mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-05-05 11:35:25 +00:00
Sean Whalen
85554c2344
The bundled `splunk/smtp_tls_dashboard.xml` is three tables — Reporting
organizations, Domains, Failure details — sharing the same TLS-RPT data.
The OSD dashboard had drifted into five panels (two pies + three tables)
that didn't line up with what the Splunk one shows. Replace them with
three `data_table` viz mirroring the Splunk layout.
Each table uses sum-only metric aggs (no count column) on the per-policy
or per-failure-detail session-count fields. OSD's Visualize agg pipeline
auto-wraps each terms/sum on a `policies.*` or `policies.failure_details.*`
field in the right `nested:{path: …}` agg, so per-policy and per-detail
totals come out correctly without any schema or write-path changes.
Reuse the existing IDs of the three drop-in replacements so re-importing
overwrites in place:
- 4f3b4cb0… (was "TLSRPT reporting organizations") → "Reporting organizations"
- eeb47eb0… (was "TLSRPT policies by domain") → "Domains"
- 5cbcd040… (was "SMTP TLS failures") → "Failure details"
The two pie-chart viz removed by this change have no equivalent in the
new layout. Upgraders will need to delete the orphans manually from OSD's
Saved Objects management page:
- 25f321e0-26d0-11f1-96a6-fb3734bd0b21 ("SMTP TLS sessions")
- 12065020-26d1-11f1-96a6-fb3734bd0b21 ("TLSRPT policies")
Co-authored-by: Sean Whalen <seanthegeek@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
parsedmarc
parsedmarc is a Python module and CLI utility for parsing DMARC
reports. When used with Elasticsearch and Kibana (or Splunk), it works
as a self-hosted open-source alternative to commercial DMARC report
processing services such as Agari Brand Protection, Dmarcian, OnDMARC,
ProofPoint Email Fraud Defense, and Valimail.
Note
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol.
Sponsors
This is a project is maintained by one developer. Please consider sponsoring my work if you or your organization benefit from it.
Features
- Parses draft and 1.0 standard aggregate/rua DMARC reports
- Parses forensic/failure/ruf DMARC reports
- Parses reports from SMTP TLS Reporting
- Can parse reports from an inbox over IMAP, Microsoft Graph, or Gmail API
- Transparently handles gzip or zip compressed reports
- Consistent data structures
- Simple JSON and/or CSV output
- Optionally email the results
- Optionally send the results to Elasticsearch, Opensearch, and/or Splunk, for use with premade dashboards
- Optionally send reports to Apache Kafka
Python Compatibility
This project supports the following Python versions, which are either actively maintained or are the default versions for RHEL or Debian.
| Version | Supported | Reason |
|---|---|---|
| < 3.6 | ❌ | End of Life (EOL) |
| 3.6 | ❌ | Used in RHEL 8, but not supported by project dependencies |
| 3.7 | ❌ | End of Life (EOL) |
| 3.8 | ❌ | End of Life (EOL) |
| 3.9 | ❌ | Used in Debian 11 and RHEL 9, but not supported by project dependencies |
| 3.10 | ✅ | Actively maintained |
| 3.11 | ✅ | Actively maintained; supported until June 2028 (Debian 12) |
| 3.12 | ✅ | Actively maintained; supported until May 2035 (RHEL 10) |
| 3.13 | ✅ | Actively maintained; supported until June 2030 (Debian 13) |
| 3.14 | ✅ | Supported (requires imapclient>=3.1.0) |