1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4 /* Experimental DMARC support.
5 Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013
8 /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
9 All rights reserved, licensed for use per LICENSE.opendmarc. */
11 /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */
14 #ifdef EXPERIMENTAL_DMARC
15 #if !defined EXPERIMENTAL_SPF
16 #error SPF must also be enabled for DMARC
17 #elif defined DISABLE_DKIM
18 #error DKIM must also be enabled for DMARC
21 #include "functions.h"
23 #include "pdkim/pdkim.h"
25 OPENDMARC_LIB_T dmarc_ctx;
26 DMARC_POLICY_T *dmarc_pctx = NULL;
27 OPENDMARC_STATUS_T libdm_status, action, dmarc_policy;
28 OPENDMARC_STATUS_T da, sa, action;
29 BOOL dmarc_abort = FALSE;
30 uschar *dmarc_pass_fail = US"skipped";
31 extern pdkim_signature *dkim_signatures;
32 header_line *from_header = NULL;
33 extern SPF_response_t *spf_response;
34 int dmarc_spf_ares_result = 0;
35 uschar *spf_sender_domain = NULL;
36 uschar *spf_human_readable = NULL;
37 u_char *header_from_sender = NULL;
38 int history_file_status = DMARC_HIST_OK;
39 uschar *dkim_history_buffer= NULL;
41 /* Accept an error_block struct, initialize if empty, parse to the
42 * end, and append the two strings passed to it. Used for adding
43 * variable amounts of value:pair data to the forensic emails. */
46 add_to_eblock(error_block *eblock, uschar *t1, uschar *t2)
48 error_block *eb = malloc(sizeof(error_block));
53 /* Find the end of the eblock struct and point it at eb */
54 error_block *tmp = eblock;
55 while(tmp->next != NULL)
65 /* dmarc_init sets up a context that can be re-used for several
66 messages on the same SMTP connection (that come from the
67 same host with the same HELO string) */
71 int *netmask = NULL; /* Ignored */
73 char *tld_file = (dmarc_tld_file == NULL) ?
74 "/etc/exim/opendmarc.tlds" :
75 (char *)dmarc_tld_file;
77 /* Set some sane defaults. Also clears previous results when
78 * multiple messages in one connection. */
80 dmarc_status = US"none";
82 dmarc_pass_fail = US"skipped";
83 dmarc_used_domain = US"";
84 header_from_sender = NULL;
85 spf_sender_domain = NULL;
86 spf_human_readable = NULL;
88 /* ACLs have "control=dmarc_disable_verify" */
89 if (dmarc_disable_verify == TRUE)
92 (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx);
93 dmarc_ctx.nscount = 0;
94 libdm_status = opendmarc_policy_library_init(&dmarc_ctx);
95 if (libdm_status != DMARC_PARSE_OKAY)
97 log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s",
98 opendmarc_policy_status_to_str(libdm_status));
101 if (dmarc_tld_file == NULL)
103 else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL))
105 log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d",
109 if (sender_host_address == NULL)
111 /* This catches locally originated email and startup errors above. */
112 if ( dmarc_abort == FALSE )
114 is_ipv6 = string_is_ip_address(sender_host_address, netmask);
115 is_ipv6 = (is_ipv6 == 6) ? TRUE :
116 (is_ipv6 == 4) ? FALSE : FALSE;
117 dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6);
118 if (dmarc_pctx == NULL )
120 log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s",
121 sender_host_address);
130 /* dmarc_store_data stores the header data so that subsequent
131 * dmarc_process can access the data */
133 int dmarc_store_data(header_line *hdr) {
134 /* No debug output because would change every test debug output */
135 if (dmarc_disable_verify != TRUE)
141 /* dmarc_process adds the envelope sender address to the existing
142 context (if any), retrieves the result, sets up expansion
143 strings and evaluates the condition outcome. */
145 int dmarc_process() {
146 int sr, origin; /* used in SPF section */
147 int dmarc_spf_result = 0; /* stores spf into dmarc conn ctx */
148 pdkim_signature *sig = NULL;
149 BOOL has_dmarc_record = TRUE;
150 u_char **ruf; /* forensic report addressees, if called for */
152 /* ACLs have "control=dmarc_disable_verify" */
153 if (dmarc_disable_verify == TRUE)
155 dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
159 /* Store the header From: sender domain for this part of DMARC.
160 * If there is no from_header struct, then it's likely this message
161 * is locally generated and relying on fixups to add it. Just skip
162 * the entire DMARC system if we can't find a From: header....or if
163 * there was a previous error.
165 if (from_header == NULL || dmarc_abort == TRUE)
169 /* I strongly encourage anybody who can make this better to contact me directly!
170 * <cannonball> Is this an insane way to extract the email address from the From: header?
171 * <jgh_hm> it's sure a horrid layer-crossing....
172 * <cannonball> I'm not denying that :-/
173 * <jgh_hm> there may well be no better though
175 header_from_sender = expand_string(
176 string_sprintf("${domain:${extract{1}{:}{${addresses:%s}}}}",
177 from_header->text) );
178 /* The opendmarc library extracts the domain from the email address, but
179 * only try to store it if it's not empty. Otherwise, skip out of DMARC. */
180 if (strcmp( CCS header_from_sender, "") == 0)
182 libdm_status = (dmarc_abort == TRUE) ?
184 opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender);
185 if (libdm_status != DMARC_PARSE_OKAY)
187 log_write(0, LOG_MAIN|LOG_PANIC, "failure to store header From: in DMARC: %s, header was '%s'",
188 opendmarc_policy_status_to_str(libdm_status), from_header->text);
193 /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should
194 * instead do this in the ACLs. */
195 if (dmarc_abort == FALSE && sender_host_authenticated == NULL)
197 /* Use the envelope sender domain for this part of DMARC */
198 spf_sender_domain = expand_string(US"$sender_address_domain");
199 if ( spf_response == NULL )
201 /* No spf data means null envelope sender so generate a domain name
202 * from the sender_helo_name */
203 if (spf_sender_domain == NULL)
205 spf_sender_domain = sender_helo_name;
206 log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n",
209 debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain);
211 dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE;
212 dmarc_spf_ares_result = ARES_RESULT_UNKNOWN;
213 origin = DMARC_POLICY_SPF_ORIGIN_HELO;
214 spf_human_readable = US"";
218 sr = spf_response->result;
219 dmarc_spf_result = (sr == SPF_RESULT_NEUTRAL) ? DMARC_POLICY_SPF_OUTCOME_NONE :
220 (sr == SPF_RESULT_PASS) ? DMARC_POLICY_SPF_OUTCOME_PASS :
221 (sr == SPF_RESULT_FAIL) ? DMARC_POLICY_SPF_OUTCOME_FAIL :
222 (sr == SPF_RESULT_SOFTFAIL) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL :
223 DMARC_POLICY_SPF_OUTCOME_NONE;
224 dmarc_spf_ares_result = (sr == SPF_RESULT_NEUTRAL) ? ARES_RESULT_NEUTRAL :
225 (sr == SPF_RESULT_PASS) ? ARES_RESULT_PASS :
226 (sr == SPF_RESULT_FAIL) ? ARES_RESULT_FAIL :
227 (sr == SPF_RESULT_SOFTFAIL) ? ARES_RESULT_SOFTFAIL :
228 (sr == SPF_RESULT_NONE) ? ARES_RESULT_NONE :
229 (sr == SPF_RESULT_TEMPERROR) ? ARES_RESULT_TEMPERROR :
230 (sr == SPF_RESULT_PERMERROR) ? ARES_RESULT_PERMERROR :
232 origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM;
233 spf_human_readable = (uschar *)spf_response->header_comment;
235 debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain);
237 if (strcmp( CCS spf_sender_domain, "") == 0)
239 if (dmarc_abort == FALSE)
241 libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain,
242 dmarc_spf_result, origin, spf_human_readable);
243 if (libdm_status != DMARC_PARSE_OKAY)
244 log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s",
245 opendmarc_policy_status_to_str(libdm_status));
248 /* Now we cycle through the dkim signature results and put into
249 * the opendmarc context, further building the DMARC reply. */
250 sig = dkim_signatures;
251 dkim_history_buffer = US"";
254 int dkim_result, dkim_ares_result, vs, ves;
255 vs = sig->verify_status;
256 ves = sig->verify_ext_status;
257 dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS :
258 ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
259 ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
260 DMARC_POLICY_DKIM_OUTCOME_NONE;
261 libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain,
264 debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
265 if (libdm_status != DMARC_PARSE_OKAY)
266 log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s",
267 sig->domain, opendmarc_policy_status_to_str(libdm_status));
269 dkim_ares_result = ( vs == PDKIM_VERIFY_PASS ) ? ARES_RESULT_PASS :
270 ( vs == PDKIM_VERIFY_FAIL ) ? ARES_RESULT_FAIL :
271 ( vs == PDKIM_VERIFY_NONE ) ? ARES_RESULT_NONE :
272 ( vs == PDKIM_VERIFY_INVALID ) ?
273 ( ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR :
274 ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR :
275 ves == PDKIM_VERIFY_INVALID_PUBKEY_PARSING ? ARES_RESULT_PERMERROR :
276 ARES_RESULT_UNKNOWN ) :
278 dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer,
279 sig->domain, dkim_ares_result);
282 libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US"");
283 switch (libdm_status)
285 case DMARC_DNS_ERROR_NXDOMAIN:
286 case DMARC_DNS_ERROR_NO_RECORD:
288 debug_printf("DMARC no record found for %s\n", header_from_sender);
289 has_dmarc_record = FALSE;
291 case DMARC_PARSE_OKAY:
293 debug_printf("DMARC record found for %s\n", header_from_sender);
295 case DMARC_PARSE_ERROR_BAD_VALUE:
297 debug_printf("DMARC record parse error for %s\n", header_from_sender);
298 has_dmarc_record = FALSE;
301 /* everything else, skip dmarc */
303 debug_printf("DMARC skipping (%d), unsure what to do with %s",
304 libdm_status, from_header->text);
305 has_dmarc_record = FALSE;
308 /* Can't use exim's string manipulation functions so allocate memory
309 * for libopendmarc using its max hostname length definition. */
310 uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar));
311 libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain,
312 DMARC_MAXHOSTNAMELEN-1);
313 dmarc_used_domain = string_copy(dmarc_domain);
315 if (libdm_status != DMARC_PARSE_OKAY)
317 log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s",
318 opendmarc_policy_status_to_str(libdm_status));
320 libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx);
321 dmarc_policy = libdm_status;
324 case DMARC_POLICY_ABSENT: /* No DMARC record found */
325 dmarc_status = US"norecord";
326 dmarc_pass_fail = US"temperror";
327 dmarc_status_text = US"No DMARC record";
328 action = DMARC_RESULT_ACCEPT;
330 case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */
331 dmarc_status = US"nofrom";
332 dmarc_pass_fail = US"temperror";
333 dmarc_status_text = US"No From: domain found";
334 action = DMARC_RESULT_ACCEPT;
336 case DMARC_POLICY_NONE: /* Accept and report */
337 dmarc_status = US"none";
338 dmarc_pass_fail = US"none";
339 dmarc_status_text = US"None, Accept";
340 action = DMARC_RESULT_ACCEPT;
342 case DMARC_POLICY_PASS: /* Explicit accept */
343 dmarc_status = US"accept";
344 dmarc_pass_fail = US"pass";
345 dmarc_status_text = US"Accept";
346 action = DMARC_RESULT_ACCEPT;
348 case DMARC_POLICY_REJECT: /* Explicit reject */
349 dmarc_status = US"reject";
350 dmarc_pass_fail = US"fail";
351 dmarc_status_text = US"Reject";
352 action = DMARC_RESULT_REJECT;
354 case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */
355 dmarc_status = US"quarantine";
356 dmarc_pass_fail = US"fail";
357 dmarc_status_text = US"Quarantine";
358 action = DMARC_RESULT_QUARANTINE;
361 dmarc_status = US"temperror";
362 dmarc_pass_fail = US"temperror";
363 dmarc_status_text = US"Internal Policy Error";
364 action = DMARC_RESULT_TEMPFAIL;
368 libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa);
369 if (libdm_status != DMARC_PARSE_OKAY)
371 log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
372 opendmarc_policy_status_to_str(libdm_status));
375 if (has_dmarc_record == TRUE)
377 log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
378 "spf_align=%s dkim_align=%s enforcement='%s'",
379 spf_sender_domain, dmarc_used_domain,
380 (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no",
381 (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no",
383 history_file_status = dmarc_write_history_file();
384 /* Now get the forensic reporting addresses, if any */
385 ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1);
386 dmarc_send_forensic_report(ruf);
390 /* set some global variables here */
391 dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
393 /* shut down libopendmarc */
394 if ( dmarc_pctx != NULL )
395 (void) opendmarc_policy_connect_shutdown(dmarc_pctx);
396 if ( dmarc_disable_verify == FALSE )
397 (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
402 int dmarc_write_history_file()
407 u_char **rua; /* aggregate report addressees */
408 uschar *history_buffer = NULL;
410 if (dmarc_history_file == NULL)
411 return DMARC_HIST_DISABLED;
412 history_file_fd = log_create(dmarc_history_file);
414 if (history_file_fd < 0)
416 log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s",
418 return DMARC_HIST_FILE_ERR;
421 /* Generate the contents of the history file */
422 history_buffer = string_sprintf("job %s\n", message_id);
423 history_buffer = string_sprintf("%sreporter %s\n", history_buffer, primary_hostname);
424 history_buffer = string_sprintf("%sreceived %ld\n", history_buffer, time(NULL));
425 history_buffer = string_sprintf("%sipaddr %s\n", history_buffer, sender_host_address);
426 history_buffer = string_sprintf("%sfrom %s\n", history_buffer, header_from_sender);
427 history_buffer = string_sprintf("%smfrom %s\n", history_buffer,
428 expand_string(US"$sender_address_domain"));
430 if (spf_response != NULL)
431 history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_ares_result);
432 // history_buffer = string_sprintf("%sspf -1\n", history_buffer);
434 history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer);
435 history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain);
436 history_buffer = string_sprintf("%spolicy %d\n", history_buffer, dmarc_policy);
438 rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1);
441 for (tmp_ans = 0; rua[tmp_ans] != NULL; tmp_ans++)
443 history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]);
447 history_buffer = string_sprintf("%srua -\n", history_buffer);
449 opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans);
450 history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans);
452 opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans);
453 history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans);
455 opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans);
456 history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans);
458 opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans);
459 history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans);
461 opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans);
462 history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans);
464 history_buffer = string_sprintf("%salign_dkim %d\n", history_buffer, da);
465 history_buffer = string_sprintf("%salign_spf %d\n", history_buffer, sa);
466 history_buffer = string_sprintf("%saction %d\n", history_buffer, action);
468 /* Write the contents to the history file */
470 debug_printf("DMARC logging history data for opendmarc reporting%s\n",
471 (host_checking || running_in_test_harness) ? " (not really)" : "");
472 if (host_checking || running_in_test_harness)
475 debug_printf("DMARC history data for debugging:\n%s", history_buffer);
479 written_len = write_to_fd_buf(history_file_fd,
481 Ustrlen(history_buffer));
482 if (written_len == 0)
484 log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s",
486 return DMARC_HIST_WRITE_ERR;
488 (void)close(history_file_fd);
490 return DMARC_HIST_OK;
493 void dmarc_send_forensic_report(u_char **ruf)
496 uschar *recipient, *save_sender;
497 BOOL send_status = FALSE;
498 error_block *eblock = NULL;
499 FILE *message_file = NULL;
501 /* Earlier ACL does not have *required* control=dmarc_enable_forensic */
502 if (dmarc_enable_forensic == FALSE)
505 if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) ||
506 (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) )
510 eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain);
511 eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address);
512 eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full));
513 eblock = add_to_eblock(eblock, US"SPF Alignment",
514 (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no");
515 eblock = add_to_eblock(eblock, US"DKIM Alignment",
516 (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no");
517 eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text);
518 /* Set a sane default envelope sender */
519 dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender :
520 dsn_from ? dsn_from :
521 string_sprintf("do-not-reply@%s",primary_hostname);
522 for (c = 0; ruf[c] != NULL; c++)
524 recipient = string_copylc(ruf[c]);
525 if (Ustrncmp(recipient, "mailto:",7))
527 /* Move to first character past the colon */
530 debug_printf("DMARC forensic report to %s%s\n", recipient,
531 (host_checking || running_in_test_harness) ? " (not really)" : "");
532 if (host_checking || running_in_test_harness)
534 save_sender = sender_address;
535 sender_address = recipient;
536 send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock,
537 header_list, message_file, FALSE);
538 sender_address = save_sender;
539 if (send_status == FALSE)
540 log_write(0, LOG_MAIN|LOG_PANIC, "failure to send DMARC forensic report to %s",
547 uschar *dmarc_exim_expand_query(int what)
549 if (dmarc_disable_verify || !dmarc_pctx)
550 return dmarc_exim_expand_defaults(what);
553 case DMARC_VERIFY_STATUS:
554 return(dmarc_status);
560 uschar *dmarc_exim_expand_defaults(int what)
563 case DMARC_VERIFY_STATUS:
564 return (dmarc_disable_verify) ?
572 uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname)
574 uschar *hdr_tmp = US"";
576 /* Allow a server hostname to be passed to this function, but is
577 * currently unused */
578 if (hostname == NULL)
579 hostname = primary_hostname;
580 hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname);
583 /* I don't think this belongs here, but left it here commented out
584 * because it was a lot of work to get working right. */
585 if (spf_response != NULL) {
586 uschar *dmarc_ar_spf = US"";
588 sr = spf_response->result;
589 dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" :
590 (sr == SPF_RESULT_PASS) ? US"pass" :
591 (sr == SPF_RESULT_FAIL) ? US"fail" :
592 (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" :
594 hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
595 hdr_tmp, dmarc_ar_spf_result,
596 spf_response->header_comment,
597 expand_string(US"$sender_address") );
600 hdr_tmp = string_sprintf("%s dmarc=%s",
601 hdr_tmp, dmarc_pass_fail);
602 if (header_from_sender)
603 hdr_tmp = string_sprintf("%s header.from=%s",
604 hdr_tmp, header_from_sender);
608 #endif /* EXPERIMENTAL_SPF */
609 #endif /* EXPERIMENTAL_DMARC */
611 // vim:sw=2 expandtab