- TLSRPT - list.sys4.de

tlsrpt-reportd : Invalid JSON
by Michael Webb 12 Jun '25

12 Jun '25

From the log messages below, tlsrpt-reportd seems to be using the fetcher to correctly identify the test domain after daily rollover, but I can't explain the Invalid JSON. Does tlsrpt-reporter also need a json tool? Did I miss to give permissions or a path somewhere? I am running tlsrpt-collectd and tlsrpt-reportd as systemd units with a /usr/bin/venv deployment on Rocky 9.6. tlsrpt-collectd receives tls data from postfix-tlspol/postfix. Same result with http_script variable uncommented. Thank you Mike Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7104]: 2025-06-12 02:11:12,811 tlsrpt_fetcher INFO tlsrpt 703 : Database /var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday looks OK Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7104]: 2025-06-12 02:11:12,811 tlsrpt_fetcher INFO tlsrpt 712 : TLSRPT fetcher domain list starting for day 2025-06-11 Jun 12 02:11:12 mx03 xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,821 tlsrpt_reportd ERROR tlsrpt 1065 : Invalid JSON: Expecting value: line 1 column 1 (char 0) Jun 12 02:11:12 mx03.xxxxxx .com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd DEBUG tlsrpt 1218 : Create reports Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd WARNING tlsrpt 1224 : Incomplete data for domain yyyyyyy.com by fetcher index 1 Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd DEBUG tlsrpt 1373 : Send out reports Jun 12 02:11:12 mx03.xxxxxx.com tlsrpt-reportd[7099]: 2025-06-12 02:11:12,822 tlsrpt_reportd INFO tlsrpt 1440 : Sleeping for 9 seconds Manually running fetcher script: [root@mx03 ~]# /usr/local/bin/tlsrpt-fetcher_01.sh 2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1481 : CONFIGURATION with 3 settings: 2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option storage is sqlite:///var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite 2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option logfilename is /var/log/tlsrpt-reporter/tlsrpt-fetcher.log 2025-06-12 03:41:53,235 tlsrpt_fetcher INFO tlsrpt 1483 : CONFIG from cfg option log_level is debug 2025-06-12 03:41:53,236 tlsrpt_fetcher DEBUG tlsrpt 376 : Try to open database '/var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday' 2025-06-12 03:41:53,237 tlsrpt_fetcher INFO tlsrpt 703 : Database /var/spool/tlsrpt-reporter/tlsrpt-collectd.sqlite.yesterday looks OK 2025-06-12 03:41:53,237 tlsrpt_fetcher INFO tlsrpt 712 : TLSRPT fetcher domain list starting for day 2025-06-11 TLSRPT FETCHER v1devel-c domain list 2025-06-12 09:41:53 2025-06-11 yyyyyyyy.com . /etc/tlsrpt-reporter/reportd.cfg: ------------------------------------------------ [tlsrpt_reportd] dbname = /var/spool/tlsrpt-reporter/tlsrpt-reportd.sqlite logfilename = /var/log/tlsrpt-reporter/tlsrpt-reportd.log log_level = debug #http_script = curl --silent --header 'Content-Type: application/tlsrpt+gzip' --data-binary @- fetchers = /usr/local/bin/tlsrpt-fetcher_01.sh interval_main_loop = 10 max_retries_domainlist = 2 min_wait_domainlist = 0 max_wait_domainlist = 1 max_retries_domaindetails = 2 min_wait_domaindetails = 0 max_wait_domaindetails = 1 spread_out_delivery = 3 organization_name = xxxxxx.com contact_info = postmaster(a)xxxxxx.com sender_address = no-reply-tls-reports(a)xxxxxx.com

1 0

TLS-RPT Support in postfix 3.10
by Luca vom Bruch 02 Jun '25

02 Jun '25

Hi, Don’t quite understand. If I run postfix above 3.10 with tlsrpt support do I still need: https://github./sys4/tlsrpt-reporter ? I want to have this functionality for MTA-STS resolver https://github.com/Zuplu/postfix-tlspol

1 0

Recording of TLSRPT presentation at FOSDEM25 is online
by Patrick Ben Koetter 04 Feb '25

04 Feb '25

Greetings, the video stream of the presentation I gave on TLSRPT at FOSDEM '25 past weekend is online now: https://video.fosdem.org/2025/k4601/fosdem-2025-5776-tlsrpt-comes-to-open-s… Unfortunately the audio is low volume because unfortunately my microphone had been muted. Wearing a headphone to listen to the audio worked for me though. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein

1 0

subscribe
by Peer Heinlein 03 Feb '25

03 Feb '25

-- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin

1 0

GPL or LGPL ? was Re: Debian packages of libtlsrpt
by Andrew C Aitchison 02 Feb '25

02 Feb '25

Simon Josefsson wrote: > Thanks for writing this package! I've been looking for more TLSRPT > support for my own e-mail server for several years now, and maybe this > can be a solution for me. > I'd like to announce Debian packaging of libtlsrpt: > > https://salsa.debian.org/debian/libtlsrpt/ > > It builds fine and there are even *.dpkg packages produced by the > 'aptly' job if you go into a recent pipeline here: > > https://salsa.debian.org/debian/libtlsrpt/-/pipelines/ > > Since the Debian copyright review process is often slow, I'd like to > upload this as soon as possible so please let me know if you have any > dealbreakers with regards to naming or something similar that is really > hard to change later on. Simon, I note that your package uses the GPL, whereas the latest git version uses the *LGPL*. This is probably new with the split to https://github.com/sys4/libtlsrpt LGPL https://github.com/sys4/tlsrpt-reporter GPL -- Andrew C. Aitchison Kendal, UK andrew(a)aitchison.me.uk

2 4

An api version number please
by Andrew C Aitchison 01 Feb '25

01 Feb '25

Hi, I'm looking at using libtlsrpt with exim https://bugs.exim.org/show_bug.cgi?id=3132 One thing I have come across several times is that packages are created, used in other projects, and then the first package is updated with new features, or (horror) incompatible changes. At this point a version number or similar is added to the package - *but* the older versions don't have a way for the consumer package to test the version being used. It would be great if a header such as tlsrpt.h defined a variable such as TLSRPT_VERSION_NUMBER (or even a set of values and a macro, as in openssl/opensslv.h) *before* many distros package libtlsrpt. Thanks, -- Andrew C. Aitchison Kendal, UK andrew(a)aitchison.me.uk

1 0

Debian packages of libtlsrpt
by Simon Josefsson 29 Jan '25

29 Jan '25

Hi Thanks for writing this package! I've been looking for more TLSRPT support for my own e-mail server for several years now, and maybe this can be a solution for me. I'd like to announce Debian packaging of libtlsrpt: https://salsa.debian.org/debian/libtlsrpt/ It builds fine and there are even *.dpkg packages produced by the 'aptly' job if you go into a recent pipeline here: https://salsa.debian.org/debian/libtlsrpt/-/pipelines/ Since the Debian copyright review process is often slow, I'd like to upload this as soon as possible so please let me know if you have any dealbreakers with regards to naming or something similar that is really hard to change later on. Cheers, /Simon

2 1