Getting Data In

Splunk for Exchange SMTP Reputation script errors

cgisplunk
Path Finder

I hope everyone is doing well and busy.
I just installed Splunk for Exchange 2010 the other day. So far no issues but one - the SMTP reputation check is always N/A and running the check_my_reputation script manually fails like this:

root@...# ./bin/check_my_reputation.py
./bin/check_my_reputation.py: line 11:

Splunk for Microsoft Exchange

Email Reputation Check Data Definition

Copyright (C) 2011 Splunk, Inc.

All Rights Reserved

: command not found
./bin/check_my_reputation.py: line 22:
This data input is designed to check your reputation on-line.
It does two things.

1) It outputs a file in appserver/static/reputation.html which
contains a piece of HTML you can include in a dashboard

2) It outputs to stdout the reputation of each and every IP
address in the reputation.conf file
: No such file or directory
./bin/check_my_reputation.py: line 23: import: command not found
./bin/check_my_reputation.py: line 24: import: command not found
./bin/check_my_reputation.py: line 25: import: command not found
./bin/check_my_reputation.py: line 26: from: command not found
./bin/check_my_reputation.py: line 30:
List of DNSBL Servers to check
: command not found
./bin/check_my_reputation.py: line 31: dnsbl_list: command not found
./bin/check_my_reputation.py: line 32: 0spam.fusionzero.com,: command not found
./bin/check_my_reputation.py: line 33: access.redhawk.org,: command not found
./bin/check_my_reputation.py: line 34: all.spamrats.com,: command not found
./bin/check_my_reputation.py: line 35: b.barracudacentral.org,: command not found
./bin/check_my_reputation.py: line 36: blackholes.five-ten-sg.com,: command not found
./bin/check_my_reputation.py: line 37: bl.blocklist.de,: command not found
./bin/check_my_reputation.py: line 38: bl.emailbasura.org,: command not found
./bin/check_my_reputation.py: line 39: bl.mailspike.org,: command not found
./bin/check_my_reputation.py: line 40: bl.score.senderscore.com,: command not found
./bin/check_my_reputation.py: line 41: bl.spamcannibal.org,: command not found
./bin/check_my_reputation.py: line 42: bl.spamcop.net,: command not found
./bin/check_my_reputation.py: line 43: bl.spameatingmonkey.net,: command not found
./bin/check_my_reputation.py: line 44: bogons.cymru.com,: command not found
./bin/check_my_reputation.py: line 45: cbl.abuseat.org,: command not found
./bin/check_my_reputation.py: line 46: cblplus.anti-spam.org.cn,: command not found
./bin/check_my_reputation.py: line 47: combined.njabl.org,: command not found
./bin/check_my_reputation.py: line 48: db.wpbl.info,: command not found
./bin/check_my_reputation.py: line 49: dnsbl-1.uceprotect.net,: command not found
./bin/check_my_reputation.py: line 50: dnsbl-2.uceprotect.net,: command not found
./bin/check_my_reputation.py: line 51: dnsbl-3.uceprotect.net,: command not found
./bin/check_my_reputation.py: line 52: dnsbl.ahbl.org,: command not found
./bin/check_my_reputation.py: line 53: dnsbl.dronebl.org,: command not found
./bin/check_my_reputation.py: line 54: dnsbl.inps.de,: command not found
./bin/check_my_reputation.py: line 55: dnsbl.justspam.org,: command not found
./bin/check_my_reputation.py: line 56: dnsbl.kempt.net,: command not found
./bin/check_my_reputation.py: line 57: dnsbl.solid.net,: command not found
./bin/check_my_reputation.py: line 58: dnsbl.sorbs.net,: command not found
./bin/check_my_reputation.py: line 59: dnsbl.tornevall.org,: command not found
./bin/check_my_reputation.py: line 60: dnsbl.webequipped.com,: command not found
./bin/check_my_reputation.py: line 61: dnsrbl.swinog.ch,: command not found
./bin/check_my_reputation.py: line 62: fnrbl.fast.net,: command not found
./bin/check_my_reputation.py: line 63: ip.v4bl.org,: command not found
./bin/check_my_reputation.py: line 64: ips.backscatterer.org,: command not found
./bin/check_my_reputation.py: line 65: ix.dnsbl.manitu.net,: command not found
./bin/check_my_reputation.py: line 66: korea.services.net,: command not found
./bin/check_my_reputation.py: line 67: l2.apews.org,: command not found
./bin/check_my_reputation.py: line 68: list.blogspambl.com,: command not found
./bin/check_my_reputation.py: line 69: list.quorum.to,: command not found
./bin/check_my_reputation.py: line 70: mail-abuse.blacklist.jippg.org,: command not found
./bin/check_my_reputation.py: line 71: psbl.surriel.com,: command not found
./bin/check_my_reputation.py: line 72: rbl.choon.net,: command not found
./bin/check_my_reputation.py: line 73: rbl.dns-servicios.com,: command not found
./bin/check_my_reputation.py: line 74: rbl.efnetrbl.org,: command not found
./bin/check_my_reputation.py: line 75: rbl.orbitrbl.com,: command not found
./bin/check_my_reputation.py: line 76: rbl.polarcomm.net,: command not found
./bin/check_my_reputation.py: line 77: singlebl.spamgrouper.com,: command not found
./bin/check_my_reputation.py: line 78: spam.abuse.ch,: command not found
./bin/check_my_reputation.py: line 79: spam.dnsbl.sorbs.net,: command not found
./bin/check_my_reputation.py: line 80: spam.pedantic.org,: command not found
./bin/check_my_reputation.py: line 81: spamguard.leadmon.net,: command not found
./bin/check_my_reputation.py: line 82: spamrbl.imp.ch,: command not found
./bin/check_my_reputation.py: line 83: spamsources.fabel.dk,: command not found
./bin/check_my_reputation.py: line 84: spamtrap.trblspam.com,: command not found
./bin/check_my_reputation.py: line 85: st.technovision.dk,: command not found
./bin/check_my_reputation.py: line 86: tor.dan.me.uk,: command not found
./bin/check_my_reputation.py: line 87: tor.dnsbl.sectoor.de,: command not found
./bin/check_my_reputation.py: line 88: truncate.gbudb.net,: command not found
./bin/check_my_reputation.py: line 89: ubl.unsubscore.com,: command not found
./bin/check_my_reputation.py: line 90: virbl.dnsbl.bit.nl: command not found
./bin/check_my_reputation.py: line 95:
Read a configuration file from our area
: command not found
./bin/check_my_reputation.py: line 96: syntax error near unexpected token ('
./bin/check_my_reputation.py: line 96:
def readConf(confName):'
<<<

Yes, I have my IPs lined up in the reputation.conf, and I tried both in the /default and /local directories, but the script does not even reach that point.
Anyone has seen this?
Thank you,
S.

Tags (1)
0 Karma

ahall_splunk
Splunk Employee
Splunk Employee

Another thing to check - you need to run the script via Splunk. So:

root# splunk cmd python bin/check_my_reputation.py

Try that!

0 Karma

dbyler_amg
New Member

Found my problem... I renamed the app directory to fit our particular deployment, and the script at bin/check_my_reputation.py calls the app directory by name in this section:

def readConf(confName):
app_dir = os.path.join(os.environ["SPLUNK_HOME"], 'etc', 'apps')
app_path = os.path.join(app_dir, 'TA-SMTP-Reputation')

I had to rename the app_dir to match our directory name. After that the script ran ok.

0 Karma

dbyler_amg
New Member

I get the same output. I copied default/reputation.conf to local/reputation.conf and added a semicolon-delimited list of IP addresses after iplist=

0 Karma

ahall_splunk
Splunk Employee
Splunk Employee

This tells me the file it found in local/reputation.conf if not valid.

0 Karma

cgisplunk
Path Finder

Getting this output:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_for_Exchange/appserver/addons/TA-SMTP-Reputation/bin/check_my_reputation.py", line 168, in
main()
File "/opt/splunk/etc/apps/Splunk_for_Exchange/appserver/addons/TA-SMTP-Reputation/bin/check_my_reputation.py", line 125, in main
opt_iplist = confInfo.get("mailservers", "iplist").strip()
File "/opt/splunk/lib/python2.7/ConfigParser.py", line 599, in get
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'mailservers'

0 Karma

jbreu
Explorer

We were having a similar issue where we couldn't get the Reputation update. We found that because we had installed Splunk on a Windows server rather than on a Unix server, we needed to add a stanza to the 'input.conf' file to have the app use the Windows path for the script.

Not sure it is the reason your Reputation isn't updating, but it solved our issue...

Exchange-Reputation-Setup

0 Karma

cgisplunk
Path Finder

Our Splunk is fully on Linux. Paths are default.

0 Karma

ahall_splunk
Splunk Employee
Splunk Employee

Sorry - travel 🙂

There are a couple of reasons this could happen. The primary one is that you are running this on a Universal Forwarder. The TA-SMTP-Reputation needs to run on a full installation of Splunk. The second one is that there is something wrong with the reputation.conf. Finally, the script itself could be corrupt and needing to be replaced with a clean copy.

0 Karma

cgisplunk
Path Finder

Replaced the script from the newly downloaded Splunk for Exchange suite. Same error, the script cannot run (output above in the original question). Will google around.
Thanks,
S.

0 Karma

cgisplunk
Path Finder

Adrian,
The TA is on the full Splunk, so this is out.
The conf file is like this:
[mailservers]
iplist = x.x.x.x;x.x.x.x;x.x.x.x
I'll replace the script then.
Thank you.
Slava

0 Karma

cgisplunk
Path Finder

Looks like Splunk ninjas are really too busy or no one knows the answer? C'mon guys...

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...