Export Prometheus metrics from DMARC reports.
Project description
dmarcs-metrics-exporter
Export metrics derived from DMARC aggregate reports to Prometheus. This exporter regularly polls for new aggregate report emails via IMAP. The following metrics will be collected and exposed at an HTTP endpoint for Prometheus:
dmarc_total: Total number of reported messages.
dmarc_compliant_total: Total number of DMARC compliant messages.
dmarc_quarantine_total: Total number of quarantined messages.
dmarc_reject_total: Total number of rejected messages.
dmarc_spf_aligned_total: Total number of SPF algined messages.
dmarc_spf_pass_total: Total number of messages with raw SPF pass.
dmarc_dkim_aligned_total: Total number of DKIM algined messages.
dmarc_dkim_pass_total: Total number of messages with raw DKIM pass.
Each of these metrics is subdivided by the following labels:
reporter: Domain from which a DMARC aggregate report originated.
from_domain: Domain from which the evaluated email originated.
dkim_domain: Domain the DKIM signature is for.
spf_domain: Domain used for the SPF check.
Installation
This describes the manual setup fo dmarc-metrics-exporter. An Ansible role for automated deployment is provided in roles. Further instructions for Ansible are given in the readme file provided in that directory.
It is best to run dmarc-metrics-exporter under a separate system user account. Create one for example with
adduser --system --group dmarc-metrics
Then you can install dmarc-metrics-exporter with pip from PyPI for that user:
sudo -u dmarc-metrics pip3 install dmarc-metrics-exporter
You will need a location to store the metrics.db that is writable by that user, for example:
mkdir /var/lib/dmarc-metrics-exporter
chown dmarc-metrics:dmarc-metrics /var/lib/dmarc-metrics-exporter
Configuration
To run dmarc-metrics-exporter a configuration file in JSON format is required. The default location is /etc/dmarc-metrics-exporter.json.
Because the configuration file will contain the IMAP password, make sure to ensure proper permissions on it, for example:
chown root:dmarc-metrics /etc/dmarc-metrics-exporter.json
chmod 640 /etc/dmarc-metrics-exporter.json
An example configuration file is provided in this repository in config/dmarc-metrics-exporter.sample.json.
The following configuration options are available:
listen_addr (string, default "127.0.0.1"): Listen address for the HTTP endpoint.
port (number, default 9119): Port to listen on for the HTTP endpoint.
imap (object, required): IMAP configuration to check for aggregate reports.
host (string, default "localhost"): Hostname of IMAP server to connect to.
port (number, default 993): Port of the IMAP server to connect to.
username (string, required): Login username for the IMAP connection.
password: (string, required): Login password for the IMAP connection.
folders (object):
inbox (string, default "INBOX"): IMAP mailbox that is checked for incoming DMARC aggregate reports.
done (string, default "Archive"): IMAP mailbox that successfully processed reports are moved to.
error: (string, default "Invalid"): IMAP mailbox that emails are moved to that could not be processed.
metrics_db (string, default "/var/lib/dmarc-metrics-exporter/metrics.db"): File to persist accumulated metrics information in.
poll_interval_seconds (number, default 60): How often to poll the IMAP server in seconds.
Usage
To run dmarc-metrics-exporter with the default configuration in /etc/dmarc-metrics-exporter.json:
sudo -u dmarc-metrics python3 -m dmarc_metrics_exporter
To use a different configuration file:
sudo -u dmarc-metrics python3 -m dmarc_metrics_exporter --configuration <path>
systemd
Instead of manually starting the dmarc-metrics-exporter, you likely want to have it run as a system service. An example systemd service file is provided in this repository in config/dmarc-metrics-exporter.service. Make sure that the paths and user/group names match your configuration and copy it to /etc/systemd/system to use it. To have systemd pick it up a systemctl daemon-reload might be necessary.
You can than start/stop dmarc-metrics-exorter with:
systemctl start dmarc-metrics-exporter
systemctl stop dmarc-metrics-exporter
To have dmarc-metrics-exporter start on system boot:
systemctl enable dmarc-metrics-exporter
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for dmarc-metrics-exporter-0.2.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 483187e0ffae8cf91172ca1bd63f254c0981fb8f24cc3699b337af3fcbf8efc4 |
|
MD5 | 569cbf0a83fd1451771d9be6a162ff9d |
|
BLAKE2b-256 | 9f676113c4c78b0a7b9c6c6587780b6efac27bdf3729fc70e93c2be24724ba31 |
Hashes for dmarc_metrics_exporter-0.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c3a37efb43da9c36e24182630e5a844bf1f88595aa93d3563f283b2128857fe6 |
|
MD5 | 9e8548fa9cc187e2da17119c2259430f |
|
BLAKE2b-256 | f90c3a567ddce3a0bb1cfac176ec5ca396e14192fb8ba48f1778417b85d6bcee |