‰I—ªÆéKb|ß}ÜqüpC´VMófwQ+Ö
 Èßç¤áÓÊÖâM°LÞ擬9t^É
œÍÊRCI,ÜB£´u°¥ÐX®dþ¡'9þr=»½…üª4HÃé(ðòú×â×Ïeváõ\k¥‡B@cyRX;Èt&4¶[’
°DwÓyø7€ÆjŒà)Eç
diff --git a/opensearch.html b/opensearch.html
index 2ec7ec49..e727e62b 100644
--- a/opensearch.html
+++ b/opensearch.html
@@ -4,7 +4,7 @@
   
 
   
-  OpenSearch and Grafana — parsedmarc 8.10.3 documentation
+  OpenSearch and Grafana — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/output.html b/output.html
index b7e9318d..cb0ca59a 100644
--- a/output.html
+++ b/output.html
@@ -4,7 +4,7 @@
   
 
   
-  Sample outputs — parsedmarc 8.10.3 documentation
+  Sample outputs — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/py-modindex.html b/py-modindex.html
index 5ca08b6f..ceb5f904 100644
--- a/py-modindex.html
+++ b/py-modindex.html
@@ -3,7 +3,7 @@
 
   
   
-  Python Module Index — parsedmarc 8.10.3 documentation
+  Python Module Index — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/search.html b/search.html
index 422d759a..33f0d061 100644
--- a/search.html
+++ b/search.html
@@ -3,7 +3,7 @@
 
   
   
-  Search — parsedmarc 8.10.3 documentation
+  Search — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/searchindex.js b/searchindex.js
index 68f2df90..8082dcb3 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"docnames": ["api", "contributing", "davmail", "dmarc", "elasticsearch", "index", "installation", "kibana", "mailing-lists", "opensearch", "output", "splunk", "usage"], "filenames": ["api.md", "contributing.md", "davmail.md", "dmarc.md", "elasticsearch.md", "index.md", "installation.md", "kibana.md", "mailing-lists.md", "opensearch.md", "output.md", "splunk.md", "usage.md"], "titles": ["API reference", "Contributing to parsedmarc", "Accessing an inbox using OWA/EWS", "Understanding DMARC", "Elasticsearch and Kibana", "parsedmarc documentation - Open source DMARC report analyzer and visualizer", "Installation", "Using the Kibana dashboards", "What about mailing lists?", "OpenSearch and Grafana", "Sample outputs", "Splunk", "Using parsedmarc"], "terms": {"A": [0, 3, 12], "python": [0, 5, 6], "packag": [0, 4], "pars": [0, 3, 5, 6, 10, 12], "dmarc": [0, 4, 6, 8, 9, 10, 11, 12], "report": [0, 4, 7, 11, 12], "except": [0, 12], "invalidaggregatereport": 0, "sourc": [0, 3, 4, 6, 7, 10], "rais": 0, "when": [0, 3, 5, 7, 8, 12], "an": [0, 3, 5, 7, 8, 10, 12], "invalid": 0, "aggreg": [0, 5, 7, 11, 12], "i": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "encount": 0, "invaliddmarcreport": 0, "invalidforensicreport": 0, "forens": [0, 5, 11, 12], "invalidsmtptlsreport": 0, "smtp": [0, 3, 7, 12], "tl": [0, 12], "parsererror": 0, "whenev": [0, 2, 12], "parser": 0, "fail": [0, 3, 7, 8, 10, 12], "some": [0, 2, 3, 4, 7, 8], "reason": [0, 2, 4, 12], "email_result": 0, "result": [0, 5, 7, 10, 12], "host": [0, 2, 3, 4, 5, 8, 12], "mail_from": 0, "mail_to": 0, "mail_cc": 0, "none": [0, 3, 10, 12], "mail_bcc": 0, "port": [0, 2, 12], "0": [0, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12], "require_encrypt": 0, "fals": [0, 2, 6, 10, 12], "verifi": 0, "true": [0, 2, 4, 10, 12], "usernam": [0, 12], "password": [0, 4, 6, 12], "subject": [0, 3, 8, 10, 12], "attachment_filenam": 0, "messag": [0, 2, 3, 4, 6, 7, 8, 10, 12], "email": [0, 3, 5, 6, 7, 8, 10, 11, 12], "zip": [0, 2, 5, 12], "file": [0, 2, 5, 6, 11], "paramet": 0, "ordereddict": 0, "mail": [0, 5, 6, 10, 12], "server": [0, 2, 3, 4, 6, 7, 10, 12], "hostnam": [0, 12], "ip": [0, 3, 4, 6, 7, 12], "address": [0, 2, 3, 4, 7, 8, 10, 12], "The": [0, 3, 6, 7, 11, 12], "valu": [0, 3, 4, 7, 8, 12], "from": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "header": [0, 3, 7, 8, 10, 12], "list": [0, 2, 4, 5, 7, 12], "cc": [0, 10], "bcc": [0, 10], "int": [0, 12], "us": [0, 3, 4, 5, 8, 10], "bool": [0, 12], "requir": [0, 2, 3, 4, 6, 8, 12], "secur": [0, 4, 12], "connect": [0, 2, 4, 12], "start": [0, 2, 4, 6, 7, 9, 11, 12], "ssl": [0, 2, 4, 12], "certif": [0, 4, 12], "str": [0, 12], "option": [0, 2, 3, 4, 5, 8, 11, 12], "overrid": 0, "default": [0, 2, 4, 6, 7, 12], "attach": [0, 3, 8, 10, 12], "filenam": [0, 12], "plain": 0, "text": [0, 10], "bodi": [0, 3, 8, 10, 12], "extract_report": 0, "input_": 0, "extract": [0, 2], "gzip": [0, 5], "given": [0, 12], "path": [0, 4, 12], "like": [0, 3, 6, 8], "object": [0, 4], "byte": 0, "input": 0, "return": 0, "type": [0, 10, 12], "get_dmarc_reports_from_mailbox": 0, "mailboxconnect": 0, "reports_fold": [0, 12], "inbox": [0, 3, 5, 8, 12], "archive_fold": [0, 12], "archiv": [0, 12], "delet": [0, 2, 4, 12], "test": [0, 10, 12], "ip_db_path": [0, 6, 12], "offlin": [0, 12], "nameserv": [0, 12], "dns_timeout": [0, 12], "6": [0, 4, 6, 12], "strip_attachment_payload": [0, 12], "batch_siz": [0, 12], "10": [0, 6, 10, 12], "create_fold": 0, "fetch": [0, 12], "mailbox": [0, 7, 12], "folder": [0, 2, 12], "where": [0, 2, 3, 8, 12], "can": [0, 2, 3, 4, 5, 6, 7, 8, 12], "found": [0, 6, 12], "move": [0, 4, 12], "process": [0, 2, 5, 6, 12], "after": [0, 2, 4, 12], "them": [0, 4, 7, 12], "do": [0, 2, 6, 7, 12], "mmdb": [0, 12], "maxmind": [0, 6, 12], "dbip": [0, 12], "queri": [0, 12], "onlin": [0, 2, 12], "geoloc": [0, 12], "dn": [0, 3, 7, 12], "float": [0, 12], "set": [0, 2, 3, 4, 6, 7, 8, 9, 12], "timeout": [0, 2, 12], "remov": [0, 3, 4, 8, 12], "payload": [0, 12], "dict": 0, "previou": [0, 2, 4, 12], "run": [0, 4, 5, 6], "number": [0, 12], "read": [0, 12], "befor": [0, 12], "save": [0, 4, 6, 12], "limit": [0, 2, 12], "whether": 0, "creat": [0, 2, 3, 4, 6, 8, 12], "destin": 0, "watch": [0, 2, 4, 12], "aggregate_report": 0, "forensic_report": 0, "get_dmarc_reports_from_mbox": 0, "2": [0, 4, 10, 12], "mbox": [0, 12], "format": [0, 6], "contain": [0, 7, 11, 12], "e": [0, 2, 3, 4, 6, 8, 12], "one": [0, 3, 5, 8, 12], "more": [0, 4, 6, 11, 12], "cloudflar": [0, 12], "": [0, 2, 3, 4, 6, 8, 10, 12], "public": [0, 3, 10, 12], "resolv": [0, 12], "second": [0, 2, 12], "make": [0, 3, 4, 8, 9, 12], "get_report_zip": 0, "output": [0, 5, 12], "parse_aggregate_report_fil": 0, "_input": 0, "keep_al": 0, "callabl": 0, "keep": 0, "aliv": 0, "function": 0, "parse_aggregate_report_xml": 0, "xml": [0, 11], "string": 0, "consist": [0, 5, 10], "parse_forensic_report": 0, "feedback_report": 0, "sampl": [0, 5, 12], "msg_date": 0, "convert": [0, 3, 8], "feedback": 0, "rfc": [0, 3, 8, 10], "822": 0, "date": [0, 3, 8, 10], "parse_report_email": 0, "report_typ": 0, "parse_report_fil": 0, "parse_smtp_tls_report_json": 0, "valid": [0, 7, 10, 12], "parsed_aggregate_reports_to_csv": 0, "flat": 0, "csv": [0, 5, 12], "includ": [0, 3, 6, 7, 8, 12], "data": [0, 4, 5, 7, 9, 11, 12], "parsed_aggregate_reports_to_csv_row": 0, "parsed_forensic_reports_to_csv": 0, "parsed_forensic_reports_to_csv_row": 0, "parsed_smtp_tls_reports_to_csv": 0, "parsed_smtp_tls_reports_to_csv_row": 0, "oor": 0, "singl": 0, "layer": 0, "suitabl": 0, "save_output": 0, "output_directori": 0, "aggregate_json_filenam": [0, 12], "json": [0, 5, 12], "forensic_json_filenam": [0, 12], "smtp_tls_json_filenam": 0, "smtp_tl": 0, "aggregate_csv_filenam": [0, 12], "forensic_csv_filenam": [0, 12], "smtp_tls_csv_filenam": 0, "directori": [0, 12], "watch_inbox": 0, "mailbox_connect": 0, "callback": 0, "check_timeout": [0, 12], "30": [0, 12], "new": [0, 2, 3, 6, 7, 12], "send": [0, 2, 3, 4, 5, 7, 8, 11, 12], "receiv": [0, 10, 12], "imap": [0, 2, 5, 12], "wait": [0, 12], "idl": [0, 2, 12], "respons": [0, 12], "until": [0, 12], "next": [0, 12], "check": [0, 2, 3, 4, 6, 12], "replac": [0, 3, 4, 8], "alreadysav": 0, "match": [0, 4, 11], "exist": [0, 3, 4, 8], "elasticsearcherror": 0, "elasticsearch": [0, 5, 12], "error": [0, 10, 12], "occur": [0, 7], "create_index": 0, "name": [0, 3, 4, 7, 10, 11, 12], "index": [0, 5, 9, 11, 12], "migrate_index": 0, "aggregate_index": 0, "forensic_index": 0, "updat": [0, 4, 6, 12], "map": 0, "save_aggregate_report_to_elasticsearch": 0, "index_suffix": [0, 12], "monthly_index": [0, 12], "number_of_shard": [0, 12], "1": [0, 2, 4, 5, 6, 10, 12], "number_of_replica": [0, 12], "suffix": [0, 12], "monthli": [0, 12], "instead": [0, 3, 6, 8, 12], "daili": [0, 12], "shard": [0, 12], "replica": [0, 12], "save_forensic_report_to_elasticsearch": 0, "save_smtp_tls_report_to_elasticsearch": 0, "set_host": 0, "use_ssl": 0, "ssl_cert_path": 0, "apikei": [0, 12], "60": [0, 12], "url": [0, 2, 12], "http": [0, 1, 2, 3, 4, 6, 8, 9, 10, 11, 12], "chain": 0, "authent": [0, 2, 3, 4, 7, 12], "base64": 0, "encod": [0, 10, 12], "kei": [0, 3, 4, 6, 12], "opensearcherror": 0, "save_aggregate_report_to_opensearch": 0, "save_forensic_report_to_opensearch": 0, "save_smtp_tls_report_to_opensearch": 0, "class": 0, "hecclient": 0, "access_token": 0, "initi": 0, "hec": [0, 11, 12], "access": [0, 4, 5, 6, 12], "token": [0, 4, 12], "give": [0, 4], "up": [0, 2, 4, 6, 7, 9, 12], "save_aggregate_reports_to_splunk": 0, "dictionari": 0, "save_forensic_reports_to_splunk": 0, "save_smtp_tls_reports_to_splunk": 0, "splunkerror": 0, "might": [0, 3, 7, 8], "other": [0, 3, 4, 7, 8], "project": [0, 2, 3, 5, 11], "downloaderror": 0, "download": [0, 2, 4, 6], "emailparsererror": 0, "convert_outlook_msg": 0, "msg_byte": 0, "msgconvert": [0, 6], "perl": [0, 6], "outlook": [0, 2, 6], "m": [0, 6, 10, 12], "standard": [0, 5, 10], "content": [0, 3, 8, 10, 11], "msg": [0, 6], "decode_base64": 0, "decod": 0, "pad": 0, "being": 0, "get_base_domain": 0, "domain": [0, 4, 7, 8, 10], "get": [0, 2, 4, 6, 12], "base": [0, 2, 3, 4, 7, 8, 10], "ar": [0, 2, 3, 4, 6, 7, 8, 10, 12], "publicsuffix": 0, "org": [0, 6, 9, 10], "public_suffix_list": 0, "dat": 0, "subdomain": [0, 3], "get_filename_safe_str": 0, "safe": 0, "get_ip_address_countri": 0, "ip_address": [0, 10], "db_path": 0, "iso": 0, "code": [0, 4, 5], "countri": [0, 6, 7, 10], "associ": 0, "ipv4": 0, "ipv6": 0, "And": 0, "get_ip_address_info": 0, "cach": [0, 12], "reverse_dns_map": 0, "revers": [0, 7], "inform": [0, 4, 6, 7, 12], "expiringdict": 0, "storag": [0, 12], "reverse_dn": [0, 10], "get_reverse_dn": 0, "ani": [0, 3, 7, 8, 12], "get_service_from_reverse_dns_base_domain": 0, "base_domain": [0, 10], "servic": [0, 3, 4, 5, 7, 8], "lookup": 0, "built": 0, "copi": [0, 6, 11], "If": [0, 3, 4, 6, 7, 8, 12], "unknown": 0, "suppli": [0, 7, 12], "reverse_dns_base_domain": 0, "human_timestamp_to_datetim": 0, "human_timestamp": 0, "to_utc": 0, "human": [0, 7], "readabl": 0, "timestamp": 0, "datetim": 0, "utc": 0, "human_timestamp_to_unix_timestamp": 0, "unix": 0, "yyyi": 0, "mm": 0, "dd": 0, "hh": 0, "ss": 0, "is_mbox": 0, "flag": [0, 2], "is_outlook_msg": 0, "ol": [0, 6], "parse_email": 0, "simplifi": 0, "binari": 0, "query_dn": 0, "record_typ": 0, "about": [0, 5, 6], "record": [0, 5, 6, 10], "answer": [0, 12], "timestamp_to_datetim": 0, "timestamp_to_human": 0, "modul": [0, 5, 12], "pleas": [1, 5, 12], "github": [1, 6, 10, 12], "issu": [1, 5], "tracker": 1, "com": [1, 2, 3, 8, 9, 10, 12], "domainawar": [1, 3, 12], "8": [2, 4, 6, 10, 12], "support": [2, 5, 10, 11], "microsoft": [2, 5, 10, 12], "offic": 2, "365": [2, 4], "via": 2, "graph": [2, 5, 7, 12], "api": [2, 4, 5, 12], "which": [2, 4, 7, 12], "prefer": [2, 6], "over": [2, 5, 7], "organ": [2, 7, 12], "allow": [2, 3, 8, 12], "onli": [2, 3, 6, 7, 8, 12], "exchang": [2, 10, 12], "web": [2, 4], "In": [2, 3, 7, 8, 12], "case": [2, 3, 8], "need": [2, 3, 4, 6, 7, 8, 12], "local": [2, 4, 10, 12], "gatewai": 2, "It": [2, 4, 7, 10, 12], "even": [2, 3, 8, 12], "work": [2, 3, 5, 6, 7, 8], "modern": [2, 3, 8], "auth": [2, 10, 12], "multi": [2, 12], "factor": 2, "To": [2, 4, 6, 7, 9, 10, 12], "thi": [2, 3, 4, 5, 6, 7, 8, 10, 12], "latest": [2, 4, 6, 9], "version": [2, 4, 6, 9, 10, 11, 12], "sourceforg": 2, "net": [2, 10], "unzip": 2, "command": [2, 3, 8, 12], "instal": [2, 5, 12], "java": 2, "sudo": [2, 4, 6, 12], "apt": [2, 4, 6], "jre": 2, "headless": 2, "properti": 2, "see": [2, 3, 4, 5, 7, 12], "document": [2, 12], "basic": [2, 12], "workstat": 2, "mode": [2, 4, 10, 12], "auto": 2, "webdav": 2, "enableew": 2, "office365": 2, "asmx": 2, "listen": [2, 12], "imapport": 2, "1143": 2, "network": [2, 4, 12], "proxi": 2, "enableproxi": 2, "usesystemproxi": 2, "proxyhost": 2, "proxyport": 2, "proxyus": 2, "proxypassword": 2, "exclud": 2, "noproxyfor": 2, "block": [2, 12], "remot": 2, "allowremot": 2, "bind": 2, "socket": 2, "loopback": 2, "bindaddress": 2, "127": [2, 4, 12], "disabl": [2, 12], "specifi": [2, 3], "nosecureimap": 2, "keepal": 2, "charact": [2, 12], "dure": 2, "larg": 2, "enablekeepal": 2, "count": [2, 10], "retriev": 2, "foldersizelimit": 2, "immedi": 2, "store": [2, 4, 9], "imapautoexpung": 2, "enabl": [2, 4, 12], "poll": [2, 12], "delai": [2, 10], "minut": [2, 12], "imapidledelai": 2, "alwai": [2, 4, 12], "repli": [2, 3, 8], "rfc822": 2, "size": [2, 4], "request": [2, 4, 12], "approxim": 2, "perform": [2, 12], "imapalwaysapproxmsgs": 2, "client": [2, 3, 4, 8, 12], "300": 2, "clientsotimeout": 2, "system": [2, 3, 4, 6, 8, 12], "user": [2, 3, 4, 5, 6, 8, 10, 12], "useradd": [2, 6], "r": [2, 6, 10, 12], "bin": [2, 4, 6, 12], "protect": [2, 3, 5, 8, 12], "pry": [2, 12], "ey": [2, 12], "chown": [2, 12], "root": [2, 12], "opt": [2, 6, 12], "chmod": [2, 4, 12], "u": [2, 6, 10, 12], "rw": [2, 12], "g": [2, 3, 4, 8, 12], "o": [2, 4, 12], "nano": [2, 12], "etc": [2, 3, 4, 6, 8, 12], "unit": [2, 12], "descript": [2, 6, 12], "want": [2, 5, 12], "target": [2, 12], "syslog": [2, 12], "execstart": [2, 12], "group": [2, 7, 12], "restart": [2, 3, 4, 8, 12], "restartsec": [2, 12], "5m": [2, 12], "wantedbi": [2, 12], "Then": [2, 3, 4, 6, 8, 12], "systemctl": [2, 4, 12], "daemon": [2, 4, 12], "reload": [2, 4, 12], "you": [2, 3, 4, 5, 6, 7, 8, 12], "must": [2, 3, 8, 12], "also": [2, 3, 7, 8, 12], "abov": [2, 12], "edit": [2, 6, 12], "everi": [2, 6, 12], "time": [2, 4, 6, 7, 12], "upgrad": [2, 5, 6, 12], "statu": [2, 12], "event": [2, 11, 12], "crash": [2, 4, 12], "5": [2, 4, 9], "show": [2, 7, 12], "log": [2, 12], "current": [2, 4, 12], "vew": 2, "well": [2, 12], "newest": [2, 12], "oldest": [2, 12], "journalctl": [2, 12], "becaus": [2, 3, 7, 8, 12], "interact": [2, 4], "add": [2, 3, 4, 6, 7, 8, 12], "follow": [2, 4], "ini": [2, 12], "config": [2, 6, 12], "demystifi": 3, "complet": [3, 4], "look": [3, 7], "out": [3, 4, 7], "sister": 3, "checkdmarc": 3, "against": [3, 8], "spoof": [3, 8], "open": 3, "monitor": [3, 12], "ensur": [3, 6, 8], "dkm": 3, "mechan": 3, "actual": [3, 10], "same": [3, 4, 6, 7, 11], "end": [3, 4], "pass": [3, 7, 10], "long": 3, "relat": 3, "indic": [3, 5], "signatur": [3, 7, 8], "publish": 3, "envelop": 3, "sign": [3, 4, 6], "vendor": 3, "don": 3, "know": 3, "yet": 3, "ask": 3, "thei": [3, 6, 7, 8, 12], "through": 3, "your": [3, 4, 6, 7, 8, 11, 12], "relai": [3, 8], "theirs": 3, "realli": 3, "why": [3, 7], "displai": [3, 7, 11], "worst": 3, "have": [3, 4, 6, 7, 8, 11, 12], "specif": [3, 12], "norepli": [3, 10], "exampl": [3, 4, 6, 8, 10, 12], "separ": [3, 4, 6, 7, 9, 11, 12], "p": [3, 6, 10], "alter": [3, 8], "sp": [3, 10], "top": [3, 7], "level": [3, 4], "tld": 3, "would": [3, 5, 6, 8], "leav": 3, "vulner": 3, "deploi": [3, 8], "find": [3, 7, 8], "most": [3, 4, 7, 8, 12], "modifi": [3, 8, 12], "footer": [3, 8], "part": [3, 4, 7, 8], "therebi": [3, 8], "break": [3, 4, 8], "ideal": [3, 8], "should": [3, 6, 7, 8, 12], "forward": [3, 7, 8], "without": [3, 4, 7, 8], "all": [3, 5, 7, 8, 11, 12], "joe": [3, 8], "nelson": [3, 8], "doe": [3, 8], "fantast": [3, 8], "job": [3, 6, 8], "explain": [3, 8], "exactli": [3, 8], "shouldn": [3, 8], "fulli": [3, 8], "compliant": [3, 8], "rather": [3, 8], "than": [3, 4, 8, 12], "repeat": [3, 8], "hi": [3, 8], "fine": [3, 8], "here": [3, 8, 10, 12], "summari": [3, 5, 8], "retain": [3, 8], "origin": [3, 8, 12], "2369": [3, 8], "unsubscrib": [3, 8], "outgo": [3, 8, 12], "ad": [3, 6, 8, 12], "link": [3, 4, 7, 8], "2919": [3, 8], "id": [3, 8, 10, 12], "webmail": [3, 7, 8], "gener": [3, 4, 6, 8, 10, 12], "button": [3, 8], "tradit": [3, 8], "disclaim": [3, 8], "addit": [3, 8], "compli": [3, 4, 6, 8, 9], "configur": [3, 4, 5, 6, 7, 8, 9], "action": [3, 8], "prefix": [3, 8], "still": [3, 6, 8, 10, 12], "tell": [3, 6, 7, 8], "came": [3, 8], "wa": [3, 4, 6, 8], "sent": [3, 8, 12], "post": [3, 8], "step": [3, 4, 8], "common": [3, 4, 6, 8], "platform": [3, 8], "below": [3, 8, 12], "navig": [3, 6, 8], "subject_prefix": [3, 8], "from_is_list": [3, 8], "No": [3, 8], "first_strip_reply_to": [3, 8], "reply_goes_to_list": [3, 8], "poster": [3, 8], "include_rfc2369_head": [3, 8], "ye": [3, 8], "include_list_post_head": [3, 8], "include_sender_head": [3, 8], "non": [3, 8, 12], "digest": [3, 8], "msg_header": [3, 8], "msg_footer": [3, 8], "scrub_nondigest": [3, 8], "privaci": [3, 6, 7, 8, 12], "filter": [3, 7, 8, 11], "dmarc_moderation_act": [3, 8], "accept": [3, 4, 8], "dmarc_quarantine_moderation_act": [3, 8], "dmarc_none_moderation_act": [3, 8], "ident": [3, 8, 12], "blank": [3, 8], "html": [3, 4, 8, 10], "plaintext": [3, 8], "rfc2369": [3, 8], "explicit": [3, 8], "first": [3, 6, 8, 12], "strip": [3, 8, 12], "replyto": [3, 8], "goe": [3, 8], "mung": [3, 8], "mitig": [3, 8], "uncondition": [3, 8], "templat": [3, 8], "unfortun": [3, 8], "postoriu": [3, 8], "admin": [3, 8, 12], "ui": [3, 8], "empti": [3, 8], "so": [3, 6, 7, 8, 12], "ll": [3, 8], "line": [3, 8], "touch": [3, 8], "var": [3, 8], "en": [3, 4, 8, 10], "member": [3, 8], "regular": [3, 8], "languag": [3, 8], "core": [3, 8], "16": [3, 8], "2017a": [3, 8], "higher": [3, 8], "rewrit": [3, 8], "enforc": [3, 8], "quarantin": [3, 8], "reject": [3, 8], "polici": [3, 8, 10, 12], "linux": [3, 6, 8], "go": [3, 8], "legal": [3, 8], "administr": [3, 8], "known": [3, 7, 8, 12], "longer": [3, 8], "wrap": [3, 8], "could": [3, 4, 8, 12], "interfer": [3, 8], "search": [3, 8, 12], "mobil": [3, 8], "On": [3, 4, 6, 7, 8], "hand": [3, 8], "caus": [3, 4, 7, 8], "accident": [3, 8], "entir": [3, 7, 8], "intend": [3, 8], "choos": [3, 8], "fit": [3, 8], "commun": [3, 8], "tab": [3, 4, 8], "page": [3, 4, 6, 7, 8], "visual": [4, 9], "dashboard": [4, 5, 9, 11], "later": [4, 6, 12], "debian": [4, 6], "ubuntu": [4, 6], "y": [4, 6], "transport": 4, "wget": 4, "qo": 4, "artifact": 4, "elast": [4, 5], "co": 4, "gpg": 4, "dearmor": 4, "usr": 4, "share": [4, 12], "keyr": 4, "echo": 4, "deb": 4, "x": [4, 10], "stabl": 4, "main": 4, "tee": 4, "d": 4, "For": [4, 12], "cento": [4, 6], "rhel": [4, 6], "rpm": 4, "guid": [4, 5], "previous": [4, 7], "jvm": 4, "heap": 4, "veri": [4, 7, 12], "small": 4, "1g": 4, "under": [4, 6, 7], "heavi": 4, "load": 4, "fix": 4, "increas": [4, 12], "minimum": 4, "maximum": 4, "depend": [4, 5, 12], "resourc": [4, 5, 12], "sure": [4, 6], "ha": [4, 7, 12], "least": [4, 6, 12], "gb": 4, "ram": 4, "assign": 4, "4": [4, 6, 11], "xms4g": 4, "xmx4g": 4, "www": [4, 6, 12], "refer": [4, 5], "import": [4, 7], "As": [4, 7], "7": [4, 6], "activ": [4, 6], "xpack": 4, "vim": 4, "yml": 4, "featur": 4, "enrol": 4, "encrypt": [4, 12], "logstash": 4, "agent": 4, "keystor": 4, "cert": 4, "p12": 4, "mutual": 4, "between": [4, 7], "cluster": [4, 12], "node": 4, "verification_mod": 4, "truststor": 4, "self": [4, 5], "openssl": 4, "req": 4, "x509": 4, "dai": [4, 9, 12], "newkei": 4, "rsa": 4, "4096": 4, "keyout": 4, "crt": 4, "Or": [4, 6], "csr": 4, "ca": 4, "fill": [4, 6], "prompt": 4, "fqdn": 4, "field": 4, "rm": 4, "f": 4, "place": [4, 7, 12], "mv": 4, "660": 4, "server_ip": 4, "publicbaseurl": 4, "connexion": 4, "9200": [4, 12], "5601": 4, "past": [4, 11], "verif": [4, 12], "put": [4, 12], "browser": 4, "setup": [4, 9, 12], "encryptedsavedobject": 4, "encryptionkei": 4, "xxxx": 4, "now": [4, 7], "parsedmarc": [4, 9, 10, 11], "right": [4, 7], "click": [4, 7], "export": 4, "ndjson": 4, "provid": [4, 7], "consol": [4, 12], "stack": 4, "manag": [4, 12], "hamburg": 4, "menu": [4, 7], "overwrit": 4, "restor": 4, "someon": 4, "els": 4, "permiss": [4, 12], "control": 4, "commerci": [4, 5], "pack": 4, "chang": [4, 7, 11, 12], "wai": [4, 7], "releas": [4, 6], "login": 4, "checkbox": 4, "dmarc_aggreg": 4, "dmarc_forens": 4, "conform": 4, "each": [4, 6, 9, 11], "easi": [4, 9], "regul": [4, 6, 9, 12], "gdpr": [4, 9], "effici": 4, "help": 5, "maintain": 5, "develop": 5, "consid": [5, 7], "review": [5, 7], "how": 5, "contribut": 5, "assist": 5, "pin": 5, "particularli": [5, 12], "thank": [5, 10], "contributor": 5, "cli": 5, "util": 5, "kibana": [5, 11], "splunk": [5, 12], "opensearch": [5, 12], "grafana": 5, "altern": [5, 12], "agari": 5, "brand": [5, 7], "dmarcian": 5, "ondmarc": 5, "proofpoint": 5, "fraud": 5, "defens": 5, "valimail": 5, "draft": [5, 10], "rua": [5, 6], "failur": [5, 7, 10, 12], "ruf": [5, 6, 7, 12], "gmail": [5, 7, 12], "transpar": 5, "handl": [5, 12], "compress": 5, "structur": 5, "simpl": 5, "premad": [5, 11], "apach": 5, "kafka": [5, 12], "prerequisit": 5, "systemd": 5, "pattern": [5, 7], "retent": 5, "owa": 5, "ew": 5, "davmail": 5, "understand": [5, 7], "align": [5, 7, 10], "what": 5, "sender": [5, 7, 8], "won": 5, "t": [5, 8, 12], "dkim": [5, 7, 8, 10], "bug": 5, "tabl": [5, 7], "3": [6, 10, 11, 12], "anoth": [6, 12], "solut": 6, "two": 6, "mailto": 6, "uri": 6, "tag": 6, "comma": [6, 12], "behind": 6, "environ": 6, "detail": [6, 7], "http_proxi": 6, "prox": 6, "3128": 6, "https_proxi": 6, "ftp_proxi": 6, "credenti": [6, 12], "wide": [6, 10], "patch": 6, "2010": [6, 10], "rollup": 6, "22": 6, "kb4295699": 6, "2013": 6, "cumul": 6, "21": 6, "kb4099855": 6, "2016": 6, "11": [6, 10], "kb4134118": 6, "static": 6, "lite": 6, "databas": 6, "ipdb": 6, "distribut": 6, "term": 6, "creativ": 6, "attribut": 6, "intern": 6, "licens": 6, "fallback": 6, "geolite2": 6, "howev": 6, "cannot": 6, "tool": [6, 12], "locat": [6, 7], "overridden": 6, "buster": 6, "compon": 6, "contrib": 6, "repositori": [6, 11], "ppa": 6, "dnf": 6, "build": 6, "maco": 6, "window": 6, "decemb": 6, "30th": 6, "2019": 6, "free": 6, "account": [6, 7], "order": 6, "variou": 6, "regist": 6, "differ": [6, 7, 12], "older": [6, 10], "newer": 6, "Be": 6, "select": 6, "correct": 6, "v": [6, 12], "onc": 6, "pre": 6, "geoip": 6, "conf": 6, "systemdr": 6, "programdata": 6, "citi": 6, "asn": 6, "weekli": 6, "tuesdai": 6, "cron": 6, "schedul": 6, "task": 6, "python3": 6, "pip": 6, "virtualenv": 6, "dev": [6, 12], "libxml2": 6, "libxslt": 6, "python39": 6, "setuptool": 6, "devel": 6, "mkdir": 6, "b": [6, 10], "venv": [6, 12], "those": 6, "explicitli": 6, "9": 6, "insid": 6, "abl": 6, "libemail": 6, "friendli": 7, "incom": [7, 12], "switch": 7, "left": 7, "side": 7, "suggest": 7, "best": 7, "across": 7, "three": 7, "pie": 7, "chart": 7, "percentag": 7, "spf": [7, 10], "segment": 7, "malici": [7, 12], "just": 7, "especi": 7, "collect": [7, 12], "mai": [7, 12], "legitim": [7, 12], "correctli": 7, "while": [7, 12], "remain": 7, "often": 7, "rule": [7, 12], "wherea": 7, "reli": 7, "session": 7, "underneath": 7, "passag": 7, "disposit": [7, 10], "center": 7, "sort": [7, 12], "volum": 7, "By": [7, 12], "hover": 7, "mous": 7, "magnifi": 7, "glass": 7, "icon": 7, "our": 7, "recogn": 7, "market": 7, "plu": 7, "That": 7, "busi": 7, "particular": 7, "With": 7, "contact": 7, "lot": 7, "b2c": 7, "custom": [7, 12], "high": 7, "come": 7, "consum": 7, "googl": [7, 12], "yahoo": 7, "old": 7, "mention": 7, "earlier": 7, "similar": 7, "observ": 7, "who": 7, "addresse": 7, "parent": 7, "subsidiari": 7, "outdat": 7, "further": 7, "down": 7, "were": [7, 12], "call": 7, "been": [7, 12], "consolid": 7, "view": [7, 12], "own": [7, 11], "temporari": 7, "upper": 7, "These": 7, "recipi": 7, "avoid": 7, "leak": 7, "notabl": 7, "chines": 7, "few": [7, 12], "doc": 9, "wiki": 10, "schema": 10, "7480": 10, "appendix": 10, "c": [10, 12], "produc": 10, "normal": [10, 12], "regardless": 10, "xml_schema": 10, "report_metadata": 10, "org_nam": 10, "acm": 10, "org_email": 10, "org_extra_contact_info": 10, "report_id": 10, "9391651994964116463": 10, "begin_d": 10, "2012": 10, "04": 10, "27": 10, "20": 10, "00": 10, "end_dat": 10, "28": 10, "19": 10, "59": 10, "policy_publish": 10, "adkim": 10, "aspf": 10, "pct": 10, "100": [10, 12], "fo": 10, "72": 10, "150": 10, "241": 10, "94": 10, "adsl": 10, "shv": 10, "bellsouth": 10, "policy_evalu": 10, "policy_override_reason": 10, "identifi": 10, "header_from": 10, "envelope_from": 10, "envelope_to": 10, "null": 10, "auth_result": 10, "selector": 10, "scope": [10, 12], "mfrom": 10, "source_ip_address": 10, "source_countri": 10, "source_reverse_dn": 10, "source_base_domain": 10, "spf_align": 10, "dkim_align": 10, "dmarc_align": 10, "policy_override_com": 10, "dkim_domain": 10, "dkim_selector": 10, "dkim_result": 10, "spf_domain": 10, "spf_scope": 10, "spf_result": 10, "xennn": 10, "anonym": 10, "feedback_typ": 10, "user_ag": 10, "lua": 10, "original_mail_from": 10, "sharepoint": 10, "de": 10, "original_rcpt_to": 10, "peter": 10, "pan": 10, "arrival_d": 10, "mon": 10, "01": 10, "oct": 10, "2018": 10, "0200": 10, "message_id": 10, "38": 10, "e7": 10, "30937": 10, "bd6e1bb5": 10, "mailrelai": 10, "authentication_result": 10, "di": 10, "delivery_result": 10, "auth_failur": 10, "reported_domain": 10, "arrival_date_utc": 10, "09": 10, "authentication_mechan": 10, "original_envelope_id": 10, "sample_headers_onli": 10, "servernameon": 10, "n": [10, 12], "tby": 10, "cest": 10, "ndate": 10, "nmessag": 10, "nto": 10, "nfrom": 10, "utf": 10, "sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq": 10, "nsubject": 10, "nmime": 10, "nx": 10, "mailer": 10, "foundat": 10, "ncontent": 10, "charset": 10, "transfer": 10, "quot": 10, "printabl": 10, "head": 10, "href": 10, "3d": 10, "nwettbewerb": 10, "doctyp": 10, "w3c": 10, "dtd": 10, "meta": 10, "08": 10, "0240": 10, "003": 10, "parsed_sampl": 10, "display_nam": 10, "interakt": 10, "wettbewerb": 10, "\u00fcbersicht": 10, "to_domain": 10, "timezon": 10, "mime": 10, "hop": 10, "date_utc": 10, "has_defect": 10, "reply_to": 10, "filename_safe_subject": 10, "organization_nam": 10, "inc": 10, "2024": 10, "09t00": 10, "00z": 10, "09t23": 10, "59z": 10, "00z_exampl": 10, "policy_domain": 10, "policy_typ": 10, "st": 10, "policy_str": 10, "stsv1": 10, "mx": 10, "max_ag": 10, "86400": 10, "successful_session_count": 10, "failed_session_count": 10, "failure_detail": 10, "result_typ": 10, "sending_mta_ip": 10, "209": 10, "85": 10, "222": 10, "201": 10, "receiving_ip": 10, "173": 10, "212": 10, "41": 10, "receiving_mx_hostnam": 10, "208": 10, "176": 10, "collector": [11, 12], "editor": 11, "occurr": 11, "layout": 11, "although": 11, "slightli": 11, "easier": 11, "flexibl": 11, "usag": 12, "h": 12, "config_fil": 12, "verbos": 12, "debug": 12, "log_fil": 12, "file_path": 12, "posit": 12, "argument": 12, "exit": 12, "silent": 12, "impli": 12, "write": 12, "print": 12, "warn": 12, "program": 12, "describ": 12, "comment": 12, "save_aggreg": 12, "save_forens": 12, "dmarcresport": 12, "upersecur": 12, "splunk_hec": 12, "splunkhec": 12, "hectokengoesher": 12, "s3": 12, "bucket": 12, "my": 12, "localhost": 12, "514": 12, "full": 12, "either": 12, "period": 12, "n_proc": 12, "parallel": 12, "larger": 12, "improv": 12, "thousand": 12, "label": 12, "arriv": 12, "993": 12, "escap": 12, "wherev": 12, "section": 12, "recommend": 12, "try": 12, "skip_certificate_verif": 12, "skip": 12, "msgraph": 12, "auth_method": 12, "method": 12, "usernamepassword": 12, "devicecod": 12, "clientsecret": 12, "m365": 12, "client_id": 12, "app": 12, "registr": 12, "client_secret": 12, "secret": 12, "tenant_id": 12, "azur": 12, "tenant": 12, "token_fil": 12, "allow_unencrypted_storag": 12, "fall": 12, "back": 12, "unencrypt": 12, "grant": 12, "readwrit": 12, "deleg": 12, "applic": 12, "restrict": 12, "sinc": 12, "applicationaccesspolici": 12, "powershel": 12, "accessright": 12, "restrictaccess": 12, "appid": 12, "policyscopegroupid": 12, "special": 12, "cert_path": 12, "trust": 12, "appli": 12, "passsword": 12, "aggregate_top": 12, "topic": 12, "forensic_top": 12, "25": 12, "starttl": 12, "upload": 12, "region_nam": 12, "region": 12, "endpoint_url": 12, "endpoint": 12, "access_key_id": 12, "secret_access_kei": 12, "udp": 12, "gmail_api": 12, "credentials_fil": 12, "include_spam_trash": 12, "spam": 12, "trash": 12, "acquir": 12, "googleapi": 12, "oauth2_port": 12, "tcp": 12, "oauth2": 12, "8080": 12, "paginate_messag": 12, "per": 12, "log_analyt": 12, "resid": 12, "dce": 12, "ingest": 12, "dcr_immutable_id": 12, "immut": 12, "dcr": 12, "dcr_aggregate_stream": 12, "stream": 12, "dcr_forensic_stream": 12, "dcr_smtp_tls_stream": 12, "regard": 12, "strongli": 12, "much": 12, "faster": 12, "reliabl": 12, "cisco": 12, "opendn": 12, "outsid": 12, "instanc": 12, "highli": 12, "industri": 12, "sensit": 12, "healthcar": 12, "financ": 12, "possibl": 12, "appear": 12, "sometim": 12, "kind": 12, "approach": 12, "manual": 12, "1000": 12, "analyz": 12, "year": 12, "_cluster": 12, "health": 12, "pretti": 12, "active_primary_shard": 12, "932": 12, "active_shard": 12, "2k": 12, "persist": 12, "max_shards_per_nod": 12, "2000": 12, "watcher": 12, "io": 12}, "objects": {"": [[0, 0, 0, "-", "parsedmarc"]], "parsedmarc": [[0, 1, 1, "", "InvalidAggregateReport"], [0, 1, 1, "", "InvalidDMARCReport"], [0, 1, 1, "", "InvalidForensicReport"], [0, 1, 1, "", "InvalidSMTPTLSReport"], [0, 1, 1, "", "ParserError"], [0, 0, 0, "-", "elastic"], [0, 2, 1, "", "email_results"], [0, 2, 1, "", "extract_report"], [0, 2, 1, "", "get_dmarc_reports_from_mailbox"], [0, 2, 1, "", "get_dmarc_reports_from_mbox"], [0, 2, 1, "", "get_report_zip"], [0, 0, 0, "-", "opensearch"], [0, 2, 1, "", "parse_aggregate_report_file"], [0, 2, 1, "", "parse_aggregate_report_xml"], [0, 2, 1, "", "parse_forensic_report"], [0, 2, 1, "", "parse_report_email"], [0, 2, 1, "", "parse_report_file"], [0, 2, 1, "", "parse_smtp_tls_report_json"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv_rows"], [0, 2, 1, "", "parsed_forensic_reports_to_csv"], [0, 2, 1, "", "parsed_forensic_reports_to_csv_rows"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv_rows"], [0, 2, 1, "", "save_output"], [0, 0, 0, "-", "splunk"], [0, 0, 0, "-", "utils"], [0, 2, 1, "", "watch_inbox"]], "parsedmarc.elastic": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "ElasticsearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_elasticsearch"], [0, 2, 1, "", "save_forensic_report_to_elasticsearch"], [0, 2, 1, "", "save_smtp_tls_report_to_elasticsearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.opensearch": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "OpenSearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_opensearch"], [0, 2, 1, "", "save_forensic_report_to_opensearch"], [0, 2, 1, "", "save_smtp_tls_report_to_opensearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.splunk": [[0, 3, 1, "", "HECClient"], [0, 1, 1, "", "SplunkError"]], "parsedmarc.splunk.HECClient": [[0, 4, 1, "", "save_aggregate_reports_to_splunk"], [0, 4, 1, "", "save_forensic_reports_to_splunk"], [0, 4, 1, "", "save_smtp_tls_reports_to_splunk"]], "parsedmarc.utils": [[0, 1, 1, "", "DownloadError"], [0, 1, 1, "", "EmailParserError"], [0, 2, 1, "", "convert_outlook_msg"], [0, 2, 1, "", "decode_base64"], [0, 2, 1, "", "get_base_domain"], [0, 2, 1, "", "get_filename_safe_string"], [0, 2, 1, "", "get_ip_address_country"], [0, 2, 1, "", "get_ip_address_info"], [0, 2, 1, "", "get_reverse_dns"], [0, 2, 1, "", "get_service_from_reverse_dns_base_domain"], [0, 2, 1, "", "human_timestamp_to_datetime"], [0, 2, 1, "", "human_timestamp_to_unix_timestamp"], [0, 2, 1, "", "is_mbox"], [0, 2, 1, "", "is_outlook_msg"], [0, 2, 1, "", "parse_email"], [0, 2, 1, "", "query_dns"], [0, 2, 1, "", "timestamp_to_datetime"], [0, 2, 1, "", "timestamp_to_human"]]}, "objtypes": {"0": "py:module", "1": "py:exception", "2": "py:function", "3": "py:class", "4": "py:method"}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "exception", "Python exception"], "2": ["py", "function", "Python function"], "3": ["py", "class", "Python class"], "4": ["py", "method", "Python method"]}, "titleterms": {"api": 0, "refer": 0, "parsedmarc": [0, 1, 2, 5, 6, 12], "elast": 0, "opensearch": [0, 9], "splunk": [0, 11], "util": 0, "indic": 0, "tabl": 0, "contribut": 1, "bug": 1, "report": [1, 5, 6, 10], "access": 2, "an": 2, "inbox": 2, "us": [2, 6, 7, 12], "owa": 2, "ew": 2, "run": [2, 12], "davmail": 2, "systemd": [2, 12], "servic": [2, 12], "configur": [2, 12], "understand": 3, "dmarc": [3, 5, 7], "resourc": 3, "guid": 3, "spf": 3, "record": [3, 4, 9], "valid": 3, "lookalik": 3, "domain": 3, "align": 3, "what": [3, 8], "sender": 3, "won": 3, "t": 3, "support": 3, "dkim": 3, "about": [3, 8], "mail": [3, 8], "list": [3, 8], "best": [3, 8], "practic": [3, 8], "do": [3, 8], "mailman": [3, 8], "2": [3, 8], "3": [3, 8], "listserv": [3, 8], "workaround": [3, 8], "elasticsearch": 4, "kibana": [4, 7], "instal": [4, 6, 9], "upgrad": 4, "index": 4, "pattern": 4, "retent": [4, 9], "document": 5, "open": 5, "sourc": 5, "analyz": [5, 6], "visual": 5, "featur": 5, "content": 5, "prerequisit": 6, "test": 6, "multipl": 6, "web": 6, "proxi": 6, "microsoft": 6, "exchang": 6, "geoipupd": 6, "setup": 6, "option": 6, "depend": 6, "dashboard": 7, "summari": 7, "forens": [7, 10], "sampl": [7, 10], "grafana": 9, "output": 10, "aggreg": 10, "json": 10, "csv": 10, "smtp": 10, "tl": 10, "cli": 12, "help": 12, "file": 12}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.todo": 2, "sphinx.ext.viewcode": 1, "sphinx": 57}, "alltitles": {"API reference": [[0, "api-reference"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]], "Indices and tables": [[0, "indices-and-tables"]], "Contributing to parsedmarc": [[1, "contributing-to-parsedmarc"]], "Bug reports": [[1, "bug-reports"]], "Accessing an inbox using OWA/EWS": [[2, "accessing-an-inbox-using-owa-ews"]], "Running DavMail as a systemd service": [[2, "running-davmail-as-a-systemd-service"]], "Configuring parsedmarc for DavMail": [[2, "configuring-parsedmarc-for-davmail"]], "Understanding DMARC": [[3, "understanding-dmarc"]], "Resources": [[3, "resources"]], "DMARC guides": [[3, "dmarc-guides"]], "SPF and DMARC record validation": [[3, "spf-and-dmarc-record-validation"]], "Lookalike domains": [[3, "lookalike-domains"]], "DMARC Alignment Guide": [[3, "dmarc-alignment-guide"]], "What if a sender won\u2019t support DKIM/DMARC?": [[3, "what-if-a-sender-wont-support-dkim-dmarc"]], "What about mailing lists?": [[3, "what-about-mailing-lists"], [8, "what-about-mailing-lists"]], "Mailing list best practices": [[3, "mailing-list-best-practices"], [8, "mailing-list-best-practices"]], "Do": [[3, "do"], [8, "do"]], "Do not": [[3, "do-not"], [8, "do-not"]], "Mailman 2": [[3, "mailman-2"], [3, "id1"], [8, "mailman-2"], [8, "id1"]], "Mailman 3": [[3, "mailman-3"], [3, "id2"], [8, "mailman-3"], [8, "id2"]], "LISTSERV": [[3, "listserv"], [8, "listserv"]], "Workarounds": [[3, "workarounds"], [8, "workarounds"]], "Elasticsearch and Kibana": [[4, "elasticsearch-and-kibana"]], "Installation": [[4, "installation"], [6, "installation"], [9, "installation"]], "Upgrading Kibana index patterns": [[4, "upgrading-kibana-index-patterns"]], "Records retention": [[4, "records-retention"], [9, "records-retention"]], "parsedmarc documentation - Open source DMARC report analyzer and visualizer": [[5, "parsedmarc-documentation-open-source-dmarc-report-analyzer-and-visualizer"]], "Features": [[5, "features"]], "Contents": [[5, null]], "Prerequisites": [[6, "prerequisites"]], "Testing multiple report analyzers": [[6, "testing-multiple-report-analyzers"]], "Using a web proxy": [[6, "using-a-web-proxy"]], "Using Microsoft Exchange": [[6, "using-microsoft-exchange"]], "geoipupdate setup": [[6, "geoipupdate-setup"]], "Installing parsedmarc": [[6, "installing-parsedmarc"]], "Optional dependencies": [[6, "optional-dependencies"]], "Using the Kibana dashboards": [[7, "using-the-kibana-dashboards"]], "DMARC Summary": [[7, "dmarc-summary"]], "DMARC Forensic Samples": [[7, "dmarc-forensic-samples"]], "OpenSearch and Grafana": [[9, "opensearch-and-grafana"]], "Sample outputs": [[10, "sample-outputs"]], "Sample aggregate report output": [[10, "sample-aggregate-report-output"]], "JSON aggregate report": [[10, "json-aggregate-report"]], "CSV aggregate report": [[10, "csv-aggregate-report"]], "Sample forensic report output": [[10, "sample-forensic-report-output"]], "JSON forensic report": [[10, "json-forensic-report"]], "CSV forensic report": [[10, "csv-forensic-report"]], "JSON SMTP TLS report": [[10, "json-smtp-tls-report"]], "Splunk": [[11, "splunk"]], "Using parsedmarc": [[12, "using-parsedmarc"]], "CLI help": [[12, "cli-help"]], "Configuration file": [[12, "configuration-file"]], "Running parsedmarc as a systemd service": [[12, "running-parsedmarc-as-a-systemd-service"]]}, "indexentries": {"alreadysaved": [[0, "parsedmarc.elastic.AlreadySaved"], [0, "parsedmarc.opensearch.AlreadySaved"]], "downloaderror": [[0, "parsedmarc.utils.DownloadError"]], "elasticsearcherror": [[0, "parsedmarc.elastic.ElasticsearchError"]], "emailparsererror": [[0, "parsedmarc.utils.EmailParserError"]], "hecclient (class in parsedmarc.splunk)": [[0, "parsedmarc.splunk.HECClient"]], "invalidaggregatereport": [[0, "parsedmarc.InvalidAggregateReport"]], "invaliddmarcreport": [[0, "parsedmarc.InvalidDMARCReport"]], "invalidforensicreport": [[0, "parsedmarc.InvalidForensicReport"]], "invalidsmtptlsreport": [[0, "parsedmarc.InvalidSMTPTLSReport"]], "opensearcherror": [[0, "parsedmarc.opensearch.OpenSearchError"]], "parsererror": [[0, "parsedmarc.ParserError"]], "splunkerror": [[0, "parsedmarc.splunk.SplunkError"]], "convert_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.convert_outlook_msg"]], "create_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.create_indexes"]], "create_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.create_indexes"]], "decode_base64() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.decode_base64"]], "email_results() (in module parsedmarc)": [[0, "parsedmarc.email_results"]], "extract_report() (in module parsedmarc)": [[0, "parsedmarc.extract_report"]], "get_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_base_domain"]], "get_dmarc_reports_from_mailbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mailbox"]], "get_dmarc_reports_from_mbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mbox"]], "get_filename_safe_string() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_filename_safe_string"]], "get_ip_address_country() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_country"]], "get_ip_address_info() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_info"]], "get_report_zip() (in module parsedmarc)": [[0, "parsedmarc.get_report_zip"]], "get_reverse_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_reverse_dns"]], "get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_service_from_reverse_dns_base_domain"]], "human_timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_datetime"]], "human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_unix_timestamp"]], "is_mbox() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_mbox"]], "is_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_outlook_msg"]], "migrate_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.migrate_indexes"]], "migrate_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.migrate_indexes"]], "module": [[0, "module-parsedmarc"], [0, "module-parsedmarc.elastic"], [0, "module-parsedmarc.opensearch"], [0, "module-parsedmarc.splunk"], [0, "module-parsedmarc.utils"]], "parse_aggregate_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_file"]], "parse_aggregate_report_xml() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_xml"]], "parse_email() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.parse_email"]], "parse_forensic_report() (in module parsedmarc)": [[0, "parsedmarc.parse_forensic_report"]], "parse_report_email() (in module parsedmarc)": [[0, "parsedmarc.parse_report_email"]], "parse_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_report_file"]], "parse_smtp_tls_report_json() (in module parsedmarc)": [[0, "parsedmarc.parse_smtp_tls_report_json"]], "parsed_aggregate_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv"]], "parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv_rows"]], "parsed_forensic_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv"]], "parsed_forensic_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv_rows"]], "parsed_smtp_tls_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv"]], "parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv_rows"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]], "query_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.query_dns"]], "save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_aggregate_report_to_elasticsearch"]], "save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_aggregate_report_to_opensearch"]], "save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk"]], "save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_forensic_report_to_elasticsearch"]], "save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_forensic_report_to_opensearch"]], "save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk"]], "save_output() (in module parsedmarc)": [[0, "parsedmarc.save_output"]], "save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch"]], "save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_smtp_tls_report_to_opensearch"]], "save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk"]], "set_hosts() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.set_hosts"]], "set_hosts() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.set_hosts"]], "timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_datetime"]], "timestamp_to_human() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_human"]], "watch_inbox() (in module parsedmarc)": [[0, "parsedmarc.watch_inbox"]]}})
\ No newline at end of file
+Search.setIndex({"docnames": ["api", "contributing", "davmail", "dmarc", "elasticsearch", "index", "installation", "kibana", "mailing-lists", "opensearch", "output", "splunk", "usage"], "filenames": ["api.md", "contributing.md", "davmail.md", "dmarc.md", "elasticsearch.md", "index.md", "installation.md", "kibana.md", "mailing-lists.md", "opensearch.md", "output.md", "splunk.md", "usage.md"], "titles": ["API reference", "Contributing to parsedmarc", "Accessing an inbox using OWA/EWS", "Understanding DMARC", "Elasticsearch and Kibana", "parsedmarc documentation - Open source DMARC report analyzer and visualizer", "Installation", "Using the Kibana dashboards", "What about mailing lists?", "OpenSearch and Grafana", "Sample outputs", "Splunk", "Using parsedmarc"], "terms": {"A": [0, 3, 12], "python": [0, 5, 6], "packag": [0, 4], "pars": [0, 3, 5, 6, 10, 12], "dmarc": [0, 4, 6, 8, 9, 10, 11, 12], "report": [0, 4, 7, 11, 12], "except": [0, 12], "invalidaggregatereport": 0, "sourc": [0, 3, 4, 6, 7, 10], "rais": 0, "when": [0, 3, 5, 7, 8, 12], "an": [0, 3, 5, 7, 8, 10, 12], "invalid": 0, "aggreg": [0, 5, 7, 11, 12], "i": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "encount": 0, "invaliddmarcreport": 0, "invalidforensicreport": 0, "forens": [0, 5, 11, 12], "invalidsmtptlsreport": 0, "smtp": [0, 3, 7, 12], "tl": [0, 12], "parsererror": 0, "whenev": [0, 2, 12], "parser": 0, "fail": [0, 3, 7, 8, 10, 12], "some": [0, 2, 3, 4, 7, 8], "reason": [0, 2, 4, 12], "email_result": 0, "result": [0, 5, 7, 10, 12], "host": [0, 2, 3, 4, 5, 8, 12], "mail_from": 0, "mail_to": 0, "mail_cc": 0, "none": [0, 3, 10, 12], "mail_bcc": 0, "port": [0, 2, 12], "0": [0, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12], "require_encrypt": 0, "fals": [0, 2, 6, 10, 12], "verifi": 0, "true": [0, 2, 4, 10, 12], "usernam": [0, 12], "password": [0, 4, 6, 12], "subject": [0, 3, 8, 10, 12], "attachment_filenam": 0, "messag": [0, 2, 3, 4, 6, 7, 8, 10, 12], "email": [0, 3, 5, 6, 7, 8, 10, 11, 12], "zip": [0, 2, 5, 12], "file": [0, 2, 5, 6, 11], "paramet": 0, "ordereddict": 0, "mail": [0, 5, 6, 10, 12], "server": [0, 2, 3, 4, 6, 7, 10, 12], "hostnam": [0, 12], "ip": [0, 3, 4, 6, 7, 12], "address": [0, 2, 3, 4, 7, 8, 10, 12], "The": [0, 3, 6, 7, 11, 12], "valu": [0, 3, 4, 7, 8, 12], "from": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "header": [0, 3, 7, 8, 10, 12], "list": [0, 2, 4, 5, 7, 12], "cc": [0, 10], "bcc": [0, 10], "int": [0, 12], "us": [0, 3, 4, 5, 8, 10], "bool": [0, 12], "requir": [0, 2, 3, 4, 6, 8, 12], "secur": [0, 4, 12], "connect": [0, 2, 4, 12], "start": [0, 2, 4, 6, 7, 9, 11, 12], "ssl": [0, 2, 4, 12], "certif": [0, 4, 12], "str": [0, 12], "option": [0, 2, 3, 4, 5, 8, 11, 12], "overrid": [0, 12], "default": [0, 2, 4, 6, 7, 12], "attach": [0, 3, 8, 10, 12], "filenam": [0, 12], "plain": 0, "text": [0, 10], "bodi": [0, 3, 8, 10, 12], "extract_report": 0, "input_": 0, "extract": [0, 2], "gzip": [0, 5], "given": [0, 12], "path": [0, 4, 12], "like": [0, 3, 6, 8], "object": [0, 4], "byte": 0, "input": 0, "return": 0, "type": [0, 10, 12], "get_dmarc_reports_from_mailbox": 0, "mailboxconnect": 0, "reports_fold": [0, 12], "inbox": [0, 3, 5, 8, 12], "archive_fold": [0, 12], "archiv": [0, 12], "delet": [0, 2, 4, 12], "test": [0, 10, 12], "ip_db_path": [0, 6, 12], "offlin": [0, 12], "nameserv": [0, 12], "dns_timeout": [0, 12], "6": [0, 4, 6, 12], "strip_attachment_payload": [0, 12], "batch_siz": [0, 12], "10": [0, 6, 10, 12], "create_fold": 0, "fetch": [0, 12], "mailbox": [0, 7, 12], "folder": [0, 2, 12], "where": [0, 2, 3, 8, 12], "can": [0, 2, 3, 4, 5, 6, 7, 8, 12], "found": [0, 6, 12], "move": [0, 4, 12], "process": [0, 2, 5, 6, 12], "after": [0, 2, 4, 12], "them": [0, 4, 7, 12], "do": [0, 2, 6, 7, 12], "mmdb": [0, 12], "maxmind": [0, 6, 12], "dbip": [0, 12], "queri": [0, 12], "onlin": [0, 2, 12], "geoloc": [0, 12], "dn": [0, 3, 7, 12], "float": [0, 12], "set": [0, 2, 3, 4, 6, 7, 8, 9, 12], "timeout": [0, 2, 12], "remov": [0, 3, 4, 8, 12], "payload": [0, 12], "dict": 0, "previou": [0, 2, 4, 12], "run": [0, 4, 5, 6], "number": [0, 12], "read": [0, 12], "befor": [0, 12], "save": [0, 4, 6, 12], "limit": [0, 2, 12], "whether": 0, "creat": [0, 2, 3, 4, 6, 8, 12], "destin": 0, "watch": [0, 2, 4, 12], "aggregate_report": 0, "forensic_report": 0, "get_dmarc_reports_from_mbox": 0, "2": [0, 4, 10, 12], "mbox": [0, 12], "format": [0, 6], "contain": [0, 7, 11, 12], "e": [0, 2, 3, 4, 6, 8, 12], "one": [0, 3, 5, 8, 12], "more": [0, 4, 6, 11, 12], "cloudflar": [0, 12], "": [0, 2, 3, 4, 6, 8, 10, 12], "public": [0, 3, 10, 12], "resolv": [0, 12], "second": [0, 2, 12], "make": [0, 3, 4, 8, 9, 12], "get_report_zip": 0, "output": [0, 5, 12], "parse_aggregate_report_fil": 0, "_input": 0, "always_use_local_fil": [0, 12], "reverse_dns_map_path": 0, "reverse_dns_map_url": [0, 12], "keep_al": 0, "download": [0, 2, 4, 6, 12], "revers": [0, 7, 12], "map": [0, 12], "url": [0, 2, 12], "callabl": 0, "keep": 0, "aliv": 0, "function": 0, "parse_aggregate_report_xml": 0, "xml": [0, 11], "string": 0, "consist": [0, 5, 10], "parse_forensic_report": 0, "feedback_report": 0, "sampl": [0, 5, 12], "msg_date": 0, "convert": [0, 3, 8], "feedback": 0, "rfc": [0, 3, 8, 10], "822": 0, "date": [0, 3, 8, 10], "parse_report_email": 0, "report_typ": 0, "parse_report_fil": 0, "parse_smtp_tls_report_json": 0, "valid": [0, 7, 10, 12], "parsed_aggregate_reports_to_csv": 0, "flat": 0, "csv": [0, 5, 12], "includ": [0, 3, 6, 7, 8, 12], "data": [0, 4, 5, 7, 9, 11, 12], "parsed_aggregate_reports_to_csv_row": 0, "parsed_forensic_reports_to_csv": 0, "parsed_forensic_reports_to_csv_row": 0, "parsed_smtp_tls_reports_to_csv": 0, "parsed_smtp_tls_reports_to_csv_row": 0, "oor": 0, "singl": 0, "layer": 0, "suitabl": 0, "save_output": 0, "output_directori": 0, "aggregate_json_filenam": [0, 12], "json": [0, 5, 12], "forensic_json_filenam": [0, 12], "smtp_tls_json_filenam": 0, "smtp_tl": 0, "aggregate_csv_filenam": [0, 12], "forensic_csv_filenam": [0, 12], "smtp_tls_csv_filenam": 0, "directori": [0, 12], "watch_inbox": 0, "mailbox_connect": 0, "callback": 0, "check_timeout": [0, 12], "30": [0, 12], "new": [0, 2, 3, 6, 7, 12], "send": [0, 2, 3, 4, 5, 7, 8, 11, 12], "receiv": [0, 10, 12], "imap": [0, 2, 5, 12], "wait": [0, 12], "idl": [0, 2, 12], "respons": [0, 12], "until": [0, 12], "next": [0, 12], "check": [0, 2, 3, 4, 6, 12], "replac": [0, 3, 4, 8], "alreadysav": 0, "match": [0, 4, 11], "exist": [0, 3, 4, 8], "elasticsearcherror": 0, "elasticsearch": [0, 5, 12], "error": [0, 10, 12], "occur": [0, 7], "create_index": 0, "name": [0, 3, 4, 7, 10, 11, 12], "index": [0, 5, 9, 11, 12], "migrate_index": 0, "aggregate_index": 0, "forensic_index": 0, "updat": [0, 4, 6, 12], "save_aggregate_report_to_elasticsearch": 0, "index_suffix": [0, 12], "monthly_index": [0, 12], "number_of_shard": [0, 12], "1": [0, 2, 4, 5, 6, 10, 12], "number_of_replica": [0, 12], "suffix": [0, 12], "monthli": [0, 12], "instead": [0, 3, 6, 8, 12], "daili": [0, 12], "shard": [0, 12], "replica": [0, 12], "save_forensic_report_to_elasticsearch": 0, "save_smtp_tls_report_to_elasticsearch": 0, "set_host": 0, "use_ssl": 0, "ssl_cert_path": 0, "apikei": [0, 12], "60": [0, 12], "http": [0, 1, 2, 3, 4, 6, 8, 9, 10, 11, 12], "chain": 0, "authent": [0, 2, 3, 4, 7, 12], "base64": 0, "encod": [0, 10, 12], "kei": [0, 3, 4, 6, 12], "opensearcherror": 0, "save_aggregate_report_to_opensearch": 0, "save_forensic_report_to_opensearch": 0, "save_smtp_tls_report_to_opensearch": 0, "class": 0, "hecclient": 0, "access_token": 0, "initi": 0, "hec": [0, 11, 12], "access": [0, 4, 5, 6, 12], "token": [0, 4, 12], "give": [0, 4], "up": [0, 2, 4, 6, 7, 9, 12], "save_aggregate_reports_to_splunk": 0, "dictionari": 0, "save_forensic_reports_to_splunk": 0, "save_smtp_tls_reports_to_splunk": 0, "splunkerror": 0, "might": [0, 3, 7, 8], "other": [0, 3, 4, 7, 8], "project": [0, 2, 3, 5, 11], "downloaderror": 0, "emailparsererror": 0, "convert_outlook_msg": 0, "msg_byte": 0, "msgconvert": [0, 6], "perl": [0, 6], "outlook": [0, 2, 6], "m": [0, 6, 10, 12], "standard": [0, 5, 10], "content": [0, 3, 8, 10, 11], "msg": [0, 6], "decode_base64": 0, "decod": 0, "pad": 0, "being": 0, "get_base_domain": 0, "domain": [0, 4, 7, 8, 10], "get": [0, 2, 4, 6, 12], "base": [0, 2, 3, 4, 7, 8, 10], "ar": [0, 2, 3, 4, 6, 7, 8, 10, 12], "publicsuffix": 0, "org": [0, 6, 9, 10], "public_suffix_list": 0, "dat": 0, "subdomain": [0, 3], "get_filename_safe_str": 0, "safe": 0, "get_ip_address_countri": 0, "ip_address": [0, 10], "db_path": 0, "iso": 0, "code": [0, 4, 5], "countri": [0, 6, 7, 10], "associ": 0, "ipv4": 0, "ipv6": 0, "And": 0, "get_ip_address_info": 0, "cach": [0, 12], "reverse_dns_map": 0, "inform": [0, 4, 6, 7, 12], "expiringdict": 0, "storag": [0, 12], "reverse_dn": [0, 10], "get_reverse_dn": 0, "ani": [0, 3, 7, 8, 12], "get_service_from_reverse_dns_base_domain": 0, "base_domain": [0, 10], "local_file_path": 0, "servic": [0, 3, 4, 5, 7, 8], "lookup": 0, "alwai": [0, 2, 4, 12], "local": [0, 2, 4, 10, 12], "ro": 0, "built": 0, "copi": [0, 6, 11], "If": [0, 3, 4, 6, 7, 8, 12], "unknown": 0, "suppli": [0, 7, 12], "reverse_dns_base_domain": 0, "human_timestamp_to_datetim": 0, "human_timestamp": 0, "to_utc": 0, "human": [0, 7], "readabl": 0, "timestamp": 0, "datetim": 0, "utc": 0, "human_timestamp_to_unix_timestamp": 0, "unix": 0, "yyyi": 0, "mm": 0, "dd": 0, "hh": 0, "ss": 0, "is_mbox": 0, "flag": [0, 2], "is_outlook_msg": 0, "ol": [0, 6], "parse_email": 0, "simplifi": 0, "binari": 0, "query_dn": 0, "record_typ": 0, "about": [0, 5, 6], "record": [0, 5, 6, 10], "answer": [0, 12], "timestamp_to_datetim": 0, "timestamp_to_human": 0, "modul": [0, 5, 12], "pleas": [1, 5, 12], "github": [1, 6, 10, 12], "issu": [1, 5], "tracker": 1, "com": [1, 2, 3, 8, 9, 10, 12], "domainawar": [1, 3, 12], "8": [2, 4, 6, 10, 12], "support": [2, 5, 10, 11], "microsoft": [2, 5, 10, 12], "offic": 2, "365": [2, 4], "via": 2, "graph": [2, 5, 7, 12], "api": [2, 4, 5, 12], "which": [2, 4, 7, 12], "prefer": [2, 6], "over": [2, 5, 7], "organ": [2, 7, 12], "allow": [2, 3, 8, 12], "onli": [2, 3, 6, 7, 8, 12], "exchang": [2, 10, 12], "web": [2, 4], "In": [2, 3, 7, 8, 12], "case": [2, 3, 8], "need": [2, 3, 4, 6, 7, 8, 12], "gatewai": 2, "It": [2, 4, 7, 10, 12], "even": [2, 3, 8, 12], "work": [2, 3, 5, 6, 7, 8], "modern": [2, 3, 8], "auth": [2, 10, 12], "multi": [2, 12], "factor": 2, "To": [2, 4, 6, 7, 9, 10, 12], "thi": [2, 3, 4, 5, 6, 7, 8, 10, 12], "latest": [2, 4, 6, 9], "version": [2, 4, 6, 9, 10, 11, 12], "sourceforg": 2, "net": [2, 10], "unzip": 2, "command": [2, 3, 8, 12], "instal": [2, 5, 12], "java": 2, "sudo": [2, 4, 6, 12], "apt": [2, 4, 6], "jre": 2, "headless": 2, "properti": 2, "see": [2, 3, 4, 5, 7, 12], "document": [2, 12], "basic": [2, 12], "workstat": 2, "mode": [2, 4, 10, 12], "auto": 2, "webdav": 2, "enableew": 2, "office365": 2, "asmx": 2, "listen": [2, 12], "imapport": 2, "1143": 2, "network": [2, 4, 12], "proxi": 2, "enableproxi": 2, "usesystemproxi": 2, "proxyhost": 2, "proxyport": 2, "proxyus": 2, "proxypassword": 2, "exclud": 2, "noproxyfor": 2, "block": [2, 12], "remot": 2, "allowremot": 2, "bind": 2, "socket": 2, "loopback": 2, "bindaddress": 2, "127": [2, 4, 12], "disabl": [2, 12], "specifi": [2, 3], "nosecureimap": 2, "keepal": 2, "charact": [2, 12], "dure": 2, "larg": 2, "enablekeepal": 2, "count": [2, 10], "retriev": 2, "foldersizelimit": 2, "immedi": 2, "store": [2, 4, 9], "imapautoexpung": 2, "enabl": [2, 4, 12], "poll": [2, 12], "delai": [2, 10], "minut": [2, 12], "imapidledelai": 2, "repli": [2, 3, 8], "rfc822": 2, "size": [2, 4], "request": [2, 4, 12], "approxim": 2, "perform": [2, 12], "imapalwaysapproxmsgs": 2, "client": [2, 3, 4, 8, 12], "300": 2, "clientsotimeout": 2, "system": [2, 3, 4, 6, 8, 12], "user": [2, 3, 4, 5, 6, 8, 10, 12], "useradd": [2, 6], "r": [2, 6, 10, 12], "bin": [2, 4, 6, 12], "protect": [2, 3, 5, 8, 12], "pry": [2, 12], "ey": [2, 12], "chown": [2, 12], "root": [2, 12], "opt": [2, 6, 12], "chmod": [2, 4, 12], "u": [2, 6, 10, 12], "rw": [2, 12], "g": [2, 3, 4, 8, 12], "o": [2, 4, 12], "nano": [2, 12], "etc": [2, 3, 4, 6, 8, 12], "unit": [2, 12], "descript": [2, 6, 12], "want": [2, 5, 12], "target": [2, 12], "syslog": [2, 12], "execstart": [2, 12], "group": [2, 7, 12], "restart": [2, 3, 4, 8, 12], "restartsec": [2, 12], "5m": [2, 12], "wantedbi": [2, 12], "Then": [2, 3, 4, 6, 8, 12], "systemctl": [2, 4, 12], "daemon": [2, 4, 12], "reload": [2, 4, 12], "you": [2, 3, 4, 5, 6, 7, 8, 12], "must": [2, 3, 8, 12], "also": [2, 3, 7, 8, 12], "abov": [2, 12], "edit": [2, 6, 12], "everi": [2, 6, 12], "time": [2, 4, 6, 7, 12], "upgrad": [2, 5, 6, 12], "statu": [2, 12], "event": [2, 11, 12], "crash": [2, 4, 12], "5": [2, 4, 9], "show": [2, 7, 12], "log": [2, 12], "current": [2, 4, 12], "vew": 2, "well": [2, 12], "newest": [2, 12], "oldest": [2, 12], "journalctl": [2, 12], "becaus": [2, 3, 7, 8, 12], "interact": [2, 4], "add": [2, 3, 4, 6, 7, 8, 12], "follow": [2, 4], "ini": [2, 12], "config": [2, 6, 12], "demystifi": 3, "complet": [3, 4], "look": [3, 7], "out": [3, 4, 7], "sister": 3, "checkdmarc": 3, "against": [3, 8], "spoof": [3, 8], "open": 3, "monitor": [3, 12], "ensur": [3, 6, 8], "dkm": 3, "mechan": 3, "actual": [3, 10], "same": [3, 4, 6, 7, 11], "end": [3, 4], "pass": [3, 7, 10], "long": 3, "relat": 3, "indic": [3, 5], "signatur": [3, 7, 8], "publish": 3, "envelop": 3, "sign": [3, 4, 6], "vendor": 3, "don": 3, "know": 3, "yet": 3, "ask": 3, "thei": [3, 6, 7, 8, 12], "through": 3, "your": [3, 4, 6, 7, 8, 11, 12], "relai": [3, 8], "theirs": 3, "realli": 3, "why": [3, 7], "displai": [3, 7, 11], "worst": 3, "have": [3, 4, 6, 7, 8, 11, 12], "specif": [3, 12], "norepli": [3, 10], "exampl": [3, 4, 6, 8, 10, 12], "separ": [3, 4, 6, 7, 9, 11, 12], "p": [3, 6, 10], "alter": [3, 8], "sp": [3, 10], "top": [3, 7], "level": [3, 4], "tld": 3, "would": [3, 5, 6, 8], "leav": 3, "vulner": 3, "deploi": [3, 8], "find": [3, 7, 8], "most": [3, 4, 7, 8, 12], "modifi": [3, 8, 12], "footer": [3, 8], "part": [3, 4, 7, 8], "therebi": [3, 8], "break": [3, 4, 8], "ideal": [3, 8], "should": [3, 6, 7, 8, 12], "forward": [3, 7, 8], "without": [3, 4, 7, 8], "all": [3, 5, 7, 8, 11, 12], "joe": [3, 8], "nelson": [3, 8], "doe": [3, 8], "fantast": [3, 8], "job": [3, 6, 8], "explain": [3, 8], "exactli": [3, 8], "shouldn": [3, 8], "fulli": [3, 8], "compliant": [3, 8], "rather": [3, 8], "than": [3, 4, 8, 12], "repeat": [3, 8], "hi": [3, 8], "fine": [3, 8], "here": [3, 8, 10, 12], "summari": [3, 5, 8], "retain": [3, 8], "origin": [3, 8, 12], "2369": [3, 8], "unsubscrib": [3, 8], "outgo": [3, 8, 12], "ad": [3, 6, 8, 12], "link": [3, 4, 7, 8], "2919": [3, 8], "id": [3, 8, 10, 12], "webmail": [3, 7, 8], "gener": [3, 4, 6, 8, 10, 12], "button": [3, 8], "tradit": [3, 8], "disclaim": [3, 8], "addit": [3, 8], "compli": [3, 4, 6, 8, 9], "configur": [3, 4, 5, 6, 7, 8, 9], "action": [3, 8], "prefix": [3, 8], "still": [3, 6, 8, 10, 12], "tell": [3, 6, 7, 8], "came": [3, 8], "wa": [3, 4, 6, 8], "sent": [3, 8, 12], "post": [3, 8], "step": [3, 4, 8], "common": [3, 4, 6, 8], "platform": [3, 8], "below": [3, 8, 12], "navig": [3, 6, 8], "subject_prefix": [3, 8], "from_is_list": [3, 8], "No": [3, 8], "first_strip_reply_to": [3, 8], "reply_goes_to_list": [3, 8], "poster": [3, 8], "include_rfc2369_head": [3, 8], "ye": [3, 8], "include_list_post_head": [3, 8], "include_sender_head": [3, 8], "non": [3, 8, 12], "digest": [3, 8], "msg_header": [3, 8], "msg_footer": [3, 8], "scrub_nondigest": [3, 8], "privaci": [3, 6, 7, 8, 12], "filter": [3, 7, 8, 11], "dmarc_moderation_act": [3, 8], "accept": [3, 4, 8], "dmarc_quarantine_moderation_act": [3, 8], "dmarc_none_moderation_act": [3, 8], "ident": [3, 8, 12], "blank": [3, 8], "html": [3, 4, 8, 10], "plaintext": [3, 8], "rfc2369": [3, 8], "explicit": [3, 8], "first": [3, 6, 8, 12], "strip": [3, 8, 12], "replyto": [3, 8], "goe": [3, 8], "mung": [3, 8], "mitig": [3, 8], "uncondition": [3, 8], "templat": [3, 8], "unfortun": [3, 8], "postoriu": [3, 8], "admin": [3, 8, 12], "ui": [3, 8], "empti": [3, 8], "so": [3, 6, 7, 8, 12], "ll": [3, 8], "line": [3, 8], "touch": [3, 8], "var": [3, 8], "en": [3, 4, 8, 10], "member": [3, 8], "regular": [3, 8], "languag": [3, 8], "core": [3, 8], "16": [3, 8], "2017a": [3, 8], "higher": [3, 8], "rewrit": [3, 8], "enforc": [3, 8], "quarantin": [3, 8], "reject": [3, 8], "polici": [3, 8, 10, 12], "linux": [3, 6, 8], "go": [3, 8], "legal": [3, 8], "administr": [3, 8], "known": [3, 7, 8, 12], "longer": [3, 8], "wrap": [3, 8], "could": [3, 4, 8, 12], "interfer": [3, 8], "search": [3, 8, 12], "mobil": [3, 8], "On": [3, 4, 6, 7, 8], "hand": [3, 8], "caus": [3, 4, 7, 8], "accident": [3, 8], "entir": [3, 7, 8], "intend": [3, 8], "choos": [3, 8], "fit": [3, 8], "commun": [3, 8], "tab": [3, 4, 8], "page": [3, 4, 6, 7, 8], "visual": [4, 9], "dashboard": [4, 5, 9, 11], "later": [4, 6, 12], "debian": [4, 6], "ubuntu": [4, 6], "y": [4, 6], "transport": 4, "wget": 4, "qo": 4, "artifact": 4, "elast": [4, 5], "co": 4, "gpg": 4, "dearmor": 4, "usr": 4, "share": [4, 12], "keyr": 4, "echo": 4, "deb": 4, "x": [4, 10], "stabl": 4, "main": 4, "tee": 4, "d": 4, "For": [4, 12], "cento": [4, 6], "rhel": [4, 6], "rpm": 4, "guid": [4, 5], "previous": [4, 7], "jvm": 4, "heap": 4, "veri": [4, 7, 12], "small": 4, "1g": 4, "under": [4, 6, 7], "heavi": 4, "load": 4, "fix": 4, "increas": [4, 12], "minimum": 4, "maximum": 4, "depend": [4, 5, 12], "resourc": [4, 5, 12], "sure": [4, 6], "ha": [4, 7, 12], "least": [4, 6, 12], "gb": 4, "ram": 4, "assign": 4, "4": [4, 6, 11], "xms4g": 4, "xmx4g": 4, "www": [4, 6, 12], "refer": [4, 5], "import": [4, 7], "As": [4, 7], "7": [4, 6], "activ": [4, 6], "xpack": 4, "vim": 4, "yml": 4, "featur": 4, "enrol": 4, "encrypt": [4, 12], "logstash": 4, "agent": 4, "keystor": 4, "cert": 4, "p12": 4, "mutual": 4, "between": [4, 7], "cluster": [4, 12], "node": 4, "verification_mod": 4, "truststor": 4, "self": [4, 5], "openssl": 4, "req": 4, "x509": 4, "dai": [4, 9, 12], "newkei": 4, "rsa": 4, "4096": 4, "keyout": 4, "crt": 4, "Or": [4, 6], "csr": 4, "ca": 4, "fill": [4, 6], "prompt": 4, "fqdn": 4, "field": 4, "rm": 4, "f": 4, "place": [4, 7, 12], "mv": 4, "660": 4, "server_ip": 4, "publicbaseurl": 4, "connexion": 4, "9200": [4, 12], "5601": 4, "past": [4, 11], "verif": [4, 12], "put": [4, 12], "browser": 4, "setup": [4, 9, 12], "encryptedsavedobject": 4, "encryptionkei": 4, "xxxx": 4, "now": [4, 7], "parsedmarc": [4, 9, 10, 11], "right": [4, 7], "click": [4, 7], "export": 4, "ndjson": 4, "provid": [4, 7], "consol": [4, 12], "stack": 4, "manag": [4, 12], "hamburg": 4, "menu": [4, 7], "overwrit": 4, "restor": 4, "someon": 4, "els": 4, "permiss": [4, 12], "control": 4, "commerci": [4, 5], "pack": 4, "chang": [4, 7, 11, 12], "wai": [4, 7], "releas": [4, 6], "login": 4, "checkbox": 4, "dmarc_aggreg": 4, "dmarc_forens": 4, "conform": 4, "each": [4, 6, 9, 11], "easi": [4, 9], "regul": [4, 6, 9, 12], "gdpr": [4, 9], "effici": 4, "help": 5, "maintain": 5, "develop": 5, "consid": [5, 7], "review": [5, 7], "how": 5, "contribut": 5, "assist": 5, "pin": 5, "particularli": [5, 12], "thank": [5, 10], "contributor": 5, "cli": 5, "util": 5, "kibana": [5, 11], "splunk": [5, 12], "opensearch": [5, 12], "grafana": 5, "altern": [5, 12], "agari": 5, "brand": [5, 7], "dmarcian": 5, "ondmarc": 5, "proofpoint": 5, "fraud": 5, "defens": 5, "valimail": 5, "draft": [5, 10], "rua": [5, 6], "failur": [5, 7, 10, 12], "ruf": [5, 6, 7, 12], "gmail": [5, 7, 12], "transpar": 5, "handl": [5, 12], "compress": 5, "structur": 5, "simpl": 5, "premad": [5, 11], "apach": 5, "kafka": [5, 12], "prerequisit": 5, "systemd": 5, "pattern": [5, 7], "retent": 5, "owa": 5, "ew": 5, "davmail": 5, "understand": [5, 7], "align": [5, 7, 10], "what": 5, "sender": [5, 7, 8], "won": 5, "t": [5, 8, 12], "dkim": [5, 7, 8, 10], "bug": 5, "tabl": [5, 7], "3": [6, 10, 11, 12], "anoth": [6, 12], "solut": 6, "two": 6, "mailto": 6, "uri": 6, "tag": 6, "comma": [6, 12], "behind": 6, "environ": 6, "detail": [6, 7], "http_proxi": 6, "prox": 6, "3128": 6, "https_proxi": 6, "ftp_proxi": 6, "credenti": [6, 12], "wide": [6, 10], "patch": 6, "2010": [6, 10], "rollup": 6, "22": 6, "kb4295699": 6, "2013": 6, "cumul": 6, "21": 6, "kb4099855": 6, "2016": 6, "11": [6, 10], "kb4134118": 6, "static": 6, "lite": 6, "databas": 6, "ipdb": 6, "distribut": 6, "term": 6, "creativ": 6, "attribut": 6, "intern": 6, "licens": 6, "fallback": 6, "geolite2": 6, "howev": 6, "cannot": 6, "tool": [6, 12], "locat": [6, 7], "overridden": 6, "buster": 6, "compon": 6, "contrib": 6, "repositori": [6, 11], "ppa": 6, "dnf": 6, "build": 6, "maco": 6, "window": 6, "decemb": 6, "30th": 6, "2019": 6, "free": 6, "account": [6, 7], "order": 6, "variou": 6, "regist": 6, "differ": [6, 7, 12], "older": [6, 10], "newer": 6, "Be": 6, "select": 6, "correct": 6, "v": [6, 12], "onc": 6, "pre": 6, "geoip": 6, "conf": 6, "systemdr": 6, "programdata": 6, "citi": 6, "asn": 6, "weekli": 6, "tuesdai": 6, "cron": 6, "schedul": 6, "task": 6, "python3": 6, "pip": 6, "virtualenv": 6, "dev": [6, 12], "libxml2": 6, "libxslt": 6, "python39": 6, "setuptool": 6, "devel": 6, "mkdir": 6, "b": [6, 10], "venv": [6, 12], "those": 6, "explicitli": 6, "9": 6, "insid": 6, "abl": 6, "libemail": 6, "friendli": 7, "incom": [7, 12], "switch": 7, "left": 7, "side": 7, "suggest": 7, "best": 7, "across": 7, "three": 7, "pie": 7, "chart": 7, "percentag": 7, "spf": [7, 10], "segment": 7, "malici": [7, 12], "just": 7, "especi": 7, "collect": [7, 12], "mai": [7, 12], "legitim": [7, 12], "correctli": 7, "while": [7, 12], "remain": 7, "often": 7, "rule": [7, 12], "wherea": 7, "reli": 7, "session": 7, "underneath": 7, "passag": 7, "disposit": [7, 10], "center": 7, "sort": [7, 12], "volum": 7, "By": [7, 12], "hover": 7, "mous": 7, "magnifi": 7, "glass": 7, "icon": 7, "our": 7, "recogn": 7, "market": 7, "plu": 7, "That": 7, "busi": 7, "particular": 7, "With": 7, "contact": 7, "lot": 7, "b2c": 7, "custom": [7, 12], "high": 7, "come": 7, "consum": 7, "googl": [7, 12], "yahoo": 7, "old": 7, "mention": 7, "earlier": 7, "similar": 7, "observ": 7, "who": 7, "addresse": 7, "parent": 7, "subsidiari": 7, "outdat": 7, "further": 7, "down": 7, "were": [7, 12], "call": 7, "been": [7, 12], "consolid": 7, "view": [7, 12], "own": [7, 11], "temporari": 7, "upper": 7, "These": 7, "recipi": 7, "avoid": 7, "leak": 7, "notabl": 7, "chines": 7, "few": [7, 12], "doc": 9, "wiki": 10, "schema": 10, "7480": 10, "appendix": 10, "c": [10, 12], "produc": 10, "normal": [10, 12], "regardless": 10, "xml_schema": 10, "report_metadata": 10, "org_nam": 10, "acm": 10, "org_email": 10, "org_extra_contact_info": 10, "report_id": 10, "9391651994964116463": 10, "begin_d": 10, "2012": 10, "04": 10, "27": 10, "20": 10, "00": 10, "end_dat": 10, "28": 10, "19": 10, "59": 10, "policy_publish": 10, "adkim": 10, "aspf": 10, "pct": 10, "100": [10, 12], "fo": 10, "72": 10, "150": 10, "241": 10, "94": 10, "adsl": 10, "shv": 10, "bellsouth": 10, "policy_evalu": 10, "policy_override_reason": 10, "identifi": 10, "header_from": 10, "envelope_from": 10, "envelope_to": 10, "null": 10, "auth_result": 10, "selector": 10, "scope": [10, 12], "mfrom": 10, "source_ip_address": 10, "source_countri": 10, "source_reverse_dn": 10, "source_base_domain": 10, "spf_align": 10, "dkim_align": 10, "dmarc_align": 10, "policy_override_com": 10, "dkim_domain": 10, "dkim_selector": 10, "dkim_result": 10, "spf_domain": 10, "spf_scope": 10, "spf_result": 10, "xennn": 10, "anonym": 10, "feedback_typ": 10, "user_ag": 10, "lua": 10, "original_mail_from": 10, "sharepoint": 10, "de": 10, "original_rcpt_to": 10, "peter": 10, "pan": 10, "arrival_d": 10, "mon": 10, "01": 10, "oct": 10, "2018": 10, "0200": 10, "message_id": 10, "38": 10, "e7": 10, "30937": 10, "bd6e1bb5": 10, "mailrelai": 10, "authentication_result": 10, "di": 10, "delivery_result": 10, "auth_failur": 10, "reported_domain": 10, "arrival_date_utc": 10, "09": 10, "authentication_mechan": 10, "original_envelope_id": 10, "sample_headers_onli": 10, "servernameon": 10, "n": [10, 12], "tby": 10, "cest": 10, "ndate": 10, "nmessag": 10, "nto": 10, "nfrom": 10, "utf": 10, "sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq": 10, "nsubject": 10, "nmime": 10, "nx": 10, "mailer": 10, "foundat": 10, "ncontent": 10, "charset": 10, "transfer": 10, "quot": 10, "printabl": 10, "head": 10, "href": 10, "3d": 10, "nwettbewerb": 10, "doctyp": 10, "w3c": 10, "dtd": 10, "meta": 10, "08": 10, "0240": 10, "003": 10, "parsed_sampl": 10, "display_nam": 10, "interakt": 10, "wettbewerb": 10, "\u00fcbersicht": 10, "to_domain": 10, "timezon": 10, "mime": 10, "hop": 10, "date_utc": 10, "has_defect": 10, "reply_to": 10, "filename_safe_subject": 10, "organization_nam": 10, "inc": 10, "2024": 10, "09t00": 10, "00z": 10, "09t23": 10, "59z": 10, "00z_exampl": 10, "policy_domain": 10, "policy_typ": 10, "st": [10, 12], "policy_str": 10, "stsv1": 10, "mx": 10, "max_ag": 10, "86400": 10, "successful_session_count": 10, "failed_session_count": 10, "failure_detail": 10, "result_typ": 10, "sending_mta_ip": 10, "209": 10, "85": 10, "222": 10, "201": 10, "receiving_ip": 10, "173": 10, "212": 10, "41": 10, "receiving_mx_hostnam": 10, "208": 10, "176": 10, "collector": [11, 12], "editor": 11, "occurr": 11, "layout": 11, "although": 11, "slightli": 11, "easier": 11, "flexibl": 11, "usag": 12, "h": 12, "config_fil": 12, "verbos": 12, "debug": 12, "log_fil": 12, "file_path": 12, "posit": 12, "argument": 12, "exit": 12, "silent": 12, "impli": 12, "write": 12, "print": 12, "warn": 12, "program": 12, "describ": 12, "comment": 12, "save_aggreg": 12, "save_forens": 12, "dmarcresport": 12, "upersecur": 12, "splunk_hec": 12, "splunkhec": 12, "hectokengoesher": 12, "s3": 12, "bucket": 12, "my": 12, "localhost": 12, "514": 12, "full": 12, "save_smtp_st": 12, "either": 12, "local_reverse_dns_map_path": 12, "period": 12, "n_proc": 12, "parallel": 12, "larger": 12, "improv": 12, "thousand": 12, "label": 12, "arriv": 12, "993": 12, "escap": 12, "wherev": 12, "section": 12, "recommend": 12, "try": 12, "skip_certificate_verif": 12, "skip": 12, "msgraph": 12, "auth_method": 12, "method": 12, "usernamepassword": 12, "devicecod": 12, "clientsecret": 12, "m365": 12, "client_id": 12, "app": 12, "registr": 12, "client_secret": 12, "secret": 12, "tenant_id": 12, "azur": 12, "tenant": 12, "token_fil": 12, "allow_unencrypted_storag": 12, "fall": 12, "back": 12, "unencrypt": 12, "grant": 12, "readwrit": 12, "deleg": 12, "applic": 12, "restrict": 12, "sinc": 12, "applicationaccesspolici": 12, "powershel": 12, "accessright": 12, "restrictaccess": 12, "appid": 12, "policyscopegroupid": 12, "special": 12, "cert_path": 12, "trust": 12, "appli": 12, "passsword": 12, "aggregate_top": 12, "topic": 12, "forensic_top": 12, "25": 12, "starttl": 12, "upload": 12, "region_nam": 12, "region": 12, "endpoint_url": 12, "endpoint": 12, "access_key_id": 12, "secret_access_kei": 12, "udp": 12, "gmail_api": 12, "credentials_fil": 12, "include_spam_trash": 12, "spam": 12, "trash": 12, "acquir": 12, "googleapi": 12, "oauth2_port": 12, "tcp": 12, "oauth2": 12, "8080": 12, "paginate_messag": 12, "per": 12, "log_analyt": 12, "resid": 12, "dce": 12, "ingest": 12, "dcr_immutable_id": 12, "immut": 12, "dcr": 12, "dcr_aggregate_stream": 12, "stream": 12, "dcr_forensic_stream": 12, "dcr_smtp_tls_stream": 12, "regard": 12, "strongli": 12, "much": 12, "faster": 12, "reliabl": 12, "cisco": 12, "opendn": 12, "outsid": 12, "instanc": 12, "highli": 12, "industri": 12, "sensit": 12, "healthcar": 12, "financ": 12, "possibl": 12, "appear": 12, "sometim": 12, "kind": 12, "approach": 12, "manual": 12, "1000": 12, "analyz": 12, "year": 12, "_cluster": 12, "health": 12, "pretti": 12, "active_primary_shard": 12, "932": 12, "active_shard": 12, "2k": 12, "persist": 12, "max_shards_per_nod": 12, "2000": 12, "watcher": 12, "io": 12}, "objects": {"": [[0, 0, 0, "-", "parsedmarc"]], "parsedmarc": [[0, 1, 1, "", "InvalidAggregateReport"], [0, 1, 1, "", "InvalidDMARCReport"], [0, 1, 1, "", "InvalidForensicReport"], [0, 1, 1, "", "InvalidSMTPTLSReport"], [0, 1, 1, "", "ParserError"], [0, 0, 0, "-", "elastic"], [0, 2, 1, "", "email_results"], [0, 2, 1, "", "extract_report"], [0, 2, 1, "", "get_dmarc_reports_from_mailbox"], [0, 2, 1, "", "get_dmarc_reports_from_mbox"], [0, 2, 1, "", "get_report_zip"], [0, 0, 0, "-", "opensearch"], [0, 2, 1, "", "parse_aggregate_report_file"], [0, 2, 1, "", "parse_aggregate_report_xml"], [0, 2, 1, "", "parse_forensic_report"], [0, 2, 1, "", "parse_report_email"], [0, 2, 1, "", "parse_report_file"], [0, 2, 1, "", "parse_smtp_tls_report_json"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv_rows"], [0, 2, 1, "", "parsed_forensic_reports_to_csv"], [0, 2, 1, "", "parsed_forensic_reports_to_csv_rows"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv_rows"], [0, 2, 1, "", "save_output"], [0, 0, 0, "-", "splunk"], [0, 0, 0, "-", "utils"], [0, 2, 1, "", "watch_inbox"]], "parsedmarc.elastic": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "ElasticsearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_elasticsearch"], [0, 2, 1, "", "save_forensic_report_to_elasticsearch"], [0, 2, 1, "", "save_smtp_tls_report_to_elasticsearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.opensearch": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "OpenSearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_opensearch"], [0, 2, 1, "", "save_forensic_report_to_opensearch"], [0, 2, 1, "", "save_smtp_tls_report_to_opensearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.splunk": [[0, 3, 1, "", "HECClient"], [0, 1, 1, "", "SplunkError"]], "parsedmarc.splunk.HECClient": [[0, 4, 1, "", "save_aggregate_reports_to_splunk"], [0, 4, 1, "", "save_forensic_reports_to_splunk"], [0, 4, 1, "", "save_smtp_tls_reports_to_splunk"]], "parsedmarc.utils": [[0, 1, 1, "", "DownloadError"], [0, 1, 1, "", "EmailParserError"], [0, 2, 1, "", "convert_outlook_msg"], [0, 2, 1, "", "decode_base64"], [0, 2, 1, "", "get_base_domain"], [0, 2, 1, "", "get_filename_safe_string"], [0, 2, 1, "", "get_ip_address_country"], [0, 2, 1, "", "get_ip_address_info"], [0, 2, 1, "", "get_reverse_dns"], [0, 2, 1, "", "get_service_from_reverse_dns_base_domain"], [0, 2, 1, "", "human_timestamp_to_datetime"], [0, 2, 1, "", "human_timestamp_to_unix_timestamp"], [0, 2, 1, "", "is_mbox"], [0, 2, 1, "", "is_outlook_msg"], [0, 2, 1, "", "parse_email"], [0, 2, 1, "", "query_dns"], [0, 2, 1, "", "timestamp_to_datetime"], [0, 2, 1, "", "timestamp_to_human"]]}, "objtypes": {"0": "py:module", "1": "py:exception", "2": "py:function", "3": "py:class", "4": "py:method"}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "exception", "Python exception"], "2": ["py", "function", "Python function"], "3": ["py", "class", "Python class"], "4": ["py", "method", "Python method"]}, "titleterms": {"api": 0, "refer": 0, "parsedmarc": [0, 1, 2, 5, 6, 12], "elast": 0, "opensearch": [0, 9], "splunk": [0, 11], "util": 0, "indic": 0, "tabl": 0, "contribut": 1, "bug": 1, "report": [1, 5, 6, 10], "access": 2, "an": 2, "inbox": 2, "us": [2, 6, 7, 12], "owa": 2, "ew": 2, "run": [2, 12], "davmail": 2, "systemd": [2, 12], "servic": [2, 12], "configur": [2, 12], "understand": 3, "dmarc": [3, 5, 7], "resourc": 3, "guid": 3, "spf": 3, "record": [3, 4, 9], "valid": 3, "lookalik": 3, "domain": 3, "align": 3, "what": [3, 8], "sender": 3, "won": 3, "t": 3, "support": 3, "dkim": 3, "about": [3, 8], "mail": [3, 8], "list": [3, 8], "best": [3, 8], "practic": [3, 8], "do": [3, 8], "mailman": [3, 8], "2": [3, 8], "3": [3, 8], "listserv": [3, 8], "workaround": [3, 8], "elasticsearch": 4, "kibana": [4, 7], "instal": [4, 6, 9], "upgrad": 4, "index": 4, "pattern": 4, "retent": [4, 9], "document": 5, "open": 5, "sourc": 5, "analyz": [5, 6], "visual": 5, "featur": 5, "content": 5, "prerequisit": 6, "test": 6, "multipl": 6, "web": 6, "proxi": 6, "microsoft": 6, "exchang": 6, "geoipupd": 6, "setup": 6, "option": 6, "depend": 6, "dashboard": 7, "summari": 7, "forens": [7, 10], "sampl": [7, 10], "grafana": 9, "output": 10, "aggreg": 10, "json": 10, "csv": 10, "smtp": 10, "tl": 10, "cli": 12, "help": 12, "file": 12}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.todo": 2, "sphinx.ext.viewcode": 1, "sphinx": 57}, "alltitles": {"API reference": [[0, "api-reference"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]], "Indices and tables": [[0, "indices-and-tables"]], "Contributing to parsedmarc": [[1, "contributing-to-parsedmarc"]], "Bug reports": [[1, "bug-reports"]], "Accessing an inbox using OWA/EWS": [[2, "accessing-an-inbox-using-owa-ews"]], "Running DavMail as a systemd service": [[2, "running-davmail-as-a-systemd-service"]], "Configuring parsedmarc for DavMail": [[2, "configuring-parsedmarc-for-davmail"]], "Understanding DMARC": [[3, "understanding-dmarc"]], "Resources": [[3, "resources"]], "DMARC guides": [[3, "dmarc-guides"]], "SPF and DMARC record validation": [[3, "spf-and-dmarc-record-validation"]], "Lookalike domains": [[3, "lookalike-domains"]], "DMARC Alignment Guide": [[3, "dmarc-alignment-guide"]], "What if a sender won\u2019t support DKIM/DMARC?": [[3, "what-if-a-sender-wont-support-dkim-dmarc"]], "What about mailing lists?": [[3, "what-about-mailing-lists"], [8, "what-about-mailing-lists"]], "Mailing list best practices": [[3, "mailing-list-best-practices"], [8, "mailing-list-best-practices"]], "Do": [[3, "do"], [8, "do"]], "Do not": [[3, "do-not"], [8, "do-not"]], "Mailman 2": [[3, "mailman-2"], [3, "id1"], [8, "mailman-2"], [8, "id1"]], "Mailman 3": [[3, "mailman-3"], [3, "id2"], [8, "mailman-3"], [8, "id2"]], "LISTSERV": [[3, "listserv"], [8, "listserv"]], "Workarounds": [[3, "workarounds"], [8, "workarounds"]], "Elasticsearch and Kibana": [[4, "elasticsearch-and-kibana"]], "Installation": [[4, "installation"], [6, "installation"], [9, "installation"]], "Upgrading Kibana index patterns": [[4, "upgrading-kibana-index-patterns"]], "Records retention": [[4, "records-retention"], [9, "records-retention"]], "parsedmarc documentation - Open source DMARC report analyzer and visualizer": [[5, "parsedmarc-documentation-open-source-dmarc-report-analyzer-and-visualizer"]], "Features": [[5, "features"]], "Contents": [[5, null]], "Prerequisites": [[6, "prerequisites"]], "Testing multiple report analyzers": [[6, "testing-multiple-report-analyzers"]], "Using a web proxy": [[6, "using-a-web-proxy"]], "Using Microsoft Exchange": [[6, "using-microsoft-exchange"]], "geoipupdate setup": [[6, "geoipupdate-setup"]], "Installing parsedmarc": [[6, "installing-parsedmarc"]], "Optional dependencies": [[6, "optional-dependencies"]], "Using the Kibana dashboards": [[7, "using-the-kibana-dashboards"]], "DMARC Summary": [[7, "dmarc-summary"]], "DMARC Forensic Samples": [[7, "dmarc-forensic-samples"]], "OpenSearch and Grafana": [[9, "opensearch-and-grafana"]], "Sample outputs": [[10, "sample-outputs"]], "Sample aggregate report output": [[10, "sample-aggregate-report-output"]], "JSON aggregate report": [[10, "json-aggregate-report"]], "CSV aggregate report": [[10, "csv-aggregate-report"]], "Sample forensic report output": [[10, "sample-forensic-report-output"]], "JSON forensic report": [[10, "json-forensic-report"]], "CSV forensic report": [[10, "csv-forensic-report"]], "JSON SMTP TLS report": [[10, "json-smtp-tls-report"]], "Splunk": [[11, "splunk"]], "Using parsedmarc": [[12, "using-parsedmarc"]], "CLI help": [[12, "cli-help"]], "Configuration file": [[12, "configuration-file"]], "Running parsedmarc as a systemd service": [[12, "running-parsedmarc-as-a-systemd-service"]]}, "indexentries": {"alreadysaved": [[0, "parsedmarc.elastic.AlreadySaved"], [0, "parsedmarc.opensearch.AlreadySaved"]], "downloaderror": [[0, "parsedmarc.utils.DownloadError"]], "elasticsearcherror": [[0, "parsedmarc.elastic.ElasticsearchError"]], "emailparsererror": [[0, "parsedmarc.utils.EmailParserError"]], "hecclient (class in parsedmarc.splunk)": [[0, "parsedmarc.splunk.HECClient"]], "invalidaggregatereport": [[0, "parsedmarc.InvalidAggregateReport"]], "invaliddmarcreport": [[0, "parsedmarc.InvalidDMARCReport"]], "invalidforensicreport": [[0, "parsedmarc.InvalidForensicReport"]], "invalidsmtptlsreport": [[0, "parsedmarc.InvalidSMTPTLSReport"]], "opensearcherror": [[0, "parsedmarc.opensearch.OpenSearchError"]], "parsererror": [[0, "parsedmarc.ParserError"]], "splunkerror": [[0, "parsedmarc.splunk.SplunkError"]], "convert_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.convert_outlook_msg"]], "create_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.create_indexes"]], "create_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.create_indexes"]], "decode_base64() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.decode_base64"]], "email_results() (in module parsedmarc)": [[0, "parsedmarc.email_results"]], "extract_report() (in module parsedmarc)": [[0, "parsedmarc.extract_report"]], "get_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_base_domain"]], "get_dmarc_reports_from_mailbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mailbox"]], "get_dmarc_reports_from_mbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mbox"]], "get_filename_safe_string() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_filename_safe_string"]], "get_ip_address_country() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_country"]], "get_ip_address_info() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_info"]], "get_report_zip() (in module parsedmarc)": [[0, "parsedmarc.get_report_zip"]], "get_reverse_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_reverse_dns"]], "get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_service_from_reverse_dns_base_domain"]], "human_timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_datetime"]], "human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_unix_timestamp"]], "is_mbox() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_mbox"]], "is_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_outlook_msg"]], "migrate_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.migrate_indexes"]], "migrate_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.migrate_indexes"]], "module": [[0, "module-parsedmarc"], [0, "module-parsedmarc.elastic"], [0, "module-parsedmarc.opensearch"], [0, "module-parsedmarc.splunk"], [0, "module-parsedmarc.utils"]], "parse_aggregate_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_file"]], "parse_aggregate_report_xml() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_xml"]], "parse_email() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.parse_email"]], "parse_forensic_report() (in module parsedmarc)": [[0, "parsedmarc.parse_forensic_report"]], "parse_report_email() (in module parsedmarc)": [[0, "parsedmarc.parse_report_email"]], "parse_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_report_file"]], "parse_smtp_tls_report_json() (in module parsedmarc)": [[0, "parsedmarc.parse_smtp_tls_report_json"]], "parsed_aggregate_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv"]], "parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv_rows"]], "parsed_forensic_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv"]], "parsed_forensic_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv_rows"]], "parsed_smtp_tls_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv"]], "parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv_rows"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]], "query_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.query_dns"]], "save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_aggregate_report_to_elasticsearch"]], "save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_aggregate_report_to_opensearch"]], "save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk"]], "save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_forensic_report_to_elasticsearch"]], "save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_forensic_report_to_opensearch"]], "save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk"]], "save_output() (in module parsedmarc)": [[0, "parsedmarc.save_output"]], "save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch"]], "save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_smtp_tls_report_to_opensearch"]], "save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk"]], "set_hosts() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.set_hosts"]], "set_hosts() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.set_hosts"]], "timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_datetime"]], "timestamp_to_human() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_human"]], "watch_inbox() (in module parsedmarc)": [[0, "parsedmarc.watch_inbox"]]}})
\ No newline at end of file
diff --git a/splunk.html b/splunk.html
index 7974a54f..bf5b44ed 100644
--- a/splunk.html
+++ b/splunk.html
@@ -4,7 +4,7 @@
   
 
   
-  Splunk — parsedmarc 8.10.3 documentation
+  Splunk — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
diff --git a/usage.html b/usage.html
index fa158cc0..f6feb297 100644
--- a/usage.html
+++ b/usage.html
@@ -4,7 +4,7 @@
   
 
   
-  Using parsedmarc — parsedmarc 8.10.3 documentation
+  Using parsedmarc — parsedmarc 8.11.0 documentation
       
       
 
@@ -38,7 +38,7 @@
             parsedmarc
           
               
            
-                8.10.3
+                8.11.0
               
            
 
            
   
@@ -198,6 +198,8 @@ 
            Configuration filesave_forensic - bool: Save forensic report data to
 Elasticsearch, Splunk and/or S3
            
+
          • save_smtp_sts - bool: Save SMTP-STS report data to
+Elasticsearch, Splunk and/or S3
            • 
 
          • strip_attachment_payloads - bool: Remove attachment
 payloads from results
            • 
 
          • output - str: Directory to place JSON and CSV files in.  This is required if you set either of the JSON output file options.
            • 
@@ -209,6 +211,9 @@ 
            Configuration fileoffline - bool: Do not use online queries for geolocation
 or DNS
            
+
          • always_use_local_files - Disables the download of the reverse DNS map
            • 
+
          • local_reverse_dns_map_path - Overrides the default local file path to use for the reverse DNS map
            • 
+
          • reverse_dns_map_url - Overrides the default download URL for the reverse DNS map
            • 
 
          • nameservers - str: A comma separated list of
 DNS resolvers (Default: [Cloudflare's public resolvers])
            • 
 
          • dns_timeout - float: DNS timeout period
            •