parsedmarc icon indicating copy to clipboard operation
parsedmarc copied to clipboard

Published 20 hours ago verified publisher icon domainaware

Add support for analysing SMTP TLS reports

Open ghost opened this issue 6 years ago • 38 comments

Hi

Have you planed that your tool can analyze the report from mta-sts (TLSRPTv1) too?

Or do you know another software for this?

Thank you for help

ghost avatar Apr 14 '19 15:04 ghost

URIports supports MTA-STS and DANE TLS-RPT reports.

freddieleeman avatar Apr 29 '19 21:04 freddieleeman

I just glanced over the RFC. This looks like it would be easy to add. Not sure when I'll get to it though.

seanthegeek avatar May 08 '19 19:05 seanthegeek

@freddieleeman all point in self-hosted solutions is that they self-hosted. You not share your personal and company info with 3rd parties when you have possibility host own solution. It will be cool if parsedmarc will have this future :+1:

dragoangel avatar Nov 14 '19 11:11 dragoangel

Hi @seanthegeek I can send you sample data for mta-sts and tlsa reports if it will help you. Do you need them?

dragoangel avatar Jan 24 '20 19:01 dragoangel

@dragoangel That would be great!

seanthegeek avatar Feb 02 '20 17:02 seanthegeek

@seanthegeek I contact you in PM on twitter

dragoangel avatar Feb 08 '20 13:02 dragoangel

@dragoangel That would be great!

Do you need more reports? I'm getting some incoming, and no clue how to read them. :-)

NoSubstitute avatar Feb 20 '20 12:02 NoSubstitute

I haven't even had the chance to read over what @dragoangel sent me. 😋 I'll keep that in mind though. Thanks.

seanthegeek avatar Feb 20 '20 17:02 seanthegeek

@NoSubstitute no clue how to read them

TLS Reports are JSON formated mostly to one line. To get there more visibility you need format them to pretty json (using online tools, or text app, e.g: Notepad++ JSTool plugin, etc).

dragoangel avatar Mar 08 '20 01:03 dragoangel

@NoSubstitute no clue how to read them

TLS Reports are JSON formated mostly to one line. To get there more visibility you need format them to pretty json (using online tools, or text app, e.g: Notepad++ JSTool plugin, etc).

Thanks. The NP++ plugin made it easier to read. Still, a nicely aggregated statistical view would be nice.

NoSubstitute avatar Mar 08 '20 10:03 NoSubstitute

It would be a splendid feature. Is anyone aware of a currently existing self-hosted TLS-RPT analyzer/dashboard?

rhclayto avatar Apr 30 '21 22:04 rhclayto

I've done a quick solution for this writing only to json output; so no analyzing or anything just re-using the automatic imap-mailbox handling. (It's enough for my use case)

Maybe some on can use this as a starting point for a real implementation: https://github.com/tbsmark86/parsedmarc/commit/990f8df60baa017fcd5aad9871c00f70f3dcafc7

tbsmark86 avatar Oct 13 '21 08:10 tbsmark86

+1 for TLS reports feature.

EmadFathy avatar Oct 24 '21 10:10 EmadFathy

+1 for that feature.

mapietru avatar Nov 16 '21 13:11 mapietru

+1, please support it

PHPGangsta avatar Mar 04 '22 15:03 PHPGangsta

+1 !

bbccdd avatar Aug 21 '22 18:08 bbccdd

+1 for MTA-STS support

cbrandlehner avatar Sep 10 '22 15:09 cbrandlehner

+1 for MTA-STS

ArenTahmasian avatar Sep 14 '22 14:09 ArenTahmasian

+1 for MTA-STS

matthiasmaes avatar Sep 30 '22 07:09 matthiasmaes

+1 for MTA-STS

zell-mbc avatar Jan 05 '23 10:01 zell-mbc

Is there something new on this? I've discovered this project today and for my use case is this is the only feature, which I miss.

Zoey2936 avatar Feb 13 '23 00:02 Zoey2936

+1 !

mkilijanek avatar Mar 03 '23 23:03 mkilijanek

+1 for MTA-STS support

ermurenz avatar Mar 04 '23 04:03 ermurenz

+1 :)

Pascal76 avatar Mar 04 '23 09:03 Pascal76

To those who want TLS Reporting.. Have you set it up, and receiving reports ? Can I get some replies from who you receive TLS Reports from ?

I can start out:

  • Google

Kuzuto avatar Jul 17 '23 23:07 Kuzuto

  • Google Inc.
  • Microsoft Corporation
  • SocketLabs
  • Comcast
  • Mail.ru
  • Mimecast

And an additional 20 that lack significance.

freddieleeman avatar Jul 18 '23 05:07 freddieleeman

I agree that google.com and microsoft.com are majority of emails here.

However, adding the following:

  • yahoo.de
  • yahoo.co.uk
  • yahoo.com
  • verizon.net

cbrandlehner avatar Jul 18 '23 10:07 cbrandlehner

Are you sure? Haven't seen a single report, and we process thousands daily.

If they do, they are probably not RFC compliant.

freddieleeman avatar Jul 18 '23 20:07 freddieleeman

SMTP-TLS reports I receive are from Google.

mkilijanek avatar Jul 18 '23 23:07 mkilijanek

  • Google Inc.

    • Microsoft Corporation

    • SocketLabs

    • Comcast

    • Mail.ru

    • Mimecast

And an additional 20 that lack significance.

It'a amazing so many sends TLS Reports now. Only a few years ago, only 4 was sending reports, where Microsoft was the last coming to the group. : https://www.mailhardener.com/blog/microsoft-has-begun-sending-smtp-tls-reports Never got any from Mimecast. Would like to see that report. Is the TLS reports you receive from all those different senders RFC Compliant, or is any still lacking behind ?

Kuzuto avatar Jul 19 '23 07:07 Kuzuto