From: Jeremy Harris Date: Sat, 30 Mar 2019 15:41:52 +0000 (+0000) Subject: DMARC: check for empty filename for TLD file. Patch testsuite to not break on missin... X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/590fd9eeeb31a0e3815719e5b577469ffe9771bd?ds=inline DMARC: check for empty filename for TLD file. Patch testsuite to not break on missing default TLD file. --- diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 9b472c080..2f1e5c591 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -428,7 +428,7 @@ need to uncomment them if an rpm (or you) installed them in the package controlled locations (/usr/include and /usr/lib). -2. Use the following global settings to configure DMARC: +2. Use the following global options to configure DMARC: Required: dmarc_tld_file Defines the location of a text file of valid @@ -437,6 +437,8 @@ dmarc_tld_file Defines the location of a text file of valid the most current version can be downloaded from a link at http://publicsuffix.org/list/. See also util/renew-opendmarc-tlds.sh script. + The default for the option is currently + /etc/exim/opendmarc.tlds Optional: dmarc_history_file Defines the location of a file to log results diff --git a/src/src/dmarc.c b/src/src/dmarc.c index c4edc9159..5bf33032a 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -109,15 +109,15 @@ if (libdm_status != DMARC_PARSE_OKAY) opendmarc_policy_status_to_str(libdm_status)); dmarc_abort = TRUE; } -if (!dmarc_tld_file) +if (!dmarc_tld_file || !*dmarc_tld_file) { DEBUG(D_receive) debug_printf("DMARC: no dmarc_tld_file\n"); dmarc_abort = TRUE; } else if (opendmarc_tld_read_file(CS dmarc_tld_file, NULL, NULL, NULL)) { - log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", - dmarc_tld_file, errno); + log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list '%s': %s", + dmarc_tld_file, strerror(errno)); dmarc_abort = TRUE; } if (!sender_host_address) diff --git a/test/aux-var-src/tls_conf_prefix b/test/aux-var-src/tls_conf_prefix index 0a14cee24..965bc8b24 100644 --- a/test/aux-var-src/tls_conf_prefix +++ b/test/aux-var-src/tls_conf_prefix @@ -20,3 +20,6 @@ tls_advertise_requiretls = .ifdef _HAVE_PIPE_CONNECT pipelining_connect_advertise_hosts = : .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif diff --git a/test/confs/0002 b/test/confs/0002 index 165f0a4b2..7e565805b 100644 --- a/test/confs/0002 +++ b/test/confs/0002 @@ -15,6 +15,9 @@ tls_advertise_hosts = .ifdef _HAVE_PIPE_CONNECT pipelining_connect_advertise_hosts = : .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif # ----- Main settings ----- diff --git a/test/confs/0241 b/test/confs/0241 index e7d92078b..644ed6b1f 100644 --- a/test/confs/0241 +++ b/test/confs/0241 @@ -9,6 +9,10 @@ gecos_pattern = "" gecos_name = CALLER_NAME tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- qualify_domain = test.ex diff --git a/test/confs/0437 b/test/confs/0437 index d0ea77ea1..863655b4e 100644 --- a/test/confs/0437 +++ b/test/confs/0437 @@ -11,6 +11,10 @@ gecos_pattern = "" gecos_name = CALLER_NAME tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- queue_run_in_order diff --git a/test/confs/0564 b/test/confs/0564 index e01628550..de71325af 100644 --- a/test/confs/0564 +++ b/test/confs/0564 @@ -12,6 +12,9 @@ tls_advertise_hosts = .ifdef _HAVE_PIPE_CONNECT pipelining_connect_advertise_hosts = .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif # ----- Main settings ----- diff --git a/test/confs/0601 b/test/confs/0601 index faf44ce98..8b47f3d7e 100644 --- a/test/confs/0601 +++ b/test/confs/0601 @@ -7,6 +7,9 @@ spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog tls_advertise_hosts = queue_only +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif # ----- Main settings ----- diff --git a/test/confs/0611 b/test/confs/0611 index 4f6f490d3..d3e0a47b2 100644 --- a/test/confs/0611 +++ b/test/confs/0611 @@ -13,6 +13,10 @@ gecos_name = CALLER_NAME tls_advertise_hosts = chunking_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- log_file_path = DIR/spool/log/${if eq {SERVER}{server} {server_}{}}%slog diff --git a/test/confs/0615 b/test/confs/0615 index 63b9d7fac..0cf5769a9 100644 --- a/test/confs/0615 +++ b/test/confs/0615 @@ -11,6 +11,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + primary_hostname = myhost.test.ex queue_only diff --git a/test/confs/0619 b/test/confs/0619 index dc23661ac..dcb7fa89e 100644 --- a/test/confs/0619 +++ b/test/confs/0619 @@ -13,6 +13,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + primary_hostname = myhost.test.ex queue_only diff --git a/test/confs/0900 b/test/confs/0900 index caf17be81..ce6f2c379 100644 --- a/test/confs/0900 +++ b/test/confs/0900 @@ -19,6 +19,9 @@ tls_advertise_requiretls = : .ifdef _HAVE_PIPE_CONNECT pipelining_connect_advertise_hosts = : .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif # ----- Main settings ----- diff --git a/test/confs/0901 b/test/confs/0901 index c2eb5cca6..67b73cd19 100644 --- a/test/confs/0901 +++ b/test/confs/0901 @@ -14,6 +14,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = * tls_advertise_hosts = ${if eq {SRV}{tls} {*}} +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_advertise_hosts = : # ----- Main settings ----- diff --git a/test/confs/0906 b/test/confs/0906 index ff99d9304..6df517e53 100644 --- a/test/confs/0906 +++ b/test/confs/0906 @@ -13,6 +13,9 @@ tls_advertise_hosts = ${if eq {SRV}{tls} {*}} .ifdef _HAVE_PIPE_CONNECT pipelining_connect_advertise_hosts = .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif # ----- Main settings ----- diff --git a/test/confs/2026 b/test/confs/2026 index 7da11a528..c678219db 100644 --- a/test/confs/2026 +++ b/test/confs/2026 @@ -13,6 +13,10 @@ log_file_path = DIR/spool/log/%D-%slog gecos_pattern = "" gecos_name = CALLER_NAME +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- acl_smtp_rcpt = check_rcpt diff --git a/test/confs/4050 b/test/confs/4050 index 06a85c089..2db951d22 100644 --- a/test/confs/4050 +++ b/test/confs/4050 @@ -22,6 +22,10 @@ dns_cname_loops = 9 chunking_advertise_hosts = tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = CONNECTCOND retry_data_expire = RETRY log_selector = +received_recipients +pipelining diff --git a/test/confs/4053 b/test/confs/4053 index 3a85deeab..10c31e255 100644 --- a/test/confs/4053 +++ b/test/confs/4053 @@ -18,6 +18,10 @@ dns_cname_loops = 9 chunking_advertise_hosts = * tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * log_selector = +pipelining queue_only diff --git a/test/confs/4056 b/test/confs/4056 index c77c439e4..f82434601 100644 --- a/test/confs/4056 +++ b/test/confs/4056 @@ -18,6 +18,10 @@ dns_cname_loops = 9 chunking_advertise_hosts = tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * auth_advertise_hosts = * log_selector = +pipelining diff --git a/test/confs/4058 b/test/confs/4058 index 887427a57..0502c55b2 100644 --- a/test/confs/4058 +++ b/test/confs/4058 @@ -21,6 +21,10 @@ dns_cname_loops = 9 chunking_advertise_hosts = OPT tls_advertise_hosts = +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * queue_only diff --git a/test/confs/4060 b/test/confs/4060 index 30d65a146..191677073 100644 --- a/test/confs/4060 +++ b/test/confs/4060 @@ -23,6 +23,10 @@ chunking_advertise_hosts = OPT tls_advertise_hosts = * tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3) .ifdef _HAVE_GNUTLS tls_require_ciphers = NORMAL:-KX-ALL:+RSA diff --git a/test/confs/4061 b/test/confs/4061 index 4352f5891..d929d53eb 100644 --- a/test/confs/4061 +++ b/test/confs/4061 @@ -27,6 +27,10 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_require_ciphers = NORMAL:-KX-ALL:+RSA .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * log_selector = +received_recipients +pipelining queue_only diff --git a/test/confs/4064 b/test/confs/4064 index 8c3c300a5..5a840a295 100644 --- a/test/confs/4064 +++ b/test/confs/4064 @@ -24,6 +24,10 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_require_ciphers = NORMAL:-KX-ALL:+RSA .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * auth_advertise_hosts = * diff --git a/test/confs/4065 b/test/confs/4065 index 8a8b38f96..92a17d71b 100644 --- a/test/confs/4065 +++ b/test/confs/4065 @@ -25,6 +25,10 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_require_ciphers = NORMAL:-KX-ALL:+RSA .endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + pipelining_connect_advertise_hosts = * auth_advertise_hosts = * diff --git a/test/confs/4650 b/test/confs/4650 index e6c788436..32e138313 100644 --- a/test/confs/4650 +++ b/test/confs/4650 @@ -1,6 +1,17 @@ # Exim test configuration 4650 -.include DIR/aux-var/std_conf_prefix +exim_path = EXIM_PATH +keep_environment = +host_lookup_order = bydns +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +chunking_advertise_hosts = * +tls_advertise_hosts = +.ifdef _HAVE_PIPE_CONNECT +pipelining_connect_advertise_hosts = +.endif primary_hostname = myhost.test.ex diff --git a/test/confs/5601 b/test/confs/5601 index 6e667b429..9b33101b3 100644 --- a/test/confs/5601 +++ b/test/confs/5601 @@ -13,6 +13,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = primary_hostname = server1.example.com +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- diff --git a/test/confs/5611 b/test/confs/5611 index 3309870a3..0b2be46a1 100644 --- a/test/confs/5611 +++ b/test/confs/5611 @@ -13,6 +13,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = primary_hostname = server1.example.com +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- diff --git a/test/confs/5740 b/test/confs/5740 index 4d41e820b..53302c507 100644 --- a/test/confs/5740 +++ b/test/confs/5740 @@ -13,6 +13,10 @@ gecos_name = CALLER_NAME chunking_advertise_hosts = primary_hostname = server1.example.com +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif + # ----- Main settings ----- diff --git a/test/runtest b/test/runtest index a36c3c619..0a4e7cf88 100755 --- a/test/runtest +++ b/test/runtest @@ -974,6 +974,9 @@ RESET_AFTER_EXTRA_LINE_READ: s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/; s/^\/.*postgres /POSTGRES /; + # DMARC is not always supported by the build + next if /^dmarc_tld_file =/; + # ARC is not always supported by the build next if /^arc_sign =/; } diff --git a/test/stderr/0002 b/test/stderr/0002 index 9e575693f..0677a4291 100644 --- a/test/stderr/0002 +++ b/test/stderr/0002 @@ -278,7 +278,7 @@ host in helo_verify_hosts? no (option unset) host in helo_try_verify_hosts? no (option unset) host in helo_accept_junk_hosts? no (option unset) using ACL "connect1" -processing "deny" (TESTSUITE/test-config 42) +processing "deny" (TESTSUITE/test-config 45) check hosts = <\n partial-lsearch;TESTSUITE/aux-fixed/0002.lsearch \n 1.2.3.4 sender host name required, to match against partial-lsearch;TESTSUITE/aux-fixed/0002.lsearch looking up host name for V4NET.0.0.1 @@ -337,7 +337,7 @@ host in helo_verify_hosts? no (option unset) host in helo_try_verify_hosts? no (option unset) host in helo_accept_junk_hosts? no (option unset) using ACL "connect2" -processing "deny" (TESTSUITE/test-config 45) +processing "deny" (TESTSUITE/test-config 48) check hosts = net-lsearch;TESTSUITE/aux-fixed/0002.lsearch search_open: lsearch "TESTSUITE/aux-fixed/0002.lsearch" search_find: file="TESTSUITE/aux-fixed/0002.lsearch" @@ -367,79 +367,79 @@ search_tidyup called >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> using ACL "connect0" ->>> processing "accept" (TESTSUITE/test-config 39) +>>> processing "accept" (TESTSUITE/test-config 42) >>> accept: condition test succeeded in ACL "connect0" >>> end of ACL "connect0": ACCEPT ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "" LOG: 10HmaX-0005vi-00 Subject is: "" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY LOG: 10HmaX-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<> ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "" LOG: 10HmaY-0005vi-00 Subject is: "" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY LOG: 10HmaY-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address= ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "" LOG: 10HmaZ-0005vi-00 Subject is: "" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY LOG: 10HmaZ-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address= ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "" LOG: 10HmbA-0005vi-00 Subject is: "" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY LOG: 10HmbA-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<> ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "" LOG: 10HmbB-0005vi-00 Subject is: "" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY @@ -453,20 +453,20 @@ LOG: 10HmbB-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> using ACL "connect0" ->>> processing "accept" (TESTSUITE/test-config 39) +>>> processing "accept" (TESTSUITE/test-config 42) >>> accept: condition test succeeded in ACL "connect0" >>> end of ACL "connect0": ACCEPT ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: "=?iso-8859-8?Q?_here_we_go=3A_a_string_that_is_going_to_be_encoded=3A_it_will_go_over_the_75-char_limit_by_a_long_way=3B_in_fact_this_one_will_go_over_the_150_character_limit?=" LOG: 10HmbC-0005vi-00 Subject is: "=?iso-8859-8?Q?_here_we_go=3A_a_string_that_is_going_to_be_encoded=3A_it_will_go_over_the_75-char_limit_by_a_long_way=3B_in_fact_this_one_will_go_over_the_150_character_limit?=" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY @@ -480,20 +480,20 @@ LOG: 10HmbC-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<> >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> using ACL "connect0" ->>> processing "accept" (TESTSUITE/test-config 39) +>>> processing "accept" (TESTSUITE/test-config 42) >>> accept: condition test succeeded in ACL "connect0" >>> end of ACL "connect0": ACCEPT ->>> processing "accept" (TESTSUITE/test-config 67) +>>> processing "accept" (TESTSUITE/test-config 70) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_data" ->>> processing "warn" (TESTSUITE/test-config 48) +>>> processing "warn" (TESTSUITE/test-config 51) >>> check logwrite = Subject is: "$h_subject:" >>> = Subject is: " here we go: a string that is going to be encoded: it will go over the 75-char limit by a long way; in fact this one will go over the 150 character limit" LOG: 10HmbD-0005vi-00 Subject is: " here we go: a string that is going to be encoded: it will go over the 75-char limit by a long way; in fact this one will go over the 150 character limit" >>> warn: condition test succeeded in ACL "check_data" ->>> processing "deny" (TESTSUITE/test-config 49) +>>> processing "deny" (TESTSUITE/test-config 52) >>> message: reply_address=<$reply_address> >>> deny: condition test succeeded in ACL "check_data" >>> end of ACL "check_data": DENY