Releases: domainaware/dmarc-msp
Release list
0.6.12
Changed
- Pinned explicit
image:names for the locally-built Compose services (dmarc-msp,postfix,nginx). Without animage:key, Compose named the main service's imagedmarc-msp-dmarc-msp(the<project>-<service>default); it is now justdmarc-msp. Thepostfixandnginximages keep their existingdmarc-msp-postfix/dmarc-msp-nginxnames. After upgrading, the olddmarc-msp-dmarc-mspimage is left dangling — remove it withdocker image rm dmarc-msp-dmarc-msp(ordocker image prune).
0.6.11
Enhancements
Added support for DMARCbis (RFC 9989 / RFC 9990 / RFC 9991 reports)
Upgrade notes
Action required — re-import the dashboards so existing tenants pick up the corrected visualization:
git pull
docker pull ghcr.io/domainaware/parsedmarc
docker compose down parsedmarc
docker compose up parsedmarc -d
dmarcmsp dashboard import-all --replacePer-client variant: dmarcmsp dashboard import <client> --replace.
0.6.10
Fixed
- "Aggregate DMARC message sources by IP address" table on the DMARC aggregate dashboard: corrected the
reverse_dnss_base_domaincolumn label typo (nowreverse_dns_base_domain), and switched the column to shownonefor source IPs whose reverse DNS has no base domain instead of dropping those rows from the table.
Upgrade notes
Action required — re-import the dashboards so existing tenants pick up the corrected visualization:
git pull
docker compose up dmarc-msp --build -d
dmarcmsp dashboard import-all --replacePer-client variant: dmarcmsp dashboard import <client> --replace.
0.6.9
Fixed
- Refreshed
opensearch/opensearch_dashboards.ndjsonfrom upstream parsedmarc 9.10.3, which corrects an aggregation bug present in the bundled DMARC aggregate dashboard since it shipped in parsedmarc 9.4.0. Pies, tables, and the choropleth on the aggregate dashboard were aggregating withcount(number of source rows) instead ofsum(message_count)(number of emails), so panels titled "Message volume…", "Reporting organizations", "Message sources by …", etc. were under-reporting actual mail volume by one bucket per aggregator-domain-day group. Line-chart timeseries, the SMTP TLS dashboard, and the forensic dashboard were already correct and are unchanged.
Upgrade notes
Action required — re-import the dashboards. Saved objects in existing tenants don't auto-update on container upgrade; the buggy visualizations stay in place until they're overwritten. Run:
git pull
docker compose up dmarc-msp --build -d
dmarcmsp dashboard import-all --replace--replace deletes the template's saved objects in each tenant before re-importing, which sidesteps OSD's version-conflict handling that can silently skip updates on plain overwrite=true imports. Per-client variant: dmarcmsp dashboard import <client> --replace.
0.6.8
Fixed
- Fixed the dashboard panel label for DKIM alignment in the DMARC aggregate reports dashboard. The panel was inheriting the longer underlying visualization title instead of showing the short panel-level label that the SPF alignment / Passed DMARC panels already used.
0.6.7
Fixed
- Completed the SMTP TLS Reporting dashboard header rename started in 0.6.6. Several visualization headers were missed in the prior pass and still didn't match the project convention (lowercase words separated by
_); this release brings the remaining headers in line.
0.6.6
Fixed
refresh_index_pattern_fields(and the auto-refresh that runs at the end of every dashboard import) no longer strips template-defined fields that aren't yet in the live OpenSearch mapping. parsedmarc only writes nested fields likepolicies.failure_details.*to the mapping when an actual TLSRPT report contains failure details, so tenants with no failure data had those fields silently removed from the cached field list — the new "Failure details" SMTP TLS visualization then rendered "Could not locate that index-pattern-field (id: …)" instead of "no data". Refresh now unions the live response with the template's baked-inattributes.fields, with live winning on conflict.
Changed
- Refreshed
opensearch/opensearch_dashboards.ndjsonto match upstream parsedmarc PR #728, which restructures the SMTP TLS reporting dashboard into three sum-onlydata_tablevisualizations (Reporting organizations, Domains, Failure details) mirroring the Splunk layout. The dashboard ID is preserved, three visualization IDs are reused, and two visualizations from the previous layout are dropped. - Split SMTP TLS Reporting domains by
policy_type. - Updated the headers in the SMTP TLS Reporting dashboard visualization to match the rest of the project (lowercase words separated by
_). - Renamed the visualizations based on the dashboard they were used in to disambiguate ones with similar names; used dashboard-level labels in place of in-title disambiguation.
Added
dmarcmsp migrate cleanup-orphan-viz— removes visualizations from prior NDJSON revisions that are no longer referenced by any shipped dashboard. Currently targets the two visualizations dropped by parsedmarc PR #728:SMTP TLS sessions(25f321e0-26d0-11f1-96a6-fb3734bd0b21) andTLSRPT policies(12065020-26d1-11f1-96a6-fb3734bd0b21). Each entry is an(id, title)pair, and a saved object is only deleted when both match — user-created objects that happen to share an ID with a retired visualization are left alone. Also wired intomigrate allas step 4/4.
0.6.5
Added
- Optional
IPINFO_API_TOKENenv var (wired into parsedmarc as
PARSEDMARC_GENERAL_IPINFO_API_TOKEN) to use the IPinfo Lite REST
API for IP lookups instead of the bundled mmdb. Left unset by default;
parsedmarc treats the resulting empty-string value as "no token" and
falls back to the local database, so existing deployments are
unaffected.
Fixed
dmarcmsp migrate refill-enrichmentnow also backfillssource_asn.
The field map only listedsource_as_nameandsource_as_domain, so
docs ingested before the parsedmarc upgrade that started writing
source_asnnever got the ASN value filled in. Symptom: the new
"Message sources by Autonomous System" visualization only showed
recent events — its three bucket aggregations (source_asn,
source_as_name,source_as_domain) all havemissingBucket=false,
so any doc missing even one of the three was excluded. Re-run
dmarcmsp migrate refill-enrichment(ormigrate all) to populate
the field on historical docs.
Changed
dmarcmsp dashboard import/import-all(with or without
--replace) now auto-refresh each tenant's index-pattern field caches
against the live OpenSearch mapping at the end of the import. The
template's baked-inattributes.fieldslist goes stale whenever
parsedmarc adds or renames fields, and OSD never refreshes it on its
own — without this, visualizations referencing new fields
(source_asn, etc.) rendered with "no cached mapping" errors until
the operator chased the import with a separate
migrate refresh-index-fields.
0.6.0
Changed
- Analysts and client users are no longer added to the
kibana_read_onlyrole mapping on creation. The role is a UI-only modifier that hid edit controls and caused UI bugs; these accounts have no write permissions through theanalyst/ client tenant roles regardless. - Stopped writing the redundant
rolesattribute on internal users. The OpenSearch role mappings are the source of truth for access; the attribute was pure bookkeeping and introduced drift risk.disableanddeletenow query live role mappings to determine what to tear down.reset-password(for a disabled user) derives the roles to restore fromrole_typeandclient_tenant.
Removed
- Unused
OpenSearchService.create_role_mappingmethod.add_user_to_role_mappingalready creates mappings on demand. - Unused
backend_rolesparameter oncreate_internal_user. The defensive passthrough inupdate_internal_user_passwordandupdate_internal_user_attributesis retained so admin-set backend roles survive our updates.
Migration note
Existing analyst and client users keep whatever role mappings they were originally added to — including kibana_read_only. This change only affects newly created users. Existing users' stale attributes.roles field is also left in place (harmless — nothing reads it). To remove an existing user from the kibana_read_only mapping, disable and re-enable the account via reset-password; the restored role set is derived from the account type and no longer includes kibana_read_only.
0.5.0
Changed
- Disabled forensic/failure report saving in parsedmarc (
PARSEDMARC_GENERAL_SAVE_FORENSIC=false) to avoid liability from storing email samples. - Failure/forensic dashboard objects (index pattern, visualizations, and dashboard) are no longer imported by default. Controlled by the new
dashboards.import_failure_reportsconfig option (defaultfalse). dmarcmsp dashboard importandimport-allnow delete previously imported failure objects from existing tenants whenimport_failure_reportsisfalse. Rundmarcmsp dashboard import-allafter upgrading to clean up existing clients.- Dashboard imports now explicitly set
defaultIndexto the aggregate index pattern, preventing a 403 error for read-only users on first visit. - Refactored
set_dark_modeto use a shared_set_tenant_settingsmethod.
Added
dashboards.import_failure_reportsconfig option to control whether failure/forensic report dashboards are imported during client onboarding.