From the log messages below, tlsrpt-reportd seems to be using the fetcher to correctly identify the test domain after daily rollover, but I can't explain the Invalid JSON. Does tlsrpt-reporter also need a json tool? Did I miss to give permissions or a path somewhere?
I am running tlsrpt-collectd and tlsrpt-reportd as systemd units with a /usr/bin/venv deployment on Rocky 9.6. tlsrpt-collectd receives tls data from postfix-tlspol/postfix. Same result with http_script variable uncommented.
Thank you
Mike
Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7104]: 2025-06-12 02:11:12,811 tlsrpt_fetcher INFO tlsrpt 703 : Database /var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday looks OK
Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7104]: 2025-06-12 02:11:12,811 tlsrpt_fetcher INFO tlsrpt 712 : TLSRPT fetcher domain list starting for day 2025-06-11
Jun 12 02:11:12 mx03 xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,821 tlsrpt_reportd ERROR tlsrpt 1065 : Invalid JSON: Expecting value: line 1 column 1 (char 0)
Jun 12 02:11:12 mx03.xxxxxx .com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd DEBUG tlsrpt 1218 : Create reports
Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd WARNING tlsrpt 1224 : Incomplete data for domain yyyyyyy.com by fetcher index 1
Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd DEBUG tlsrpt 1373 : Send out reports
Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd INFO tlsrpt 1440 : Sleeping for 9 seconds
Manually running fetcher script:
[root@mx03 ~]# /usr/local/bin/tlsrpt-fetcher_01.sh
2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1481 : CONFIGURATION with 3 settings:
2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option storage is sqlite:///var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite
2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option logfilename is /var/log/tlsrpt-reporter/tlsrpt-fetcher.log
2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option log_level is debug
2025-06-12 03:41:53,236 tlsrpt_fetcher DEBUG tlsrpt 376 : Try to open database '/var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday'
2025-06-12 03:41:53,237 tlsrpt_fetcher INFO tlsrpt 703 : Database /var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday looks OK
2025-06-12 03:41:53,237 tlsrpt_fetcher INFO tlsrpt 712 : TLSRPT fetcher domain list starting for day 2025-06-11
TLSRPT FETCHER v1devel-c domain list
2025-06-12 09:41:53
2025-06-11
yyyyyyyy.com
.
/etc/tlsrpt-reporter/reportd.cfg:
------------------------------------------------
[tlsrpt_reportd]
dbname = /var/spool/tlsrpt-reporter/tlsrpt-reportd.sqlite
logfilename = /var/log/tlsrpt-reporter/tlsrpt-reportd.log
log_level = debug
#http_script = curl --silent --header 'Content-Type: application/tlsrpt+gzip' --data-binary @-
fetchers = /usr/local/bin/tlsrpt-fetcher_01.sh
interval_main_loop = 10
max_retries_domainlist = 2
min_wait_domainlist = 0
max_wait_domainlist = 1
max_retries_domaindetails = 2
min_wait_domaindetails = 0
max_wait_domaindetails = 1
spread_out_delivery = 3
organization_name = xxxxxx.com
contact_info = postmaster(a)xxxxxx.com
sender_address = no-reply-tls-reports(a)xxxxxx.com
Greetings,
the video stream of the presentation I gave on TLSRPT at FOSDEM '25 past
weekend is online now:
https://video.fosdem.org/2025/k4601/fosdem-2025-5776-tlsrpt-comes-to-open-s…
Unfortunately the audio is low volume because unfortunately my microphone had
been muted. Wearing a headphone to listen to the audio worked for me though.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Simon Josefsson wrote:
> Thanks for writing this package! I've been looking for more TLSRPT
> support for my own e-mail server for several years now, and maybe this
> can be a solution for me.
> I'd like to announce Debian packaging of libtlsrpt:
>
> https://salsa.debian.org/debian/libtlsrpt/
>
> It builds fine and there are even *.dpkg packages produced by the
> 'aptly' job if you go into a recent pipeline here:
>
> https://salsa.debian.org/debian/libtlsrpt/-/pipelines/
>
> Since the Debian copyright review process is often slow, I'd like to
> upload this as soon as possible so please let me know if you have any
> dealbreakers with regards to naming or something similar that is really
> hard to change later on.
Simon, I note that your package uses the GPL,
whereas the latest git version uses the *LGPL*.
This is probably new with the split to
https://github.com/sys4/libtlsrpt LGPL
https://github.com/sys4/tlsrpt-reporter GPL
--
Andrew C. Aitchison Kendal, UK
andrew(a)aitchison.me.uk
Hi,
I'm looking at using libtlsrpt with exim
https://bugs.exim.org/show_bug.cgi?id=3132
One thing I have come across several times is that packages
are created, used in other projects, and then the first
package is updated with new features, or (horror)
incompatible changes. At this point a version number
or similar is added to the package - *but* the
older versions don't have a way for the consumer package
to test the version being used.
It would be great if a header such as tlsrpt.h
defined a variable such as TLSRPT_VERSION_NUMBER
(or even a set of values and a macro, as in openssl/opensslv.h)
*before* many distros package libtlsrpt.
Thanks,
--
Andrew C. Aitchison Kendal, UK
andrew(a)aitchison.me.uk
Hi
Thanks for writing this package! I've been looking for more TLSRPT
support for my own e-mail server for several years now, and maybe this
can be a solution for me.
I'd like to announce Debian packaging of libtlsrpt:
https://salsa.debian.org/debian/libtlsrpt/
It builds fine and there are even *.dpkg packages produced by the
'aptly' job if you go into a recent pipeline here:
https://salsa.debian.org/debian/libtlsrpt/-/pipelines/
Since the Debian copyright review process is often slow, I'd like to
upload this as soon as possible so please let me know if you have any
dealbreakers with regards to naming or something similar that is really
hard to change later on.
Cheers,
/Simon
