From d7b5f2ab122c3de70f1f6672fe07b87e011338c6 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 18 Mar 2018 18:56:13 +0000 Subject: [PATCH] DMARC: if ACL condition not called, do not add anything to authres string Previously "skipped" was added; that is no only done for an actual call which could not be completed --- doc/doc-txt/experimental-spec.txt | 4 +--- src/src/dmarc.c | 34 ++++++++++++++++++++----------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 2cac9e90d..ce140c553 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -430,14 +430,12 @@ package controlled locations (/usr/include and /usr/lib). 2. Use the following global settings to configure DMARC: -Optional: +Required: dmarc_tld_file Defines the location of a text file of valid top level domains the opendmarc library uses during domain parsing. Maintained by Mozilla, the most current version can be downloaded from a link at http://publicsuffix.org/list/. - If unset, "/etc/exim/opendmarc.tlds" (hardcoded) - is used. Optional: dmarc_history_file Defines the location of a file to log results diff --git a/src/src/dmarc.c b/src/src/dmarc.c index 0b45e100a..ba9aa6695 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -84,7 +84,6 @@ dmarc_init() { int *netmask = NULL; /* Ignored */ int is_ipv6 = 0; -char *tld_file = dmarc_tld_file ? CS dmarc_tld_file : DMARC_TLD_FILE; /* Set some sane defaults. Also clears previous results when * multiple messages in one connection. */ @@ -111,22 +110,27 @@ if (libdm_status != DMARC_PARSE_OKAY) opendmarc_policy_status_to_str(libdm_status)); dmarc_abort = TRUE; } -if (dmarc_tld_file == NULL) +if (!dmarc_tld_file) + { + DEBUG(D_receive) debug_printf("DMARC: no dmarc_tld_file\n"); dmarc_abort = TRUE; -else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL)) + } +else if (opendmarc_tld_read_file(dmarc_tld_file, NULL, NULL, NULL)) { log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", - tld_file, errno); + dmarc_tld_file, errno); dmarc_abort = TRUE; } -if (sender_host_address == NULL) +if (!sender_host_address) + { + DEBUG(D_receive) debug_printf("DMARC: no sender_host_address\n"); dmarc_abort = TRUE; + } /* This catches locally originated email and startup errors above. */ if (!dmarc_abort) { is_ipv6 = string_is_ip_address(sender_host_address, netmask) == 6; - dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6); - if (dmarc_pctx == NULL) + if (!(dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6))) { log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s", sender_host_address); @@ -232,9 +236,12 @@ if (dmarc_disable_verify) * the entire DMARC system if we can't find a From: header....or if * there was a previous error. */ -if (!from_header || dmarc_abort) +if (!from_header) + { + DEBUG(D_receive) debug_printf("DMARC: no From: header\n"); dmarc_abort = TRUE; -else + } +else if (!dmarc_abort) { uschar * errormsg; int dummy, domain; @@ -594,9 +601,12 @@ return US""; gstring * authres_dmarc(gstring * g) { -g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail); -if (header_from_sender) - g = string_append(g, 2, US"header.from=", header_from_sender); +if (dmarc_has_been_checked) + { + g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail); + if (header_from_sender) + g = string_append(g, 2, US"header.from=", header_from_sender); + } return g; } -- 2.30.2