Rebased on top of master @ 2cda5bf (9.9.0), which added the ASN
source attribution work (#712, #713, #714, #715). Individual Copilot
iteration commits squashed into this single commit — the per-commit
history on the feature branch was iterative (add tests, fix lint,
move field, revert, etc.) and not worth preserving; GitHub squash-
merges PRs anyway.
### DMARCbis fields (new)
New fields from the DMARCbis XSD, plumbed through types, parsing, CSV
output, and the Elasticsearch / OpenSearch mappings:
- ``np`` — non-existent subdomain policy (``none`` / ``quarantine`` /
``reject``)
- ``testing`` — testing mode flag (``n`` / ``y``), replaces RFC 7489
``pct``
- ``discovery_method`` — policy discovery method (``psl`` /
``treewalk``)
- ``generator`` — report generator software identifier (metadata)
- ``human_result`` — optional descriptive text on DKIM / SPF results
RFC 7489 reports parse with ``None`` for DMARCbis-only fields.
### Forensic → failure rename
Forensic reports have been renamed to failure reports throughout the
project to reflect the proper naming since RFC 7489.
- Core: ``types.py``, ``__init__.py`` — ``ForensicReport`` →
``FailureReport``, ``parse_forensic_report`` →
``parse_failure_report``, report type ``"failure"``.
- Output modules: ``elastic.py``, ``opensearch.py``, ``splunk.py``,
``kafkaclient.py``, ``syslog.py``, ``gelf.py``, ``webhook.py``,
``loganalytics.py``, ``s3.py``.
- CLI: ``cli.py`` — args, config keys, index names
(``dmarc_failure``).
- Docs + dashboards: all markdown, Grafana JSON, Kibana NDJSON,
Splunk XML.
Backward compatibility preserved: old function / type names remain as
aliases (``parse_forensic_report = parse_failure_report``,
``ForensicReport = FailureReport``, etc.), CLI accepts both the old
(``save_forensic``, ``forensic_topic``) and new (``save_failure``,
``failure_topic``) config keys, and updated dashboards query both
old and new index / sourcetype names so data from before and after
the rename appears together.
### Rebase notes
Merge conflicts resolved in ``parsedmarc/constants.py`` (took bis's
10.0.0 bump), ``parsedmarc/__init__.py`` (combined bis's "failure"
wording with master's IPinfo MMDB mention), ``parsedmarc/elastic.py``
and ``parsedmarc/opensearch.py`` (kept master's ``source_asn`` /
``source_asn_name`` / ``source_asn_domain`` on the failure doc path
while renaming ``forensic_report`` → ``failure_report``), and
``CHANGELOG.md`` (10.0.0 entry now sits above the 9.9.0 entry).
All 324 tests pass; ``ruff check`` / ``ruff format --check`` clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Fix if base_domain is None before get_service_from_reverse_dns_base_domain call
- Added if statement for base_domain before getting get_service_from_reverse_dns_base_domain(). If base_domain is None, get_service_from_reverse_dns_base_domain() will fail the report.
- Added .xml test file
* Create protection.outlook.com!example.com!1711756800!1711843200.xml
added .xml test sample report where base_domain return none
* fix minor bugs during smtp-tls parsing, add docker-compose for local elasticsearch, add smtp-tls tests
* fix wrong log message parameter
* fix wrong log message
* add contact-info to smtp tls report, fix wrong fieldnames
* fix wrong fieldnames
* fix wrong index name for search
* at least for some reporting organizations the field sending-mta-ip is optional...
* add missing fields to elasticsearch for smtp tls
* failure_details is a list, add more test cases
* fix wrong name in ci.ini
* updates `parse_aggregate_report_xml` to not raise an unhandled
exception on parsing errors
* adds an empty xml file to the aggregate test samples
* adds test for coverage
* Resolves#348
Sean Whalen
Sean Whalen
pphillips99
Lennart Friberg
yuji suzuki
Russel Hunter Yukawa
cgoIT
Yuuki Takahashi
Nicholas Hairs
Sean Whalen
Dave Rawks
Sean Whalen
Ebrahim Aharpour
michaeldavie