Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question]: Consistent Error Messages when Processing Reports #12

Closed
ryanrbftp opened this issue Jul 6, 2023 · 17 comments · Fixed by #13
Closed

[Question]: Consistent Error Messages when Processing Reports #12

ryanrbftp opened this issue Jul 6, 2023 · 17 comments · Fixed by #13
Assignees
@userjack6880
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@ryanrbftp
Copy link

We recently moved over from the techsneeze parser/reporting interface due to consistent errors when parsing reports.

We are continuing to get report parse errors.

I have included examples below. I have asked this as a question as it may be a problem on our end so any advice, tips, or suggestions to resolve are appreciated in advance. Many thanks!

Open Report Parser: wp.pl: 1688599419.913278356: source_ip is empty. Skipped.
Open Report Parser: wp.pl: 1688599419.913278356: Cannot add records to rptrecord. Rolling back DB transaction.
Open Report Parser: Skipping IMAP message with UID #51454 due to database errors.
Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-32518-2.dat>)! 
Open Report Parser: The IMAP message with UID #51471 does not seem to contain a valid DMARC report. Skipped.
Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-32518-3.dat>)! 
Open Report Parser: The IMAP message with UID #51539 does not seem to contain a valid DMARC report. Skipped.
@ryanrbftp ryanrbftp added help wanted Extra attention is needed question Further information is requested labels Jul 6, 2023
@userjack6880 userjack6880 transferred this issue from userjack6880/Open-DMARC-Analyzer Jul 6, 2023
@userjack6880
Copy link
Owner

To help a bit more - what version of Open Report Parser are you using? What DB and version are you using?

@userjack6880
Copy link
Owner

Also, can you run it again with the debug flag (-d) as it'll give a bit more insight into what's going on.

@ryanrbftp
Copy link
Author

ryanrbftp commented Jul 6, 2023
edited
Loading

Thank you for the response.

I can find any version information anywhere or a command line to display such but this is what's present in the Perl file:
my $version = 'Version 0 Alpha 4';

We grabbed it a couple of days ago from Github.

We're running MariaDB 10.1.48.

I have run the usual script with the -d flag. Output below. Thank you for your help.

lovedmarc@charlotte:~/httpdocs/dmarcts-report-parser$ perl ~/httpdocs/dmarcts-report-parser/report-parser.pl -i --delete -d


--- DEBUG ---
  Open Report Parser
  Version 0 Alpha 4
-------------
Use of uninitialized value $processInfo in concatenation (.) or string at /var/www/vhosts/love.love.nett/httpdocs/dmarcts-report-parser/report-parser.pl line 315.
Use of uninitialized value $oauthuri in concatenation (.) or string at /var/www/vhosts/love.love.nett/httpdocs/dmarcts-report-parser/report-parser.pl line 315.
Use of uninitialized value $oauthclientid in concatenation (.) or string at /var/www/vhosts/love.love.nett/httpdocs/dmarcts-report-parser/report-parser.pl line 315.
Open Report Parser DEBUG ENABLED
-- Script Options --

Report Source:   0
(0: IMAP, 1: Message, 2: XML, 3: MBOX, 4: ZIP, 5: JSON)
Show Processed:   
Delete Reports:   1
Delete Failed:    0
Replace Reports:  0
DMARC Only:       1
(0: DMARC\TLS, 1: DMARC Only, -1: TLS Only)

-- Database Options --

DB Type:          mysql
DB Name:          dmarcreporting
DB User:          dmarcreporting
DB Host/Port:     localhost:3306
DB TX Support:    1

Max XML Size:     50000
Max JSON Size:    50000
Compress XML:     0
Compress JSON:    0

-- IMAP Options --

IMAP Server:      love.love.net
IMAP Port:        143
TLS:              1
SSL:              0
TLS Verify:       1
IMAP User:        [email protected]
IMAP Ignore Err:  0
IMAP Auth:        simple
Oauth2 URI:       
OAuth2 Client ID: 
DMARC Folders: 
   Reports:       Inbox
TLS Folders: 
   Reports:       Inbox
----



--- DEBUG ---
  use tls with verify servercert.
-------------


--- DEBUG ---
  connection to love.love.net with Ssl => 0, User => [email protected], Ignoresizeerrors => 0
-------------
Started at Thu Jul  6 15:53:10 2023
Using Mail::IMAPClient version 3.39 on perl 5.026001
Connecting with IO::Socket::INET PeerAddr love.love.net PeerPort 143 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 1
Connected to love.love.net
Read:   * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
Sending: 1 STARTTLS
Sent 12 bytes
Read:   1 OK Begin TLS negotiation now.


--- DEBUG ---
  using simple auth
-------------
Connecting with IO::Socket::INET PeerAddr love.love.net PeerPort 143 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 1
Connected to love.love.net
Read:   * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
Sending: 2 STARTTLS
Sent 12 bytes
Read:   2 OK Begin TLS negotiation now.
Sending: 3 LOGIN [email protected] [Redact: Count=3 Showcredentials=OFF]
Sent 53 bytes
Read:   3 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE QUOTA] Logged in
Sending: 4 STATUS Inbox (MESSAGES)
Sent 27 bytes
Read:   * STATUS Inbox (MESSAGES 4)
        4 OK Status completed (0.004 + 0.000 + 0.003 secs).


--- DEBUG ---
  Processing 4 messages in folder <Inbox>.
-------------


--- DEBUG ---
  report processing
-------------
Sending: 5 STATUS Inbox (MESSAGES)
Sent 27 bytes
Read:   * STATUS Inbox (MESSAGES 4)
        5 OK Status completed (0.001 + 0.000 secs).


--- DEBUG ---
  processing <Inbox>.
-------------
Sending: 6 SELECT Inbox
Sent 16 bytes
Read:   * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk)
        * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk \*)] Flags permitted.
        * 4 EXISTS
        * 0 RECENT
        * OK [UIDVALIDITY 1602703283] UIDs valid
        * OK [UIDNEXT 51567] Predicted next UID
        * OK [HIGHESTMODSEQ 158883] Highest
        6 OK [READ-WRITE] Select completed (0.001 + 0.000 secs).
Sending: 7 UID SEARCH ALL
Sent 18 bytes
Read:   * SEARCH 51454 51471 51539 51557
        7 OK Search completed (0.001 + 0.000 secs).
Sending: 8 CAPABILITY
Sent 14 bytes
Read:   * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE QUOTA
        8 OK Capability completed (0.001 + 0.000 secs).
Sending: 9 UID FETCH 51454 BODY[]
Sent 26 bytes
LITERAL: received literal in line * 1 FETCH (UID 51454 BODY[]  of length 4112; attempting to retrieve from the 4060 bytes in: Return-Path: <[email protected]>
  X-Original-To: [email protected]
  Delivered-To: [email protected]
  Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 40386982D90
        for <[email protected]>; Thu,  6 Jul 2023 00:23:41 +0100 (BST)
  Authentication-Results: love.love.net;
        dmarc=pass (p=NONE sp=NONE) smtp.from=wp.pl header.from=wp.pl;
        dkim=pass header.d=wp.pl;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
  Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
  X-Virus-Scanned: Debian amavisd-new at
  X-Spam-Flag: NO
  X-Spam-Score: 0.904
  X-Spam-Level: 
  X-Spam-Status: No, score=0.904 tagged_above=-9999 required=3
        tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
        MIME_HEADER_CTYPE_ONLY=0.1, MIME_NO_TEXT=1,
        RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001,
        RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
        TVD_SPACE_RATIO=0.001, UNPARSEABLE_RELAY=0.001]
        autolearn=no autolearn_force=no
  Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (1024-bit key) header.d=wp.pl
  Received: from mx4.wp.pl (mx4.wp.pl [212.77.101.11])
        by love.love.net (Postfix) with ESMTPS id 767FB982D8E
        for <[email protected]>; Thu,  6 Jul 2023 00:23:40 +0100 (BST)
  Received-SPF: pass (love.love.net: domain of wp.pl designates 212.77.101.11 as permitted sender) client-ip=212.77.101.11; [email protected]; helo=mx4.wp.pl;
  Received: (wp-smtpd smtp.wp.pl 31870 invoked from network); 6 Jul 2023 01:23:39 +0200
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wp.pl; s=1024a;
            t=1688599419; bh=TrCdWpYZRBN7MS4QZoeSIBI71jg1fY+Szw0zBpxJW8U=;
            h=From:To:Subject;
            b=gMKvIpybpNnyWtogyduiStgAmOscYMYYzO5h3Ey257GkGQ4ied4xMRuXt87/IrfTS
             hZhpXbxqR9NyTIMqwRvtLL6SCpGplSYg1v7phkqnIDUzyREnJtiKOXEIDS+N5i+kHf
             JKSJhZVtu9NP6QvwLPl2gFRZKZCpZfxiGL9bZFNc=
  Received: from unknown (HELO localhost) ([unknown])
            (envelope-sender <[email protected]>)
            by smtp.wp.pl (WP-SMTPD) with SMTP
            for <[email protected]>; 6 Jul 2023 01:23:39 +0200
  Date: Thu, 06 Jul 2023 01:23:39 +0200
  Message-ID: <[email protected]>
  X-WP-FOLDER: inbox
  From: [email protected]
  To: [email protected]
  Subject: Report Domain: flyawaysimulation.com Submitter: wp.pl Report-ID: 1688599419.913278356
  Content-Type: multipart/mixed;
   boundary="part5af59bbf72c911.10496558"
  X-WP-MailID: 4a5f67cba78402e4926c501d9fecd250
  X-WP-AV: skaner antywirusowy Poczty Wirtualnej Polski
  
  This is a multi-part message in MIME format.
  
  --part5af59bbf72c911.10496558
  Content-Type: application/zip; name="wp.pl!flyawaysimulation.com!1688508000!1688594400.xml.zip"
  Content-Transfer-Encoding: base64
  Content-Disposition: attachment;
   filename="wp.pl!flyawaysimulation.com!1688508000!1688594400.xml.zip"
  
  UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAA1AAAAd3AucGwhZmx5YXdheXNpbXVsYXRpb24uY29t
  ITE2ODg1MDgwMDAhMTY4ODU5NDQwMC54bWxkUu2u2jAMfaKRssu9A8my9iaRSVzwbvOhfIzx9lOa
  toD4U59jnyTHdmFktmcy3wiJY0hFOy5kqRCCpcI6kb8wwpkv4nH/dTx+DsdhGED1DLC3PX06HFq6
  cVDPR0O6aE+O8RZ3cQK1cWBHMqF1lMyPXGN7/vci6iXgfyWRNsEXMkWLH8Mi72bzJn/Xrf3I6u90
  2J92p/3Hz1/Hj88vUI/6hh+9xzCJuetYz5PkK1sEGxyJx3G6043uWVydqEjwOxMcqKUKZL/FYQLV
  AVCO40xbhIiJ/7ApoCJCfrAcEaIpuG8TbADUu4HEJqQWww0hh5oMa4kI6gmbUH3BAVQHaxv8l6ZK
  ZW5DcgxZmvO2p2fWHaseZr+qf99vUbMJseyLjMIpI1yZLCc9ptAueWUvQqrlqhPnOpW8vLNObxtj
  L8+LWUB38npWrSNR21/8PwAA//9QSwcIFy0pBVABAADQAgAAUEsBAhQAFAAIAAgAAAAAABctKQVQ
  AQAA0AIAADUAAAAAAAAAAAAAAAAAAAAAAHdwLnBsIWZseWF3YXlzaW11bGF0aW9uLmNvbSExNjg4
  NTA4MDAwITE2ODg1OTQ0MDAueG1sUEsFBgAAAAABAAEAY<END_OF_iBuffer>
Received ret=52 4112 of 4112
Read:   * 1 FETCH (UID 51454 BODY[]     )
Read:   9 OK Fetch completed (0.001 + 0.000 secs).
Sending: 10 UID FETCH 51454 (RFC822.SIZE)
Sent 34 bytes
Read:   * 1 FETCH (UID 51454 RFC822.SIZE 4112)
        10 OK Fetch completed (0.001 + 0.000 secs).

----------------------------------------------------------------
Processing IMAP message with UID #51454 
----------------------------------------------------------------
Type: 1
FileContent: Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 40386982D90
        for <[email protected]>; Thu,  6 Jul 2023 00:23:41 +0100 (BST)
Authentication-Results: love.love.net;
        dmarc=pass (p=NONE sp=NONE) smtp.from=wp.pl header.from=wp.pl;
        dkim=pass header.d=wp.pl;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.904
X-Spam-Level: 
X-Spam-Status: No, score=0.904 tagged_above=-9999 required=3
        tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
        MIME_HEADER_CTYPE_ONLY=0.1, MIME_NO_TEXT=1,
        RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001,
        RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
        TVD_SPACE_RATIO=0.001, UNPARSEABLE_RELAY=0.001]
        autolearn=no autolearn_force=no
Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (1024-bit key) header.d=wp.pl
Received: from mx4.wp.pl (mx4.wp.pl [212.77.101.11])
        by love.love.net (Postfix) with ESMTPS id 767FB982D8E
        for <[email protected]>; Thu,  6 Jul 2023 00:23:40 +0100 (BST)
Received-SPF: pass (love.love.net: domain of wp.pl designates 212.77.101.11 as permitted sender) client-ip=212.77.101.11; [email protected]; helo=mx4.wp.pl;
Received: (wp-smtpd smtp.wp.pl 31870 invoked from network); 6 Jul 2023 01:23:39 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wp.pl; s=1024a;
          t=1688599419; bh=TrCdWpYZRBN7MS4QZoeSIBI71jg1fY+Szw0zBpxJW8U=;
          h=From:To:Subject;
          b=gMKvIpybpNnyWtogyduiStgAmOscYMYYzO5h3Ey257GkGQ4ied4xMRuXt87/IrfTS
           hZhpXbxqR9NyTIMqwRvtLL6SCpGplSYg1v7phkqnIDUzyREnJtiKOXEIDS+N5i+kHf
           JKSJhZVtu9NP6QvwLPl2gFRZKZCpZfxiGL9bZFNc=
Received: from unknown (HELO localhost) ([unknown])
          (envelope-sender <[email protected]>)
          by smtp.wp.pl (WP-SMTPD) with SMTP
          for <[email protected]>; 6 Jul 2023 01:23:39 +0200
Date: Thu, 06 Jul 2023 01:23:39 +0200
Message-ID: <[email protected]>
X-WP-FOLDER: inbox
From: [email protected]
To: [email protected]
Subject: Report Domain: flyawaysimulation.com Submitter: wp.pl Report-ID: 1688599419.913278356
Content-Type: multipart/mixed;
 boundary="part5af59bbf72c911.10496558"
X-WP-MailID: 4a5f67cba78402e4926c501d9fecd250
X-WP-AV: skaner antywirusowy Poczty Wirtualnej Polski

This is a multi-part message in MIME format.

--part5af59bbf72c911.10496558
Content-Type: application/zip; name="wp.pl!flyawaysimulation.com!1688508000!1688594400.xml.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="wp.pl!flyawaysimulation.com!1688508000!1688594400.xml.zip"

UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAA1AAAAd3AucGwhZmx5YXdheXNpbXVsYXRpb24uY29t
ITE2ODg1MDgwMDAhMTY4ODU5NDQwMC54bWxkUu2u2jAMfaKRssu9A8my9iaRSVzwbvOhfIzx9lOa
toD4U59jnyTHdmFktmcy3wiJY0hFOy5kqRCCpcI6kb8wwpkv4nH/dTx+DsdhGED1DLC3PX06HFq6
cVDPR0O6aE+O8RZ3cQK1cWBHMqF1lMyPXGN7/vci6iXgfyWRNsEXMkWLH8Mi72bzJn/Xrf3I6u90
2J92p/3Hz1/Hj88vUI/6hh+9xzCJuetYz5PkK1sEGxyJx3G6043uWVydqEjwOxMcqKUKZL/FYQLV
AVCO40xbhIiJ/7ApoCJCfrAcEaIpuG8TbADUu4HEJqQWww0hh5oMa4kI6gmbUH3BAVQHaxv8l6ZK
ZW5DcgxZmvO2p2fWHaseZr+qf99vUbMJseyLjMIpI1yZLCc9ptAueWUvQqrlqhPnOpW8vLNObxtj
L8+LWUB38npWrSNR21/8PwAA//9QSwcIFy0pBVABAADQAgAAUEsBAhQAFAAIAAgAAAAAABctKQVQ
AQAA0AIAADUAAAAAAAAAAAAAAAAAAAAAAHdwLnBsIWZseWF3YXlzaW11bGF0aW9uLmNvbSExNjg4
NTA4MDAwITE2ODg1OTQ0MDAueG1sUEsFBgAAAAABAAEAYwAAALMBAAAAAA==

--part5af59bbf72c911.10496558--

MSG: IMAP message with UID #51454
----------------------------------------------------------------


--- DEBUG ---
  getting XML from message
-------------


--- DEBUG ---
  Subject: Report Domain: flyawaysimulation.com Submitter: wp.pl Report-ID: 1688599419.913278356
  MimeType: multipart/mixed
-------------


--- DEBUG ---
  This is a multipart attachment
-------------


--- DEBUG ---
  /tmp/msg-3200-1.zip
-------------


--- DEBUG ---
  body is in /tmp/msg-3200-1.zip
-------------


--- DEBUG ---
  getting XML from ZIP
-------------


--- DEBUG ---
  getting XML from string
-------------


--- DEBUG ---
  storing XML in database
-------------


--- DEBUG ---
  serial 50512
-------------


--- DEBUG ---
  single record
-------------
Open Report Parser: wp.pl: 1688599419.913278356: source_ip is empty. Skipped.


--- DEBUG ---
  Result -1 XML: <feedback><report_metadata><date_range><begin>1688508000</begin><end>1688594400</end></date_range><org_name>wp.pl</org_name><email>[email protected]</email><extra_contact_info>[email protected]</extra_contact_info><report_id>1688599419.913278356</report_id></report_metadata><policy_published><domain>flyawaysimulation.com</domain><adkim>r</adkim><aspf>r</aspf><p>reject</p><sp>reject</sp><pct>100</pct></policy_published><record><row><source_ip></source_ip><count>0</count><policy_evaluated><disposition></disposition><dkim></dkim><spf></spf></policy_evaluated></row><identifiers><header_from></header_from></identifiers><auth_results><spf><domain></domain><result></result></spf></auth_results></record></feedback>
-------------
Open Report Parser: wp.pl: 1688599419.913278356: Cannot add records to rptrecord. Rolling back DB transaction.
Open Report Parser: Skipping IMAP message with UID #51454 due to database errors.
Sending: 11 UID FETCH 51471 BODY[]
Sent 27 bytes
LITERAL: received literal in line * 2 FETCH (UID 51471 BODY[]  of length 4528; attempting to retrieve from the 2407 bytes in: Return-Path: <[email protected]>
  X-Original-To: [email protected]
  Delivered-To: [email protected]
  Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 51401980716
        for <[email protected]>; Thu,  6 Jul 2023 06:39:19 +0100 (BST)
  Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=us-1.mimecastreport.com header.from=us-1.mimecastreport.com;
        dkim=pass header.d=us-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
  Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
  X-Virus-Scanned: Debian amavisd-new at
  X-Spam-Flag: NO
  X-Spam-Score: -1.299
  X-Spam-Level: 
  X-Spam-Status: No, score=-1.299 tagged_above=-9999 required=3
        tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_force=no
  Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (2048-bit key) header.d=us-1.mimecastreport.com
  Received: from us-mta-13.us.mimecast.lan (us-smtp-1.mimecast.com [207.211.31.81])
        by love.love.net (Postfix) with ESMTP id 1E5AD98045B
        for <[email protected]>; Thu,  6 Jul 2023 06:39:16 +0100 (BST)
  Received-SPF: pass (love.love.net: domain of us-1.mimecastreport.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; [email protected]; helo=us-mta-13.us.mimecast.lan;
  From: [email protected]
  Subject: Report domain: flyawaysimulation.com Submitter: mimecast.org
   Report-ID: a3bf7bf22cc3d33776706e5ffc45d124f93f5f3b52e00ffe909aa226c9a1631b
  To: <[email protected]>
  Message-Id: <[email protected]>
  Date: Thu, 6 Jul 2023 01:39:13 -0400
  Mime-Version: 1.0
  X-MC-UniqueId: 9720e9c9-8bb1-417d-94b3-3706015faf8a
  Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us-1.mimecastreport.com;
        s=20221110; t=1688621953;
        h=from:from:reply-to:subject<END_OF_iBuffer>
Received ret=2121 4528 of 4528
Read:   * 2 FETCH (UID 51471 BODY[]     )
Read:   11 OK Fetch completed (0.001 + 0.000 secs).
Sending: 12 UID FETCH 51471 (RFC822.SIZE)
Sent 34 bytes
Read:   * 2 FETCH (UID 51471 RFC822.SIZE 4528)
        12 OK Fetch completed (0.001 + 0.000 secs).

----------------------------------------------------------------
Processing IMAP message with UID #51471 
----------------------------------------------------------------
Type: 1
FileContent: Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 51401980716
        for <[email protected]>; Thu,  6 Jul 2023 06:39:19 +0100 (BST)
Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=us-1.mimecastreport.com header.from=us-1.mimecastreport.com;
        dkim=pass header.d=us-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level: 
X-Spam-Status: No, score=-1.299 tagged_above=-9999 required=3
        tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_force=no
Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (2048-bit key) header.d=us-1.mimecastreport.com
Received: from us-mta-13.us.mimecast.lan (us-smtp-1.mimecast.com [207.211.31.81])
        by love.love.net (Postfix) with ESMTP id 1E5AD98045B
        for <[email protected]>; Thu,  6 Jul 2023 06:39:16 +0100 (BST)
Received-SPF: pass (love.love.net: domain of us-1.mimecastreport.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; [email protected]; helo=us-mta-13.us.mimecast.lan;
From: [email protected]
Subject: Report domain: flyawaysimulation.com Submitter: mimecast.org
 Report-ID: a3bf7bf22cc3d33776706e5ffc45d124f93f5f3b52e00ffe909aa226c9a1631b
To: <[email protected]>
Message-Id: <[email protected]>
Date: Thu, 6 Jul 2023 01:39:13 -0400
Mime-Version: 1.0
X-MC-UniqueId: 9720e9c9-8bb1-417d-94b3-3706015faf8a
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us-1.mimecastreport.com;
        s=20221110; t=1688621953;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=MEz1J8mWIyXnqVw1WuFHTP1XX6dhPgpkT83T0GpW9R0=;
        b=tA4PITV/91wVtXt82VhVdMfFXddfaaA4f0V4w86aD0gRZRmCNjNSlANgHLbqQNA6NKK/ja
        AG73TuRACvhyX6wioQM8KAf3/zibNG33ynSCL/anaf88wgMG8pk+e6Qo2RiB4ROpyxHQQR
        mBxahx3PapUejG4WT3u0Skk3KUkxbK171N3KKHymJAvgRiZWswCbt5gUH56FFXrCLxMHyP
        x7kNHMBk9yyaKc82Dn2wqwLdrLM1vN5KYsufte3ZPxyt4nkyrTFTH60YxLoz7lkFqcIRhM
        jY4xM2T0khccxRZKs97e9oLaqspyaVQkTuZnOhfa9ybTF1QQhZq4rN6RdMgHsw==
Content-Disposition: attachment
Content-Type: application/gzip
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="mimecast.org!flyawaysimulation.com!1688515200!1688601599!a3bf7bf22cc3d33776706e5ffc45d124f93f5f3b52e00ffe909aa226c9a1631b.xml.zip"

UEsDBBQACAgIACYr5lYAAAAAAAAAAAAAAAB9AAAAbWltZWNhc3Qub3JnIWZseWF3YXlzaW11bGF0
aW9uLmNvbSExNjg4NTE1MjAwITE2ODg2MDE1OTkhYTNiZjdiZjIyY2MzZDMzNzc2NzA2ZTVmZmM0
NWQxMjRmOTNmNWYzYjUyZTAwZmZlOTA5YWEyMjZjOWExNjMxYi54bWyVVE132yAQvOdX+Plu68uS
rT5Ceuqtt/ast4LFppFAD1Ac//uigGQ1afvak/HsMDs7i02eXvtu84LGSq0et9k+3W5QMc2lOj9u
v3/7sjttN9aB4tBphY/bG9rtE30gApG3wJ7pw2ZDDA7auKZHBxwcTJhHtTk3CnqkX2WPDKwjyQIF
BvYgO6r0zgt0t8+j3WX7PpKD5p7pniSBF++8OgMN08oBc41UQtOLc4P9lCSe249KutsiMl1PbPKs
9LVDfkYv9fF60I0zSE6haMWxFXnOWMGL4nisjmmFpRDsUPIsP4i6EKUo2jLHNBUC67QGyPOK1ZBV
RdaS5K4VtH0o2BhQ5zi4h1o8S0Wz6nQqszJPU5IEZK6j4m/VKs3Kuva+1SyW/Kq2dFunTwbdSXZr
hrHtpL3gYkT7JBUV3Q2ucLOyHztwfvMh5lgNVODPsqeGJOEQQTuIN2z6DNBADf5A5pc7RMQOfqXK
Z21nZGCOZtOM0+HN8+/8+RUwbWarRl+XMKweDcNGDjSry32eH/bZ4bCvTr7FUpm5TI/K0Yok4TDD
sSG+QDf6/PhcmEKRdtBWTjlE42tkxZtyGMBaT1giiROLWFhyWQ35rqdf2DwakRyVk0L6399y7YLA
0TTC6P5Pi1pTouYHJQKjuzQG7di5u/g74//+HsKc2PlNa0M5CvC6ft4ZuZNCy5hH/HKvXsYeVLSV
3KNa+yKrEP/f41/ar9bjn/C7eCZyeH4kuf+5/QRQSwcIDUGMjC4CAAAgBQAAUEsBAhQAFAAICAgA
JivmVg1BjIwuAgAAIAUAAH0AAAAAAAAAAAAAAAAAAAAAAG1pbWVjYXN0Lm9yZyFmbHlhd2F5c2lt
dWxhdGlvbi5jb20hMTY4ODUxNTIwMCExNjg4NjAxNTk5IWEzYmY3YmYyMmNjM2QzMzc3NjcwNmU1
ZmZjNDVkMTI0ZjkzZjVmM2I1MmUwMGZmZTkwOWFhMjI2YzlhMTYzMWIueG1sUEsFBgAAAAABAAEA
qwAAANkCAAAAAA0K

MSG: IMAP message with UID #51471
----------------------------------------------------------------


--- DEBUG ---
  getting XML from message
-------------


--- DEBUG ---
  Subject: Report domain: flyawaysimulation.com Submitter: mimecast.org
 Report-ID: a3bf7bf22cc3d33776706e5ffc45d124f93f5f3b52e00ffe909aa226c9a1631b
  MimeType: application/gzip
-------------


--- DEBUG ---
  This is a GZIP file
-------------


--- DEBUG ---
  body is in /tmp/msg-3200-2.dat
-------------


--- DEBUG ---
  getting XML from ZIP
-------------
Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-3200-2.dat>)! 
Open Report Parser: The IMAP message with UID #51471 does not seem to contain a valid DMARC report. Skipped.
Sending: 13 UID FETCH 51539 BODY[]
Sent 27 bytes
LITERAL: received literal in line * 3 FETCH (UID 51539 BODY[]  of length 4486; attempting to retrieve from the 4060 bytes in: Return-Path: <[email protected]>
  X-Original-To: [email protected]
  Delivered-To: [email protected]
  Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 3B036983036
        for <[email protected]>; Thu,  6 Jul 2023 08:44:52 +0100 (BST)
  Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=us-1.mimecastreport.com header.from=us-1.mimecastreport.com;
        dkim=pass header.d=us-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
  Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
  X-Virus-Scanned: Debian amavisd-new at
  X-Spam-Flag: NO
  X-Spam-Score: -2.699
  X-Spam-Level: 
  X-Spam-Status: No, score=-2.699 tagged_above=-9999 required=3
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_force=no
  Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (2048-bit key) header.d=us-1.mimecastreport.com
  Received: from us-mta-3.us.mimecast.lan (us-smtp-2.mimecast.com [207.211.31.81])
        by love.love.net (Postfix) with ESMTP id 5E587983033
        for <[email protected]>; Thu,  6 Jul 2023 08:44:51 +0100 (BST)
  Received-SPF: pass (love.love.net: domain of us-1.mimecastreport.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; [email protected]; helo=us-mta-3.us.mimecast.lan;
  From: [email protected]
  Subject: Report domain: ufoinsight.com Submitter: mimecast.org Report-ID:
   17cc3086e98b43b9383683306ff14664750ecc090a0ac84f6b72c3851277f70e
  To: <[email protected]>
  Message-Id: <[email protected]>
  Date: Thu, 6 Jul 2023 03:44:50 -0400
  Mime-Version: 1.0
  X-MC-UniqueId: f8e48483-8fb0-43dc-a686-fb818bef232f
  Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us-1.mimecastreport.com;
        s=20221110; t=1688629490;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=mI7Xga+VXNc+7qaC98mApRnaa07n18dZja5VHbnGRco=;
        b=gt3Z0Ti2nCCJYmauG5/r0PGhflitvXOPLLy72VmXcoUQFOVxfrAdFa9UiE2sEDQcqyRtPe
        V1gTaTdpXhikEMKLQEUzzE25+gg1qvCPZjwxHvTmwTQJUEcb2MFb+lAVI6qGCPxzaKiwPE
        Fvqdcjl+btS6iMOTbNq6U1yElvvoVNGowdUVzBUEn6wmhIMtsMQK+QKwhrf64gHzDB85eI
        n0uOgifQNCVa01QKhJIuYyGJkOXeNJatnfHel13WeAm+xl+bS6vOklOYtEH1DywFveUSbV
        Ik2i/jxPmKtZKzi32q2HVHhVdcdgBLfVYmMuJG1hRIBKIzx704LEsXiGHoW9QA==
  Content-Disposition: attachment
  Content-Type: application/gzip
  Content-Transfer-Encoding: base64
  Content-Disposition: attachment;
   filename="mimecast.org!ufoinsight.com!1688515200!1688601599!17cc3086e98b43b9383683306ff14664750ecc090a0ac84f6b72c3851277f70e.xml.zip"
  
  UEsDBBQACAgIACI85lYAAAAAAAAAAAAAAAB2AAAAbWltZWNhc3Qub3JnIXVmb2luc2lnaHQuY29t
  ITE2ODg1MTUyMDAhMTY4ODYwMTU5OSExN2NjMzA4NmU5OGI0M2I5MzgzNjgzMzA2ZmYxNDY2NDc1
  MGVjYzA5MGEwYWM4NGY2YjcyYzM4NTEyNzdmNzBlLnhtbJVUy5LbIBC871e4fLfe1iOF2Zxyyy05
  qxAaScQSqADtrv8+yKBH7K1UcjLuaXp6erDR68fQH95AKib45Rh6wfEAnIqa8fZy/Pnj2yk/HpQm
  vCa94HA53kAdX/ELagDqitArfjkckIRRSF0OoElNNJkxgwrZlpwMgL+zAShRGvkrZBkwENZjLk5G
  oL99ndQp9AZHtpoeFQPyLc/d+dCSlFRwTaguGW8E7rQe1RffN9xh4kzfVpH5uq/8KxfvPdQtGKnn
  61bXzcBqHGaUxkGeQpFXSVwVcR6neRwHadOESZom2TkASoMiIAGhedKkVRbROD+HUZY1WWCabFpW
  24QCpSS8dYMbqIKWcRymubl3joIA+RZZ6sDrezUNwnNRGN98EfP/VFu77dNHo+gZvZXjVPVMdbAa
  ESZJjqdGMK5Y27l8HWw5pL6yAUvk24MD1djcsfnTQiOW8Auo2eroEDWaXXIzv1qQkWoczsPNh7vZ
  z4yZ7KmQi0cp3tcUlJgkhZKNOCzOXhQlXpgkXpqbFmtl4VIxcY0j5NvDAruG8Eb6yQRXL4U5DaZG
  oZg2T98Z3yM73pzDSJQyhDUSN3HjCmsuuy<END_OF_iBuffer>
Received ret=426 4486 of 4486
Read:   * 3 FETCH (UID 51539 BODY[]     )
Read:   13 OK Fetch completed (0.001 + 0.000 secs).
Sending: 14 UID FETCH 51539 (RFC822.SIZE)
Sent 34 bytes
Read:   * 3 FETCH (UID 51539 RFC822.SIZE 4486)
        14 OK Fetch completed (0.001 + 0.000 secs).

----------------------------------------------------------------
Processing IMAP message with UID #51539 
----------------------------------------------------------------
Type: 1
FileContent: Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 3B036983036
        for <[email protected]>; Thu,  6 Jul 2023 08:44:52 +0100 (BST)
Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=us-1.mimecastreport.com header.from=us-1.mimecastreport.com;
        dkim=pass header.d=us-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-9999 required=3
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_force=no
Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (2048-bit key) header.d=us-1.mimecastreport.com
Received: from us-mta-3.us.mimecast.lan (us-smtp-2.mimecast.com [207.211.31.81])
        by love.love.net (Postfix) with ESMTP id 5E587983033
        for <[email protected]>; Thu,  6 Jul 2023 08:44:51 +0100 (BST)
Received-SPF: pass (love.love.net: domain of us-1.mimecastreport.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; [email protected]; helo=us-mta-3.us.mimecast.lan;
From: [email protected]
Subject: Report domain: ufoinsight.com Submitter: mimecast.org Report-ID:
 17cc3086e98b43b9383683306ff14664750ecc090a0ac84f6b72c3851277f70e
To: <[email protected]>
Message-Id: <[email protected]>
Date: Thu, 6 Jul 2023 03:44:50 -0400
Mime-Version: 1.0
X-MC-UniqueId: f8e48483-8fb0-43dc-a686-fb818bef232f
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us-1.mimecastreport.com;
        s=20221110; t=1688629490;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=mI7Xga+VXNc+7qaC98mApRnaa07n18dZja5VHbnGRco=;
        b=gt3Z0Ti2nCCJYmauG5/r0PGhflitvXOPLLy72VmXcoUQFOVxfrAdFa9UiE2sEDQcqyRtPe
        V1gTaTdpXhikEMKLQEUzzE25+gg1qvCPZjwxHvTmwTQJUEcb2MFb+lAVI6qGCPxzaKiwPE
        Fvqdcjl+btS6iMOTbNq6U1yElvvoVNGowdUVzBUEn6wmhIMtsMQK+QKwhrf64gHzDB85eI
        n0uOgifQNCVa01QKhJIuYyGJkOXeNJatnfHel13WeAm+xl+bS6vOklOYtEH1DywFveUSbV
        Ik2i/jxPmKtZKzi32q2HVHhVdcdgBLfVYmMuJG1hRIBKIzx704LEsXiGHoW9QA==
Content-Disposition: attachment
Content-Type: application/gzip
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="mimecast.org!ufoinsight.com!1688515200!1688601599!17cc3086e98b43b9383683306ff14664750ecc090a0ac84f6b72c3851277f70e.xml.zip"

UEsDBBQACAgIACI85lYAAAAAAAAAAAAAAAB2AAAAbWltZWNhc3Qub3JnIXVmb2luc2lnaHQuY29t
ITE2ODg1MTUyMDAhMTY4ODYwMTU5OSExN2NjMzA4NmU5OGI0M2I5MzgzNjgzMzA2ZmYxNDY2NDc1
MGVjYzA5MGEwYWM4NGY2YjcyYzM4NTEyNzdmNzBlLnhtbJVUy5LbIBC871e4fLfe1iOF2Zxyyy05
qxAaScQSqADtrv8+yKBH7K1UcjLuaXp6erDR68fQH95AKib45Rh6wfEAnIqa8fZy/Pnj2yk/HpQm
vCa94HA53kAdX/ELagDqitArfjkckIRRSF0OoElNNJkxgwrZlpwMgL+zAShRGvkrZBkwENZjLk5G
oL99ndQp9AZHtpoeFQPyLc/d+dCSlFRwTaguGW8E7rQe1RffN9xh4kzfVpH5uq/8KxfvPdQtGKnn
61bXzcBqHGaUxkGeQpFXSVwVcR6neRwHadOESZom2TkASoMiIAGhedKkVRbROD+HUZY1WWCabFpW
24QCpSS8dYMbqIKWcRymubl3joIA+RZZ6sDrezUNwnNRGN98EfP/VFu77dNHo+gZvZXjVPVMdbAa
ESZJjqdGMK5Y27l8HWw5pL6yAUvk24MD1djcsfnTQiOW8Auo2eroEDWaXXIzv1qQkWoczsPNh7vZ
z4yZ7KmQi0cp3tcUlJgkhZKNOCzOXhQlXpgkXpqbFmtl4VIxcY0j5NvDAruG8Eb6yQRXL4U5DaZG
oZg2T98Z3yM73pzDSJQyhDUSN3HjCmsuuyEfeppNLaMhVgPXrGHmh7de64DUIMtGiuFpQ/uaE3uS
QGTSXSlBTb3eVB8c/8MLsJNBb3YrJK6hIUbQTLggG8n2cgm4L1u1mwbCnR9/C2dvCO1i+w9zf+m7
24R5rQ+BzGT70pC//YH9BlBLBwhIvjpIKAIAAAQFAABQSwECFAAUAAgICAAiPOZWSL46SCgCAAAE
BQAAdgAAAAAAAAAAAAAAAAAAAAAAbWltZWNhc3Qub3JnIXVmb2luc2lnaHQuY29tITE2ODg1MTUy
MDAhMTY4ODYwMTU5OSExN2NjMzA4NmU5OGI0M2I5MzgzNjgzMzA2ZmYxNDY2NDc1MGVjYzA5MGEw
YWM4NGY2YjcyYzM4NTEyNzdmNzBlLnhtbFBLBQYAAAAAAQABAKQAAADMAgAAAAANCg==

MSG: IMAP message with UID #51539
----------------------------------------------------------------


--- DEBUG ---
  getting XML from message
-------------


--- DEBUG ---
  Subject: Report domain: ufoinsight.com Submitter: mimecast.org Report-ID:
 17cc3086e98b43b9383683306ff14664750ecc090a0ac84f6b72c3851277f70e
  MimeType: application/gzip
-------------


--- DEBUG ---
  This is a GZIP file
-------------


--- DEBUG ---
  body is in /tmp/msg-3200-3.dat
-------------


--- DEBUG ---
  getting XML from ZIP
-------------
Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-3200-3.dat>)! 
Open Report Parser: The IMAP message with UID #51539 does not seem to contain a valid DMARC report. Skipped.
Sending: 15 UID FETCH 51557 BODY[]
Sent 27 bytes
LITERAL: received literal in line * 4 FETCH (UID 51557 BODY[]  of length 4585; attempting to retrieve from the 1247 bytes in: Return-Path: <[email protected]>
  X-Original-To: [email protected]
  Delivered-To: [email protected]
  Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 786F4983039
        for <[email protected]>; Thu,  6 Jul 2023 12:08:07 +0100 (BST)
  Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=au-1.mimecastreport.com header.from=au-1.mimecastreport.com;
        dkim=pass header.d=au-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
  Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
  X-Virus-Scanned: Debian amavisd-new at
  X-Spam-Flag: NO
  X-Spam-Score: -2.699
  X-Spam-Level: 
  X-Spam-Status: No, score=-2.699 tagged_above=-9999 required=3
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_for<END_OF_iBuffer>
Received ret=3338 4585 of 4585
Read:   * 4 FETCH (UID 51557 BODY[]     )
Read:   15 OK Fetch completed (0.001 + 0.000 secs).
Sending: 16 UID FETCH 51557 (RFC822.SIZE)
Sent 34 bytes
Read:   * 4 FETCH (UID 51557 RFC822.SIZE 4585)
        16 OK Fetch completed (0.001 + 0.000 secs).

----------------------------------------------------------------
Processing IMAP message with UID #51557 
----------------------------------------------------------------
Type: 1
FileContent: Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from love.love.net (love.love.net [127.0.0.1])
        by love.love.net (Postfix) with ESMTP id 786F4983039
        for <[email protected]>; Thu,  6 Jul 2023 12:08:07 +0100 (BST)
Authentication-Results: love.love.net;
        dmarc=pass (p=REJECT sp=NONE) smtp.from=au-1.mimecastreport.com header.from=au-1.mimecastreport.com;
        dkim=pass header.d=au-1.mimecastreport.com;
        spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=love.love.net
Received-SPF: pass (love.love.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=love.love.net;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-9999 required=3
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
        SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
        autolearn=ham autolearn_force=no
Authentication-Results: love.love.net (amavisd-new);
        dkim=pass (2048-bit key) header.d=au-1.mimecastreport.com
Received: from au-mta-45.au.mimecast.lan (au-smtp-1.mimecast.com [103.13.69.22])
        by love.love.net (Postfix) with ESMTP id 0A8F4983036
        for <[email protected]>; Thu,  6 Jul 2023 12:08:05 +0100 (BST)
Received-SPF: pass (love.love.net: domain of au-1.mimecastreport.com designates 103.13.69.22 as permitted sender) client-ip=103.13.69.22; [email protected]; helo=au-mta-45.au.mimecast.lan;
From: [email protected]
Subject: Report domain: flyawaysimulation.com Submitter: mimecast.org
 Report-ID: 8f9bfe7bb910cd4ea4978e20a10dd7de9e57a348ac4f0924c32d71bdc30c32f4
To: <[email protected]>
Message-Id: <[email protected]>
Date: Thu, 6 Jul 2023 21:08:03 +1000
Mime-Version: 1.0
X-MC-UniqueId: 113d76f0-b08c-4df1-bde7-3490d98266b7
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=au-1.mimecastreport.com;
        s=20221110; t=1688641683;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=qnCPxoNnbpNdcZCbRLqh1oFt2gnz8OVCGCiYClpKCOQ=;
        b=OQKkrloYJK6dqKIHOwsZ+fHbbJUIto7yL6bQkdyRTSNxbHSo4lTkDpSmuCx550JTjycg2t
        NmcNG6BYnEkK7fGRljfHJPsUagdHeN/DM5ERBS7Hx62s31pMxrH0ijDDjAjGxoESJBGs5b
        1yl146BtgSllg3ogJFu86pyZ+Q1s1xmO42z5YTMzIiitnOzzanjYH9D+qy8lNUbT9vgE5G
        6K53dDkjR7ux/Y3agqiyyRffR/sgc86NkPAY9bOzX3NJO9JNmDXI4A7fEIRSQDJsYMmmKB
        XHTM5AKLQrWgN21myMIJD3MYlvOEGyZRPXzthK43Ye5FFH5UurIR5oZ65zLR9g==
Content-Disposition: attachment
Content-Type: application/gzip
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="mimecast.org!flyawaysimulation.com!1688515200!1688601599!8f9bfe7bb910cd4ea4978e20a10dd7de9e57a348ac4f0924c32d71bdc30c32f4.xml.zip"

UEsDBBQACAgIAP1V5lYAAAAAAAAAAAAAAAB9AAAAbWltZWNhc3Qub3JnIWZseWF3YXlzaW11bGF0
aW9uLmNvbSExNjg4NTE1MjAwITE2ODg2MDE1OTkhOGY5YmZlN2JiOTEwY2Q0ZWE0OTc4ZTIwYTEw
ZGQ3ZGU5ZTU3YTM0OGFjNGYwOTI0YzMyZDcxYmRjMzBjMzJmNC54bWztVctu2zAQvOcrDN8tSrIc
SwXD9NRbb+1ZoMilzUYiBZJK4r8vFVKP5lEYKAr00JPp2eXs7OxKwvfPXbt5BGOlVnfbLEm3G1BM
c6lOd9vv377syu3GOqo4bbWCu+0F7Pae3GABwBvKHsjNZoMN9Nq4ugNHOXV0xDyqzalWtAPyVXbA
qHUYzVDIgI7Klii98wTt5TMddlnSxeTAmTDdYRTy4p1nZ2jNtHKUuVoqocnZud5+QsjndoOS7jKT
jNeRRQ9KP7XAT+Cp3l4PvLEHyUkpqkbAsWmqLGW8AFpUxxLylGYp50cOFRyOdF+UlBUirfKC7XN+
zBrO9qk/igKjhStwe1OgNlSdYuMeauAkFcluy/KQHfI0xSggUxwUf4neptmhqrxuNZGhX9nmamv3
ca9byS51PzSttGeYhWjvpCKivdAnerGyG1rq/OSDzTEaUil/kB0xGIVDBG0vXrDxN0A9MfADmB9u
HxHb+5Eq77WdkJ45ko09jocXze/p8yNg2kxSjX6azbB6MAxq2ZM8rZLykGR5mWTHvS8xR6Zcpgfl
q2EUDhMcC8IjbQfvH58CoynS9trK0YcofI2s8kYfemqtT5gtiR0LIvyKji2LuSR6v6Yf2NQalhyU
k0L652++dgbKwdTC6O6jQa1TIucbJkwHd64N2KF1C/kr4dfvQ+gTWj9pbQgHQT2v73dClqRQMhoV
/yzR89BRFWWhxaq1LrwycdF4Gt8BH+j6TcnVSPzavrJkTJ5W7prty6pDkudFkhVFclv+S9sXAv+3
729t37Ua/3wTMVo+rT8BUEsHCCuCiBNZAgAAngcAAFBLAQIUABQACAgIAP1V5lYrgogTWQIAAJ4H
AAB9AAAAAAAAAAAAAAAAAAAAAABtaW1lY2FzdC5vcmchZmx5YXdheXNpbXVsYXRpb24uY29tITE2
ODg1MTUyMDAhMTY4ODYwMTU5OSE4ZjliZmU3YmI5MTBjZDRlYTQ5NzhlMjBhMTBkZDdkZTllNTdh
MzQ4YWM0ZjA5MjRjMzJkNzFiZGMzMGMzMmY0LnhtbFBLBQYAAAAAAQABAKsAAAAEAwAAAAANCg==

MSG: IMAP message with UID #51557
----------------------------------------------------------------


--- DEBUG ---
  getting XML from message
-------------


--- DEBUG ---
  Subject: Report domain: flyawaysimulation.com Submitter: mimecast.org
 Report-ID: 8f9bfe7bb910cd4ea4978e20a10dd7de9e57a348ac4f0924c32d71bdc30c32f4
  MimeType: application/gzip
-------------


--- DEBUG ---
  This is a GZIP file
-------------


--- DEBUG ---
  body is in /tmp/msg-3200-4.dat
-------------


--- DEBUG ---
  getting XML from ZIP
-------------
Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-3200-4.dat>)! 
Open Report Parser: The IMAP message with UID #51557 does not seem to contain a valid DMARC report. Skipped.
Sending: 17 EXPUNGE
Sent 12 bytes
Read:   17 OK Expunge completed (0.001 + 0.000 secs).
Sending: 18 CLOSE
Sent 10 bytes
Read:   18 OK Close completed (0.001 + 0.000 secs).
Sending: 19 STATUS Inbox (MESSAGES)
Sent 28 bytes
Read:   * STATUS Inbox (MESSAGES 4)
        19 OK Status completed (0.001 + 0.000 secs).
Sending: 20 LOGOUT
Sent 11 bytes
Read:   * BYE Logging out
        20 OK Logout completed (0.001 + 0.000 secs).


--- DEBUG ---
  Processed 4 emails.
-------------

@userjack6880
Copy link
Owner

That's helpful, thanks - I'll read through the debug output and see what I can pick out of it.

@userjack6880
Copy link
Owner

Alright - one of the reports seems to be missing data in the source_ip field, which is required when inserting it into the database - so the behavior of throwing an error for that is fine.

As for the emails from mimecast - it seems to be failing to unzip the zip files being sent. Is unzip installed?

@ryanrbftp
Copy link
Author

Thank you for the response.

Yes, that did cross my mind but...

lovedmarc@charlotte:~/httpdocs/dmarcts-report-parser$ which gunzip
/bin/gunzip

lovedmarc@charlotte:~/httpdocs/dmarcts-report-parser$ which unzip
/usr/bin/unzip

I had an idea that perhaps it can't write to /tmp/ so that was checked also:

lovedmarc@charlotte:/tmp$ touch test.tmp

lovedmarc@charlotte:/tmp$ ls test.tmp
test.tmp

Perhaps the Mimecast attachments are in a different compressed format. I don't know. I would have thought there would be an industry standard for DMARC reporting.

Any ideas are always greatly appreciated. Many thanks, John!

@ryanrbftp
Copy link
Author

Okay I've spotted something in your report-parser.pl source.

if ($isgzip) {
      open(JSON, "<:gzip", $filename)
      or $unzip = "ungzip";
    }

We don't have "ungzip" on our system (Ubuntu). We have either "gunzip" or something like "gzip -d". In fact, I've never come across a "ungzip" executable. I could create a symlink to make it work but better would be to modify the Perl source?

Let me know your thoughts and many thanks.

@userjack6880
Copy link
Owner

Open Report Parser: Failed to ungzip ZIP file (</tmp/msg-3200-4.dat>)!

This line seems to tell me it's trying to unzip a .dat file rather than a .zip file - the headers for the related message say that the attachment is a .zip file - perhaps your IMAP server is converting it into a .dat when it gets pulled? What IMAP server are you using?

@userjack6880
Copy link
Owner

The unzip variable's value isn't actually used for unzip the file - it's just a carryover from the original techsneeze script where it's checking to see if the variable is empty. it's looking for either gzip or unzip.

@ryanrbftp
Copy link
Author

Thanks for the update.

I've just logged into the webmail (roundcube) for the mailauth-reports@ account to take a look at the failing reports and can confirm I am able to download the ZIP file from all of the Mimecast reports. I extract them locally and correctly get the XML.

IMAP server is Dovecot 2.3.19.1.

@userjack6880
Copy link
Owner

Alright, it seems like Mimecast is improperly setting content-type to application/gzip, but they are sending a .zip file. When it makes the attempt to unarchive it using gzip it fails. Testing with the output you gave me, I forced it to use unzip instead and it is able to unzip the .dat file that's generated.

It's frustrating that the wrong file type is being presented. I'll see if I can develop a workaround for this case, as it's not unreasonable for this to occur.

@ryanrbftp
Copy link
Author

Thanks for the update and digging.

Perhaps ignore what the MimeType is set to, download the attachment locally, and then analyze once downloaded using "file" or something.

userjack6880 pushed a commit that referenced this issue Jul 6, 2023
Fixed an issue with mimecast improperly setting mime type outlined in…
ac8ed66 
… Issue #12
@userjack6880
Copy link
Owner

userjack6880 commented Jul 6, 2023
edited
Loading

I've pushed an update to the dev branch - pull the code and see if that solves your issue.

Instead of ignoring the mimetype, I've gone the route that if it fails to extract the first time, it'll try again with the other method.

Let me know if this resolves the issue.

@ryanrbftp
Copy link
Author

Thanks for actively working on this.

Now we are getting:

lovedmarc@charlotte:~/httpdocs/dmarcts-report-parser$ perl ~/httpdocs/dmarcts-report-parser/report-parser.pl -i --delete
Global symbol "$xml" requires explicit package name (did you forget to declare "my $xml"?) at /var/www/vhosts/love.love.net/httpdocs/dmarcts-report-parser/report-parser.pl line 1468.
Global symbol "$xml" requires explicit package name (did you forget to declare "my $xml"?) at /var/www/vhosts/love.love.net/httpdocs/dmarcts-report-parser/report-parser.pl line 1471.
Execution of /var/www/vhosts/love.love.net/httpdocs/dmarcts-report-parser/report-parser.pl aborted due to compilation errors.

@userjack6880
Copy link
Owner

Ooops. Forgot to rename a variable. The dev branch should be updated and have that fixed.

@ryanrbftp
Copy link
Author

ryanrbftp commented Jul 6, 2023
edited
Loading

No probs and thank you!

Okay looking good, those Mimecast reports have now been processed and deleted!

We still have the wp.pl issue. Perhaps we can run a workaround for this?

lovedmarc@charlotte:~/httpdocs/dmarcts-report-parser$ perl ~/httpdocs/dmarcts-report-parser/report-parser.pl -i --delete
Open Report Parser: wp.pl: 1688599419.913278356: source_ip is empty. Skipped.
Open Report Parser: wp.pl: 1688599419.913278356: Cannot add records to rptrecord. Rolling back DB transaction.
Open Report Parser: Skipping IMAP message with UID #51454 due to database errors.

... is source_ip really empty? I can't imagine a misconfigured report from someone like wp.pl. I can provide the XML if you would like to work with this.

@userjack6880
Copy link
Owner

userjack6880 commented Jul 7, 2023
edited
Loading

It is, the result is in the debug output.

<feedback>
  <report_metadata>
    <date_range>
      <begin>1688508000</begin>
      <end>1688594400</end>
    </date_range>
    <org_name>wp.pl</org_name>
    <email>[email protected]</email>
    <extra_contact_info>[email protected]</extra_contact_info>
    <report_id>1688599419.913278356</report_id>
  </report_metadata>
  <policy_published>
    <domain>flyawaysimulation.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>reject</p>
    <sp>reject</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip></source_ip>
      <count>0</count>
      <policy_evaluated>
        <disposition></disposition>
        <dkim></dkim>
        <spf></spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from></header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain></domain>
        <result></result>
      </spf>
    </auth_results>
  </record>
</feedback>

In fact, it looks like the entire XML they sent had no usable data. The only thing I would probably add is to delete the email, but this would potentially delete email that is useful elsewhere. Perhaps an option to do that could be added.

EDIT: as we've seen, a company with MIME in the name didn't properly set MIME type for the file they sent, it's not unreasonable for someone like wp.pl to misconfigure a report.

@userjack6880 userjack6880 mentioned this issue Jul 10, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@userjack6880 userjack6880

Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dev userjack6880/Open-Report-Parser
2 participants
@ryanrbftp @userjack6880