Skip to content

Releases: domainaware/dmarc-msp

0.6.12

Choose a tag to compare

@seanthegeek seanthegeek released this 22 May 15:11
c21e9c2

Changed

  • Pinned explicit image: names for the locally-built Compose services (dmarc-msp, postfix, nginx). Without an image: key, Compose named the main service's image dmarc-msp-dmarc-msp (the <project>-<service> default); it is now just dmarc-msp. The postfix and nginx images keep their existing dmarc-msp-postfix / dmarc-msp-nginx names. After upgrading, the old dmarc-msp-dmarc-msp image is left dangling — remove it with docker image rm dmarc-msp-dmarc-msp (or docker image prune).

0.6.11

Choose a tag to compare

@seanthegeek seanthegeek released this 21 May 22:33

Enhancements

Added support for DMARCbis (RFC 9989 / RFC 9990 / RFC 9991 reports)

Upgrade notes

Action required — re-import the dashboards so existing tenants pick up the corrected visualization:

git pull
docker pull ghcr.io/domainaware/parsedmarc
docker compose down parsedmarc
docker compose up parsedmarc -d
dmarcmsp dashboard import-all --replace

Per-client variant: dmarcmsp dashboard import <client> --replace.

0.6.10

Choose a tag to compare

@seanthegeek seanthegeek released this 27 Apr 19:27
38e791d

Fixed

  • "Aggregate DMARC message sources by IP address" table on the DMARC aggregate dashboard: corrected the reverse_dnss_base_domain column label typo (now reverse_dns_base_domain), and switched the column to show none for source IPs whose reverse DNS has no base domain instead of dropping those rows from the table.

Upgrade notes

Action required — re-import the dashboards so existing tenants pick up the corrected visualization:

git pull
docker compose up dmarc-msp --build -d
dmarcmsp dashboard import-all --replace

Per-client variant: dmarcmsp dashboard import <client> --replace.

0.6.9

Choose a tag to compare

@seanthegeek seanthegeek released this 27 Apr 04:56

Fixed

  • Refreshed opensearch/opensearch_dashboards.ndjson from upstream parsedmarc 9.10.3, which corrects an aggregation bug present in the bundled DMARC aggregate dashboard since it shipped in parsedmarc 9.4.0. Pies, tables, and the choropleth on the aggregate dashboard were aggregating with count (number of source rows) instead of sum(message_count) (number of emails), so panels titled "Message volume…", "Reporting organizations", "Message sources by …", etc. were under-reporting actual mail volume by one bucket per aggregator-domain-day group. Line-chart timeseries, the SMTP TLS dashboard, and the forensic dashboard were already correct and are unchanged.

Upgrade notes

Action required — re-import the dashboards. Saved objects in existing tenants don't auto-update on container upgrade; the buggy visualizations stay in place until they're overwritten. Run:

git pull
docker compose up dmarc-msp --build -d
dmarcmsp dashboard import-all --replace

--replace deletes the template's saved objects in each tenant before re-importing, which sidesteps OSD's version-conflict handling that can silently skip updates on plain overwrite=true imports. Per-client variant: dmarcmsp dashboard import <client> --replace.

0.6.8

Choose a tag to compare

@seanthegeek seanthegeek released this 26 Apr 04:49
fce1bcd

Fixed

  • Fixed the dashboard panel label for DKIM alignment in the DMARC aggregate reports dashboard. The panel was inheriting the longer underlying visualization title instead of showing the short panel-level label that the SPF alignment / Passed DMARC panels already used.

0.6.7

Choose a tag to compare

@seanthegeek seanthegeek released this 25 Apr 23:20
98341d2

Fixed

  • Completed the SMTP TLS Reporting dashboard header rename started in 0.6.6. Several visualization headers were missed in the prior pass and still didn't match the project convention (lowercase words separated by _); this release brings the remaining headers in line.

0.6.6

Choose a tag to compare

@seanthegeek seanthegeek released this 25 Apr 22:50
bf9c6a6

Fixed

  • refresh_index_pattern_fields (and the auto-refresh that runs at the end of every dashboard import) no longer strips template-defined fields that aren't yet in the live OpenSearch mapping. parsedmarc only writes nested fields like policies.failure_details.* to the mapping when an actual TLSRPT report contains failure details, so tenants with no failure data had those fields silently removed from the cached field list — the new "Failure details" SMTP TLS visualization then rendered "Could not locate that index-pattern-field (id: …)" instead of "no data". Refresh now unions the live response with the template's baked-in attributes.fields, with live winning on conflict.

Changed

  • Refreshed opensearch/opensearch_dashboards.ndjson to match upstream parsedmarc PR #728, which restructures the SMTP TLS reporting dashboard into three sum-only data_table visualizations (Reporting organizations, Domains, Failure details) mirroring the Splunk layout. The dashboard ID is preserved, three visualization IDs are reused, and two visualizations from the previous layout are dropped.
  • Split SMTP TLS Reporting domains by policy_type.
  • Updated the headers in the SMTP TLS Reporting dashboard visualization to match the rest of the project (lowercase words separated by _).
  • Renamed the visualizations based on the dashboard they were used in to disambiguate ones with similar names; used dashboard-level labels in place of in-title disambiguation.

Added

  • dmarcmsp migrate cleanup-orphan-viz — removes visualizations from prior NDJSON revisions that are no longer referenced by any shipped dashboard. Currently targets the two visualizations dropped by parsedmarc PR #728: SMTP TLS sessions (25f321e0-26d0-11f1-96a6-fb3734bd0b21) and TLSRPT policies (12065020-26d1-11f1-96a6-fb3734bd0b21). Each entry is an (id, title) pair, and a saved object is only deleted when both match — user-created objects that happen to share an ID with a retired visualization are left alone. Also wired into migrate all as step 4/4.

0.6.5

Choose a tag to compare

@seanthegeek seanthegeek released this 24 Apr 01:27
ad3d710

Added

  • Optional IPINFO_API_TOKEN env var (wired into parsedmarc as
    PARSEDMARC_GENERAL_IPINFO_API_TOKEN) to use the IPinfo Lite REST
    API for IP lookups instead of the bundled mmdb. Left unset by default;
    parsedmarc treats the resulting empty-string value as "no token" and
    falls back to the local database, so existing deployments are
    unaffected.

Fixed

  • dmarcmsp migrate refill-enrichment now also backfills source_asn.
    The field map only listed source_as_name and source_as_domain, so
    docs ingested before the parsedmarc upgrade that started writing
    source_asn never got the ASN value filled in. Symptom: the new
    "Message sources by Autonomous System" visualization only showed
    recent events — its three bucket aggregations (source_asn,
    source_as_name, source_as_domain) all have missingBucket=false,
    so any doc missing even one of the three was excluded. Re-run
    dmarcmsp migrate refill-enrichment (or migrate all) to populate
    the field on historical docs.

Changed

  • dmarcmsp dashboard import / import-all (with or without
    --replace) now auto-refresh each tenant's index-pattern field caches
    against the live OpenSearch mapping at the end of the import. The
    template's baked-in attributes.fields list goes stale whenever
    parsedmarc adds or renames fields, and OSD never refreshes it on its
    own — without this, visualizations referencing new fields
    (source_asn, etc.) rendered with "no cached mapping" errors until
    the operator chased the import with a separate
    migrate refresh-index-fields.

0.6.0

Choose a tag to compare

@seanthegeek seanthegeek released this 17 Apr 21:36

Changed

  • Analysts and client users are no longer added to the kibana_read_only role mapping on creation. The role is a UI-only modifier that hid edit controls and caused UI bugs; these accounts have no write permissions through the analyst / client tenant roles regardless.
  • Stopped writing the redundant roles attribute on internal users. The OpenSearch role mappings are the source of truth for access; the attribute was pure bookkeeping and introduced drift risk. disable and delete now query live role mappings to determine what to tear down. reset-password (for a disabled user) derives the roles to restore from role_type and client_tenant.

Removed

  • Unused OpenSearchService.create_role_mapping method. add_user_to_role_mapping already creates mappings on demand.
  • Unused backend_roles parameter on create_internal_user. The defensive passthrough in update_internal_user_password and update_internal_user_attributes is retained so admin-set backend roles survive our updates.

Migration note

Existing analyst and client users keep whatever role mappings they were originally added to — including kibana_read_only. This change only affects newly created users. Existing users' stale attributes.roles field is also left in place (harmless — nothing reads it). To remove an existing user from the kibana_read_only mapping, disable and re-enable the account via reset-password; the restored role set is derived from the account type and no longer includes kibana_read_only.

0.5.0

Choose a tag to compare

@seanthegeek seanthegeek released this 15 Apr 16:09

Changed

  • Disabled forensic/failure report saving in parsedmarc (PARSEDMARC_GENERAL_SAVE_FORENSIC=false) to avoid liability from storing email samples.
  • Failure/forensic dashboard objects (index pattern, visualizations, and dashboard) are no longer imported by default. Controlled by the new dashboards.import_failure_reports config option (default false).
  • dmarcmsp dashboard import and import-all now delete previously imported failure objects from existing tenants when import_failure_reports is false. Run dmarcmsp dashboard import-all after upgrading to clean up existing clients.
  • Dashboard imports now explicitly set defaultIndex to the aggregate index pattern, preventing a 403 error for read-only users on first visit.
  • Refactored set_dark_mode to use a shared _set_tenant_settings method.

Added

  • dashboards.import_failure_reports config option to control whether failure/forensic report dashboards are imported during client onboarding.