Skip to content

devops-ansible/parseDMARC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

238 Commits
.github/workflows
.github/workflows
 
 
docker
docker
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

parseDMARC

This Docker-Image is meant to provide an installed version of parseDMARC.

Variables

env default change recommended description
IMAP_HOST yes IMAP host to connect to
IMAP_USER yes IMAP user to connect with to the IMAP Host
IMAP_PASSWORD yes IMAP password for IMAP user
AGGREGATE "True" no general.save_aggregate: (Python) boolean – save aggregate report data
FORENSIC "True" no general.save_forensic: (Python) boolean – save forensic report data
PARSE_JSON {} yes JSON string, that holds hierarchical config data (general.save_aggregate would override AGGREGATE, if defined as { "general": { "save_aggregate": "False" }} e.g.)
ELC_HOST "http://elasticsearch" no part of elasticsearch.hosts: Host of Elastic Search – change if not using docker-compose.yml below.
ELC_PORT "9200" no part of elasticsearch.hosts: Port of Elastic Search – change if not using docker-compose.yml below.
ELC_SSL "False" no elasticsearch.ssl: SSL status of Elastic Search connection – change if not using docker-compose.yml below.
GEOIP_ACCOUNTID "" yes AccountID value of your MaxMind GeoIP license config
GEOIP_LICENSEKEY "" yes LicenseKey value of your MaxMind GeoIP license config
GEOIP_EDITIONIDS "GeoLite2-ASN GeoLite2-City GeoLite2-Country" yes EditionIDs value of your MaxMind GeoIP license config
GEOIP_INSTALL "/usr/local/bin/geoipupdate" no Installation path for GeoIP
GEOIP_CONF_FILE "/usr/local/etc/GeoIP.conf" no GeoIP Config file path

docker-compose.yml

---

version: '3'

services:

  parsedmarc:
    image: devopsansiblede/parsedmarc
    restart: unless-stopped
    depends_on:
      elasticsearch:
        condition: service_healthy

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch
    environment:
      - cluster.name=parsedmarc
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/elasticsearch/data/:/usr/share/elasticsearch/data/:z
    restart: "unless-stopped"
    healthcheck:
      test: ["CMD", "curl","-s" ,"-f", "http://localhost:9200/_cat/health"]
      interval: 1m
      timeout: 10s
      retries: 3
      start_period: 30s

  kibana:
    image: docker.elastic.co/kibana/kibana
    environment:
      SERVER_NAME: "parsedmarc"
      SERVER_HOST: "0.0.0.0"
      ELASTICSEARCH_HOSTS: "http://elasticsearch:9200"
      XPACK_MONITORING_UI_CONTAINER_ELASTICSEARCH_ENABLED: "true"
    ports:
      - "80:5601"
    restart: unless-stopped
    depends_on:
      elasticsearch:
        condition: service_healthy

...

Configuration

GeoIP

You need to configure the Analysing tool (parsedmarc) container for the usage of GeoIP – and need licensing information for geoipupdate to work.

If you are using a free licence (register here), you can use the environmental variables GEOIP_ACCOUNTID, GEOIP_LICENSEKEY and GEOIP_EDITIONIDS described above.

Alternatively you can bind a config file directly into the container at the path defined by env variable GEOIP_CONF_FILE.

An update of the GeoIP database is performed on Container (re)start.

Kibana

Don't forget to import export.ndjson – follow instructions on official documentation.

last built

2026-02-22 23:38:34

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages