You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Microsoft Graph connections are now observable (#814). Previously --debug showed nothing about Graph connection activity: the mailbox layer logs under mailsuite.mailbox.graph, token acquisition under azure.identity, and HTTP traffic under httpx/msgraph — none of which parsedmarc configured, so everything below WARNING was silently dropped, and _main() logged nothing around the connection attempt itself. Now:
A redacted connection summary is logged at INFO before connecting (auth method, tenant ID, client ID, mailbox, Graph URL), with a --debug detail line adding the certificate path, token-file path, and set/not-set flags for secrets. Secret values (passwords, client secrets, certificate passwords, client assertions) are never logged, and a regression test asserts they don't appear in captured output.
A timing line (Microsoft Graph connection initialized in N seconds) is logged after the connection object is created.
parsedmarc's --verbose/--debug level now propagates to the dependency loggers (mailsuite, azure, msgraph, httpx, httpcore), so --debug surfaces azure-identity's token-endpoint activity — including the AADSTS error codes that distinguish a local config problem from an Exchange Online / Entra ID one — and the Graph SDK's HTTP requests. At the default level, dependency loggers sit at WARNING so their warnings keep surfacing (now formatted) without new noise. This also benefits the IMAP backend, which lives in mailsuite too.
Bug fixes
Failure-report timestamps are no longer skewed by the host's UTC offset in the Elasticsearch, OpenSearch, and Splunk HEC outputs (#811, bug 1). arrival_date_utc is a UTC wall-clock string, but the three sinks parsed it into a naive datetime and called .timestamp(), which per the Python docs interprets naive values as local time — so on any non-UTC host, the epoch stored as the ES/OpenSearch arrival_date field, used in the failure-report dedup query, and sent as the Splunk HEC event time was off by the host's UTC offset (1–2 h for most of Europe). human_timestamp_to_datetime() / human_timestamp_to_unix_timestamp() gained an assume_utc keyword that attaches timezone.utc to naive parses, and the arrival_date_utc consumers now use it.
A system GeoIP file no longer silently overrides the bundled IPinfo database (#810). The IP database path resolution searched standard system paths (e.g. /usr/share/GeoIP/GeoLite2-Country.mmdb, plus CWD-relative names) before the database managed by parsedmarc, so on any host with a distro GeoIP package installed — often as a stale dependency of an unrelated package — every lookup used a country-only (and possibly years-old) database instead of the bundled IPinfo Lite database. That silently disabled ASN enrichment (asn, as_name, as_domain were None for every IP) and with it the ASN-fallback path into the reverse-DNS map. The precedence is now: explicit ip_db_path → the database selected by load_ip_db() (downloaded/cached/bundled) → the bundled copy → system paths as a true last resort. The selected database file is logged at debug level. If you deliberately relied on the automatic system-path pickup to use MaxMind GeoLite2, set ip_db_path explicitly — see the "Using MaxMind GeoLite2" section in the installation docs.