Add support for analysing SMTP TLS reports #71
Comments
|
URIports supports MTA-STS and DANE TLS-RPT reports. |
|
I just glanced over the RFC. This looks like it would be easy to add. Not sure when I'll get to it though. |
seanthegeek
changed the title
seanthegeek
changed the title
|
@freddieleeman all point in self-hosted solutions is that they self-hosted. You not share your personal and company info with 3rd parties when you have possibility host own solution. |
|
Hi @seanthegeek I can send you sample data for mta-sts and tlsa reports if it will help you. Do you need them? |
|
@dragoangel That would be great! |
|
@seanthegeek I contact you in PM on twitter |
Do you need more reports? I'm getting some incoming, and no clue how to read them. :-) |
|
I haven't even had the chance to read over what @dragoangel sent me. 😋 I'll keep that in mind though. Thanks. |
TLS Reports are JSON formated mostly to one line. To get there more visibility you need format them to pretty json (using online tools, or text app, e.g: Notepad++ JSTool plugin, etc). |
Thanks. The NP++ plugin made it easier to read. Still, a nicely aggregated statistical view would be nice. |
|
It would be a splendid feature. Is anyone aware of a currently existing self-hosted TLS-RPT analyzer/dashboard? |
|
I've done a quick solution for this writing only to json output; so no analyzing or anything just re-using the automatic imap-mailbox handling. (It's enough for my use case) Maybe some on can use this as a starting point for a real implementation: |
|
+1 for TLS reports feature. |
|
+1 for that feature. |
|
+1, please support it |
|
+1 ! |
|
+1 for MTA-STS support |
|
+1 for MTA-STS |
2 similar comments
|
+1 for MTA-STS |
|
+1 for MTA-STS |
|
Is there something new on this? I've discovered this project today and for my use case is this is the only feature, which I miss. |
|
+1 ! |
|
+1 for MTA-STS support |
|
+1 :) |
|
To those who want TLS Reporting.. Have you set it up, and receiving reports ? I can start out: |
And an additional 20 that lack significance. |
|
I agree that google.com and microsoft.com are majority of emails here. However, adding the following:
|
|
Are you sure? Haven't seen a single report, and we process thousands daily. If they do, they are probably not RFC compliant. |
|
SMTP-TLS reports I receive are from Google. |
It'a amazing so many sends TLS Reports now. Only a few years ago, only 4 was sending reports, where Microsoft was the last coming to the group. : https://www.mailhardener.com/blog/microsoft-has-begun-sending-smtp-tls-reports |
|
In order of magnitude:
I have almost 2000 SMTP TLS reports saved up. |
|
Small business email server:
|
|
I receive TLS reports from:
|
|
TLS-RPT will never take off because nowhere can I find information on how to generate and SEND reports, nobody else I knows, knows either, so its only half baked idea with results if you get mail from google and microsoft, nothing from the 50 million other mail servers out there |
https://datatracker.ietf.org/doc/html/rfc8460 it has own rfc thing, how you can say after that it's half baked? If you like details - read rfc :) . Fact that there no much support (only ~10 big providers), yes, but not 2. It's because there no open source software that support parsing it or sending it. |
I kind of agree with you. TLS-RPT is easy to implement for the domain owner, but to get the full use of it, your mail service provider need to support MTA-STS or DANE as well. Just like BIMI.. sounds good on paper, but all the big players have removed their BIMI records. It is expensive to buy certificate, and when only a few mail clients support it, and required by the MTA servers .. it dies out. Microsoft support MTA-STS (last year) https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-mta-sts-for-exchange-online/ba-p/3106386 Again from : https://www.mailhardener.com/kb/smtp-tls-reporting I only see a change of TLS-RPT use, when more MTA servers support MTA-STS or DANE. And they need to support both.. because both is possible to enforce TLS connections. Else, what is the report good for? Edit: this one is funny (start from bottom).. DANE not ready yet.. after 4 years https://techcommunity.microsoft.com/t5/exchange-team-blog/support-of-dane-and-dnssec-in-office-365-exchange-online/ba-p/1275494 |
|
I've finally started working on this, as you can see in PR #453. Lots of work still needs to be done, so I would appreciate any help! |
|
Most of SMTP-TLS reports we receive are from Google.com and microsoft.com.Some other more from mail.ru. |
- Add support for SMTP TLS reports (PR #453 closes issue #71) - Do not replace content in forensic samples (fix #403) - Pin `msgraph-core` dependency at version `0.2.2` until Microsoft provides better documentation (PR #466 Close [#464](#464)) - Properly handle base64-encoded email attachments (PR #453) - Do not crash when attempting to parse invalid email content (PR #453) - Ignore errors when parsing text-based forensic reports (PR #460) - Add email date to email processing debug logs (PR #462) - Set default batch size to 10 to match the documentation (PR #465) - Properly handle none values (PR #468) - Add Gmail pagination (PR #469) - Use the correct `msgraph` scope (PR #471)
and others
Hi
Have you planed that your tool can analyze the report from mta-sts (TLSRPTv1) too?
Or do you know another software for this?
Thank you for help
The text was updated successfully, but these errors were encountered: