Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/golang.org-x-sync-0.x
  • renovate/go-1.x
  • renovate/github.com-prometheus-client_golang-1.x
  • renovate/github.com-jhillyerd-enmime-2.x
  • master default
5 results
Compare
ale's avatar
Merge branch 'renovate/github.com-oschwald-geoip2-golang-1.x' into 'master'
ale authored 
Update module github.com/oschwald/geoip2-golang to v1.9.0

See merge request !28
4e8a066a
History
ale's avatar 4e8a066a
History
Name Last commit Last update
cmd/reports-collector
dmarc/email-samples
.gitlab-ci.yml
Dockerfile
README.md
browser.go
collector.go
collector_test.go
csp.go
dmarc.go
event.go
go.mod
go.sum
ip.go
renovate.json
sink.go
tlsrpt.go
README.md

reports-collector

Proof of concept of an ingestion service for anomaly reports.

Supports receiving reports over HTTPS and SMTP for the following mechanisms:

The reports are logged in structured denormalized form to standard output, the idea being that a log collection pipeline would be in place to get them into Elasticsearch or some other index.

The source IP address is not included in the output, but for user reports we add instead the ASN, to allow for some meaningful non-deanonymizing aggregation of the reports.

The SMTP receiver works by running a very simple SMTP server (on the port specified by --smtp-addr), meant to be downstream to your MTA. This SMTP server does not check the recipient address and just attempts to parse all received email.

Things that are still to do:

  • Implement email ingestion support for TLS-RPT reports
  • More testing with real-world reports

Right now the server offers a single intake endpoint at /ingest/v1, and then looks at the Content-Type of the request to figure out what kind of report it is. It might be just simpler to switch to separate endpoints per report type.