- /* Now we cycle through the dkim signature results and put into
- * the opendmarc context, further building the DMARC reply. */
- sig = dkim_signatures;
- dkim_history_buffer = US"";
- while (sig != NULL)
- {
- int dkim_result, dkim_ares_result, vs, ves;
- vs = sig->verify_status;
- ves = sig->verify_ext_status;
- dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS :
- ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
- ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
- DMARC_POLICY_DKIM_OUTCOME_NONE;
- libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain,
- dkim_result, US"");
- DEBUG(D_receive)
- debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
- if (libdm_status != DMARC_PARSE_OKAY)
- log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s",
- sig->domain, opendmarc_policy_status_to_str(libdm_status));
-
- dkim_ares_result = ( vs == PDKIM_VERIFY_PASS ) ? ARES_RESULT_PASS :
- ( vs == PDKIM_VERIFY_FAIL ) ? ARES_RESULT_FAIL :
- ( vs == PDKIM_VERIFY_NONE ) ? ARES_RESULT_NONE :
- ( vs == PDKIM_VERIFY_INVALID ) ?
- ( ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR :
- ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR :
- ves == PDKIM_VERIFY_INVALID_PUBKEY_PARSING ? ARES_RESULT_PERMERROR :
- ARES_RESULT_UNKNOWN ) :
- ARES_RESULT_UNKNOWN;
- dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer,
- sig->domain, dkim_ares_result);
- sig = sig->next;
- }
- libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US"");
- switch (libdm_status)
- {
- case DMARC_DNS_ERROR_NXDOMAIN:
- case DMARC_DNS_ERROR_NO_RECORD:
- DEBUG(D_receive)
- debug_printf("DMARC no record found for %s\n", header_from_sender);
- has_dmarc_record = FALSE;
- break;
- case DMARC_PARSE_OKAY:
- DEBUG(D_receive)
- debug_printf("DMARC record found for %s\n", header_from_sender);
- break;
- case DMARC_PARSE_ERROR_BAD_VALUE:
- DEBUG(D_receive)
- debug_printf("DMARC record parse error for %s\n", header_from_sender);
- has_dmarc_record = FALSE;
- break;
- default:
- /* everything else, skip dmarc */
- DEBUG(D_receive)
- debug_printf("DMARC skipping (%d), unsure what to do with %s",
- libdm_status, from_header->text);
- has_dmarc_record = FALSE;
- break;
- }
- /* Can't use exim's string manipulation functions so allocate memory
- * for libopendmarc using its max hostname length definition. */
- uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar));
- libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain,
- DMARC_MAXHOSTNAMELEN-1);
- dmarc_used_domain = string_copy(dmarc_domain);
- free(dmarc_domain);
- if (libdm_status != DMARC_PARSE_OKAY)
- {
- log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s",
- opendmarc_policy_status_to_str(libdm_status));
- }
- libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx);
- dmarc_policy = libdm_status;
- switch(libdm_status)
- {
- case DMARC_POLICY_ABSENT: /* No DMARC record found */
- dmarc_status = US"norecord";
- dmarc_pass_fail = US"none";
- dmarc_status_text = US"No DMARC record";
- action = DMARC_RESULT_ACCEPT;
- break;
- case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */
- dmarc_status = US"nofrom";
- dmarc_pass_fail = US"temperror";
- dmarc_status_text = US"No From: domain found";
- action = DMARC_RESULT_ACCEPT;
- break;
- case DMARC_POLICY_NONE: /* Accept and report */
- dmarc_status = US"none";
- dmarc_pass_fail = US"none";
- dmarc_status_text = US"None, Accept";
- action = DMARC_RESULT_ACCEPT;
- break;
- case DMARC_POLICY_PASS: /* Explicit accept */
- dmarc_status = US"accept";
- dmarc_pass_fail = US"pass";
- dmarc_status_text = US"Accept";
- action = DMARC_RESULT_ACCEPT;
- break;
- case DMARC_POLICY_REJECT: /* Explicit reject */
- dmarc_status = US"reject";
- dmarc_pass_fail = US"fail";
- dmarc_status_text = US"Reject";
- action = DMARC_RESULT_REJECT;
- break;
- case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */
- dmarc_status = US"quarantine";
- dmarc_pass_fail = US"fail";
- dmarc_status_text = US"Quarantine";
- action = DMARC_RESULT_QUARANTINE;
- break;
- default:
- dmarc_status = US"temperror";
- dmarc_pass_fail = US"temperror";
- dmarc_status_text = US"Internal Policy Error";
- action = DMARC_RESULT_TEMPFAIL;
- break;
- }