New upstream release
* New upstream release
- Refresh patches
- Drop debian/patches/cve-2021-34555.patch, equivalent fix incorporated
upstream
Scott Kitterman
2 years ago
| 0 | opendmarc (1.4.2-1) unstable; urgency=medium | |
| 1 | ||
| 2 | * New upstream release | |
| 3 | - Refresh patches | |
| 4 | - Drop debian/patches/cve-2021-34555.patch, equivalent fix incorporated | |
| 5 | upstream | |
| 6 | ||
| 7 | -- Scott Kitterman <scott@kitterman.com> Tue, 18 Jan 2022 12:14:37 -0500 | |
| 8 | ||
| 0 | 9 | opendmarc (1.4.1.1-2) unstable; urgency=medium |
| 1 | 10 | |
| 2 | 11 | * Deprecate /lib/opendmarc/opendmarc.service.generate script: instead, edit |
| 0 | Description: Add ARC override for policy "quarantine" | |
| 0 | From: Scott Kitterman <scott@kitterman.com> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Add ARC override for policy "quarantine" | |
| 3 | ||
| 1 | 4 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6697440/opendmarc-arc-overwrite-for-quarantines-patch.txt |
| 2 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/24 |
| 6 | --- | |
| 7 | opendmarc/opendmarc.c | 29 +++++++++++++++++------------ | |
| 8 | 1 file changed, 17 insertions(+), 12 deletions(-) | |
| 3 | 9 | |
| 10 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 11 | index be3d496..9317817 100644 | |
| 4 | 12 | --- a/opendmarc/opendmarc.c |
| 5 | 13 | +++ b/opendmarc/opendmarc.c |
| 6 | @@ -3639,16 +3639,7 @@ | |
| 14 | @@ -3637,16 +3637,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 7 | 15 | conf->conf_holdquarantinedmessages && |
| 8 | 16 | random() % 100 < pct) |
| 9 | 17 | { |
| 21 | 29 | |
| 22 | 30 | ret = SMFIS_ACCEPT; |
| 23 | 31 | result = DMARC_RESULT_QUARANTINE; |
| 24 | @@ -3685,7 +3676,7 @@ | |
| 32 | @@ -3683,7 +3674,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 25 | 33 | ** arc.chain to assist with administrative debugging. |
| 26 | 34 | */ |
| 27 | 35 | |
| 30 | 38 | dfc->mctx_arcpass == ARES_RESULT_PASS && |
| 31 | 39 | dfc->mctx_arcpolicypass != DMARC_ARC_POLICY_RESULT_PASS && |
| 32 | 40 | conf->conf_dolog) |
| 33 | @@ -3695,7 +3686,7 @@ | |
| 41 | @@ -3693,7 +3684,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 34 | 42 | dfc->mctx_jobid); |
| 35 | 43 | } |
| 36 | 44 | |
| 39 | 47 | dfc->mctx_arcpolicypass == DMARC_ARC_POLICY_RESULT_PASS) |
| 40 | 48 | { |
| 41 | 49 | ret = SMFIS_ACCEPT; |
| 42 | @@ -3707,6 +3698,20 @@ | |
| 43 | dfc->mctx_jobid); | |
| 50 | @@ -3706,6 +3697,20 @@ mlfi_eom(SMFICTX *ctx) | |
| 44 | 51 | } |
| 45 | 52 | } |
| 46 | + | |
| 53 | ||
| 47 | 54 | + if (result == DMARC_RESULT_QUARANTINE) |
| 48 | 55 | + { |
| 49 | 56 | + snprintf(replybuf, sizeof replybuf, |
| 57 | 64 | + dfc->mctx_jobid); |
| 58 | 65 | + } |
| 59 | 66 | + } |
| 60 | ||
| 67 | + | |
| 61 | 68 | /* |
| 62 | 69 | ** Append arc override to historyfile. The format |
| 70 | ** | |
| 0 | Description: Fix segfaults, increase token max lengths in ARC-Seal headers | |
| 0 | From: Scott Kitterman <scott@kitterman.com> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Fix segfaults, increase token max lengths in ARC-Seal headers | |
| 3 | ||
| 1 | 4 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6717466/opendmarc-arcseal.patch.txt |
| 2 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/183 |
| 6 | --- | |
| 7 | opendmarc/opendmarc-arcseal.c | 7 ++++++- | |
| 8 | opendmarc/opendmarc-arcseal.h | 2 +- | |
| 9 | 2 files changed, 7 insertions(+), 2 deletions(-) | |
| 3 | 10 | |
| 11 | diff --git a/opendmarc/opendmarc-arcseal.c b/opendmarc/opendmarc-arcseal.c | |
| 12 | index 73eebb7..66fc62a 100644 | |
| 4 | 13 | --- a/opendmarc/opendmarc-arcseal.c |
| 5 | 14 | +++ b/opendmarc/opendmarc-arcseal.c |
| 6 | 15 | @@ -29,7 +29,7 @@ |
| 12 | 21 | |
| 13 | 22 | /* tables */ |
| 14 | 23 | struct opendmarc_arcseal_lookup |
| 15 | @@ -167,7 +167,12 @@ | |
| 24 | @@ -167,7 +167,12 @@ opendmarc_arcseal_parse(u_char *hdr, struct arcseal *as) | |
| 16 | 25 | if (*token_ptr == '\0') |
| 17 | 26 | return 0; |
| 18 | 27 | tag_label = strsep(&token_ptr, "="); |
| 25 | 34 | |
| 26 | 35 | tag_code = opendmarc_arcseal_convert(as_tags, tag_label); |
| 27 | 36 | |
| 37 | diff --git a/opendmarc/opendmarc-arcseal.h b/opendmarc/opendmarc-arcseal.h | |
| 38 | index 4eb0927..6e11a06 100644 | |
| 28 | 39 | --- a/opendmarc/opendmarc-arcseal.h |
| 29 | 40 | +++ b/opendmarc/opendmarc-arcseal.h |
| 30 | 41 | @@ -32,7 +32,7 @@ |
| 0 | Description: Make function check_domain static | |
| 1 | Author: David Bürgin <dbuergin@gluet.ch> | |
| 0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Make function check_domain static | |
| 3 | ||
| 2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/177 |
| 5 | --- | |
| 6 | libopendmarc/opendmarc_policy.c | 2 +- | |
| 7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
| 3 | 8 | |
| 9 | diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c | |
| 10 | index 32053db..c864906 100644 | |
| 4 | 11 | --- a/libopendmarc/opendmarc_policy.c |
| 5 | 12 | +++ b/libopendmarc/opendmarc_policy.c |
| 6 | 13 | @@ -35,7 +35,7 @@ |
| 0 | Description: Fix off-by-one error buffer overrun in opendmarc_util_cleanup | |
| 0 | From: Scott Kitterman <scott@kitterman.com> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Fix off-by-one error buffer overrun in opendmarc_util_cleanup | |
| 3 | ||
| 1 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/188 |
| 5 | --- | |
| 6 | libopendmarc/opendmarc_util.c | 2 +- | |
| 7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
| 2 | 8 | |
| 9 | diff --git a/libopendmarc/opendmarc_util.c b/libopendmarc/opendmarc_util.c | |
| 10 | index 4ab8ac0..86cc69b 100644 | |
| 3 | 11 | --- a/libopendmarc/opendmarc_util.c |
| 4 | 12 | +++ b/libopendmarc/opendmarc_util.c |
| 5 | @@ -160,7 +160,7 @@ | |
| 13 | @@ -160,7 +160,7 @@ opendmarc_util_cleanup(u_char *str, u_char *buf, size_t buflen) | |
| 6 | 14 | { |
| 7 | 15 | char *sp, *ep; |
| 8 | 16 |
| 0 | Description: opendmarc/opendmarc.c:dmarfc_config_free: don't assert conf->conf_refcnt == 0 | |
| 0 | From: Scott Kitterman <scott@kitterman.com> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: opendmarc/opendmarc.c:dmarfc_config_free: don't assert | |
| 3 | conf->conf_refcnt == 0 | |
| 4 | ||
| 1 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/18 |
| 6 | --- | |
| 7 | opendmarc/opendmarc.c | 1 - | |
| 8 | 1 file changed, 1 deletion(-) | |
| 2 | 9 | |
| 10 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 11 | index fbb6e40..fbf06b6 100644 | |
| 3 | 12 | --- a/opendmarc/opendmarc.c |
| 4 | 13 | +++ b/opendmarc/opendmarc.c |
| 5 | @@ -4227,7 +4227,6 @@ | |
| 14 | @@ -4225,7 +4225,6 @@ static void | |
| 6 | 15 | dmarcf_config_free(struct dmarcf_config *conf) |
| 7 | 16 | { |
| 8 | 17 | assert(conf != NULL); |
| 0 | Description: CVE-2021-34555: Fix multi-value From rejection logic | |
| 1 | Author: David Bürgin <dbuergin@gluet.ch> | |
| 2 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/178 | |
| 3 | ||
| 4 | --- a/opendmarc/opendmarc.c | |
| 5 | +++ b/opendmarc/opendmarc.c | |
| 6 | @@ -2513,17 +2513,22 @@ | |
| 7 | ||
| 8 | for (c = 1; users[c] != NULL; c++) | |
| 9 | { | |
| 10 | - if (strcasecmp(domains[0], domains[c]) != 0) | |
| 11 | + if (domains[0] != NULL | |
| 12 | + && domains[c] != NULL | |
| 13 | + && strcasecmp(domains[0], domains[c]) != 0) | |
| 14 | { | |
| 15 | - syslog(LOG_ERR, | |
| 16 | - "%s: multi-valued From field detected", | |
| 17 | - dfc->mctx_jobid); | |
| 18 | - } | |
| 19 | + if (conf->conf_dolog) | |
| 20 | + { | |
| 21 | + syslog(LOG_ERR, | |
| 22 | + "%s: multi-valued From field detected", | |
| 23 | + dfc->mctx_jobid); | |
| 24 | + } | |
| 25 | ||
| 26 | - if (conf->conf_reject_multi_from) | |
| 27 | - return SMFIS_REJECT; | |
| 28 | - else | |
| 29 | - return SMFIS_ACCEPT; | |
| 30 | + if (conf->conf_reject_multi_from) | |
| 31 | + return SMFIS_REJECT; | |
| 32 | + else | |
| 33 | + return SMFIS_ACCEPT; | |
| 34 | + } | |
| 35 | } | |
| 36 | ||
| 37 | user = users[0]; |
| 6 | 6 | contrib/rddmarc/dmarcfail.py | 2 +- |
| 7 | 7 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 8 | 8 | |
| 9 | diff --git a/contrib/rddmarc/dmarcfail.py b/contrib/rddmarc/dmarcfail.py | |
| 10 | index 96df270..f849d92 100644 | |
| 9 | 11 | --- a/contrib/rddmarc/dmarcfail.py |
| 10 | 12 | +++ b/contrib/rddmarc/dmarcfail.py |
| 11 | 13 | @@ -1,4 +1,4 @@ |
| 0 | Description: Fix memory leak when evaluating ARC chain by freeing temporary string "arcdomain" | |
| 0 | From: Scott Kitterman <scott@kitterman.com> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Fix memory leak when evaluating ARC chain by freeing temporary | |
| 3 | string "arcdomain" | |
| 4 | ||
| 1 | 5 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6682308/opendmarc-free-arcdomain-patch.txt |
| 2 | 6 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/182 |
| 7 | --- | |
| 8 | opendmarc/opendmarc.c | 3 +++ | |
| 9 | 1 file changed, 3 insertions(+) | |
| 3 | 10 | |
| 11 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 12 | index fbf06b6..be3d496 100644 | |
| 4 | 13 | --- a/opendmarc/opendmarc.c |
| 5 | 14 | +++ b/opendmarc/opendmarc.c |
| 6 | @@ -3011,6 +3011,9 @@ | |
| 15 | @@ -3009,6 +3009,9 @@ mlfi_eom(SMFICTX *ctx) | |
| 7 | 16 | eptr = hsearch(entry, |
| 8 | 17 | FIND); |
| 9 | 18 | pthread_rwlock_unlock(&hash_lock); |
| 0 | Description: Correct HoldQuarantinedMessages documentation | |
| 1 | Author: David Bürgin <dbuergin@gluet.ch> | |
| 0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Correct HoldQuarantinedMessages documentation | |
| 3 | ||
| 2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/165 |
| 5 | --- | |
| 6 | opendmarc/opendmarc.conf.5.in | 13 +------------ | |
| 7 | opendmarc/opendmarc.conf.sample | 16 +--------------- | |
| 8 | 2 files changed, 2 insertions(+), 27 deletions(-) | |
| 3 | 9 | |
| 10 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
| 11 | index dcb518c..0580b9d 100644 | |
| 12 | --- a/opendmarc/opendmarc.conf.5.in | |
| 13 | +++ b/opendmarc/opendmarc.conf.5.in | |
| 14 | @@ -196,18 +196,7 @@ aggregate reports can be extracted using | |
| 15 | If set, the milter will signal to the mta that messages with | |
| 16 | p=quarantine, which fail dmarc authentication, should be held in | |
| 17 | the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
| 18 | -If false, messsages will be accepted and passed along with the | |
| 19 | -regular mail flow, and the quarantine will be left up to downstream | |
| 20 | -MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
| 21 | -including the Authentication-Results header added by this filter. | |
| 22 | -The default is "false". | |
| 23 | - | |
| 24 | -.TP | |
| 25 | -.I HoldQuarantinedMessages (Boolean) | |
| 26 | -If set, the milter will signal to the mta that messages with | |
| 27 | -p=quarantine, which fail dmarc authentication, should be held in | |
| 28 | -the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
| 29 | -If false, messsages will be accepted and passed along with the | |
| 30 | +If false, messages will be accepted and passed along with the | |
| 31 | regular mail flow, and the quarantine will be left up to downstream | |
| 32 | MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
| 33 | including the Authentication-Results header added by this filter. | |
| 34 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
| 35 | index 4e1f1ab..c545ba6 100644 | |
| 4 | 36 | --- a/opendmarc/opendmarc.conf.sample |
| 5 | 37 | +++ b/opendmarc/opendmarc.conf.sample |
| 6 | 38 | @@ -219,7 +219,7 @@ |
| 33 | 65 | ## IgnoreHosts path |
| 34 | 66 | ## default (internal) |
| 35 | 67 | ## |
| 36 | --- a/opendmarc/opendmarc.conf.5.in | |
| 37 | +++ b/opendmarc/opendmarc.conf.5.in | |
| 38 | @@ -196,18 +196,7 @@ | |
| 39 | If set, the milter will signal to the mta that messages with | |
| 40 | p=quarantine, which fail dmarc authentication, should be held in | |
| 41 | the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
| 42 | -If false, messsages will be accepted and passed along with the | |
| 43 | -regular mail flow, and the quarantine will be left up to downstream | |
| 44 | -MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
| 45 | -including the Authentication-Results header added by this filter. | |
| 46 | -The default is "false". | |
| 47 | - | |
| 48 | -.TP | |
| 49 | -.I HoldQuarantinedMessages (Boolean) | |
| 50 | -If set, the milter will signal to the mta that messages with | |
| 51 | -p=quarantine, which fail dmarc authentication, should be held in | |
| 52 | -the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
| 53 | -If false, messsages will be accepted and passed along with the | |
| 54 | +If false, messages will be accepted and passed along with the | |
| 55 | regular mail flow, and the quarantine will be left up to downstream | |
| 56 | MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
| 57 | including the Authentication-Results header added by this filter. | |
| 0 | Description: Insert trace headers at index 0 | |
| 1 | Author: David Bürgin <dbuergin@gluet.ch> | |
| 0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
| 1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
| 2 | Subject: Insert trace headers at index 0 | |
| 3 | ||
| 2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/171 |
| 5 | --- | |
| 6 | opendmarc/opendmarc.c | 8 ++++---- | |
| 7 | 1 file changed, 4 insertions(+), 4 deletions(-) | |
| 3 | 8 | |
| 9 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 10 | index 5b09c3f..fbb6e40 100644 | |
| 4 | 11 | --- a/opendmarc/opendmarc.c |
| 5 | 12 | +++ b/opendmarc/opendmarc.c |
| 6 | @@ -3179,7 +3179,7 @@ | |
| 13 | @@ -3177,7 +3177,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 7 | 14 | authservid, pass_fail, use_domain); |
| 8 | 15 | } |
| 9 | 16 | |
| 12 | 19 | header) == MI_FAILURE) |
| 13 | 20 | { |
| 14 | 21 | if (conf->conf_dolog) |
| 15 | @@ -3244,7 +3244,7 @@ | |
| 22 | @@ -3242,7 +3242,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 16 | 23 | "%s; dmarc=permerror header.from=%s", |
| 17 | 24 | authservid, dfc->mctx_fromdomain); |
| 18 | 25 | |
| 21 | 28 | header) == MI_FAILURE) |
| 22 | 29 | { |
| 23 | 30 | if (conf->conf_dolog) |
| 24 | @@ -3793,7 +3793,7 @@ | |
| 31 | @@ -3791,7 +3791,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 25 | 32 | conf->conf_authservidwithjobid ? dfc->mctx_jobid : "", |
| 26 | 33 | aresult, apolicy, adisposition, dfc->mctx_fromdomain); |
| 27 | 34 | |
| 30 | 37 | header) == MI_FAILURE) |
| 31 | 38 | { |
| 32 | 39 | if (conf->conf_dolog) |
| 33 | @@ -3912,7 +3912,7 @@ | |
| 40 | @@ -3910,7 +3910,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 34 | 41 | dfc->mctx_jobid != NULL ? dfc->mctx_jobid |
| 35 | 42 | : JOBIDUNKNOWN); |
| 36 | 43 | |
| 5 | 5 | ticket207.patch |
| 6 | 6 | ticket208.patch |
| 7 | 7 | ticket212.patch |
| 8 | cve-2021-34555.patch | |
| 9 | 8 | hold-quarantined-messages-doc.patch |
| 10 | 9 | insheader.patch |
| 11 | 10 | check_domain.patch |
| 0 | 0 | From: Scott Kitterman <scott@kitterman.com> |
| 1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
| 2 | 2 | Subject: ticket159 |
| 3 | ||
| 3 | 4 | Bug: https://sourceforge.net/p/opendmarc/tickets/159/ |
| 4 | ||
| 5 | 5 | --- |
| 6 | 6 | configure.ac | 1 + |
| 7 | 7 | reports/opendmarc-importstats | 26 -------------------------- |
| 8 | 8 | reports/opendmarc-importstats.in | 27 +++++++++++++++++++++++++++ |
| 9 | 9 | 3 files changed, 28 insertions(+), 26 deletions(-) |
| 10 | 10 | delete mode 100755 reports/opendmarc-importstats |
| 11 | create mode 100755 reports/opendmarc-importstats.in | |
| 11 | create mode 100644 reports/opendmarc-importstats.in | |
| 12 | 12 | |
| 13 | diff --git a/configure.ac b/configure.ac | |
| 14 | index 692dbe4..cf4ff90 100644 | |
| 13 | 15 | --- a/configure.ac |
| 14 | 16 | +++ b/configure.ac |
| 15 | @@ -538,6 +538,7 @@ | |
| 17 | @@ -538,6 +538,7 @@ AC_CONFIG_FILES([ Makefile | |
| 16 | 18 | reports/opendmarc-expire.8 |
| 17 | 19 | reports/opendmarc-import |
| 18 | 20 | reports/opendmarc-import.8 |
| 20 | 22 | reports/opendmarc-importstats.8 |
| 21 | 23 | reports/opendmarc-params |
| 22 | 24 | reports/opendmarc-params.8 |
| 25 | diff --git a/reports/opendmarc-importstats b/reports/opendmarc-importstats | |
| 26 | deleted file mode 100755 | |
| 27 | index 839a871..0000000 | |
| 23 | 28 | --- a/reports/opendmarc-importstats |
| 24 | 29 | +++ /dev/null |
| 25 | 30 | @@ -1,26 +0,0 @@ |
| 49 | 54 | - ls -l ${statsdb}.OLD.$$ |
| 50 | 55 | - fi |
| 51 | 56 | -fi |
| 57 | diff --git a/reports/opendmarc-importstats.in b/reports/opendmarc-importstats.in | |
| 58 | new file mode 100644 | |
| 59 | index 0000000..3a28ee3 | |
| 52 | 60 | --- /dev/null |
| 53 | 61 | +++ b/reports/opendmarc-importstats.in |
| 54 | 62 | @@ -0,0 +1,27 @@ |
| 1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
| 2 | 2 | Subject: allow one to configure the SMTP Reject reason. This patch adds the |
| 3 | 3 | RejectString option. |
| 4 | ||
| 4 | 5 | Bug: https://sourceforge.net/p/opendmarc/tickets/168/ |
| 5 | Author: M. Favero | |
| 6 | ||
| 7 | 6 | --- |
| 8 | 7 | opendmarc/opendmarc-config.h | 1 + |
| 9 | 8 | opendmarc/opendmarc.c | 34 +++++++++++++++++++++++++++++++++- |
| 12 | 11 | opendmarc/opendmarc.h | 1 + |
| 13 | 12 | 5 files changed, 50 insertions(+), 1 deletion(-) |
| 14 | 13 | |
| 14 | diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h | |
| 15 | index 1b781df..8398007 100644 | |
| 15 | 16 | --- a/opendmarc/opendmarc-config.h |
| 16 | 17 | +++ b/opendmarc/opendmarc-config.h |
| 17 | @@ -47,6 +47,7 @@ | |
| 18 | @@ -47,6 +47,7 @@ struct configdef dmarcf_config[] = | |
| 18 | 19 | { "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE }, |
| 19 | 20 | { "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE }, |
| 20 | 21 | { "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE }, |
| 22 | 23 | { "ReportCommand", CONFIG_TYPE_STRING, FALSE }, |
| 23 | 24 | { "Socket", CONFIG_TYPE_STRING, FALSE }, |
| 24 | 25 | { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE }, |
| 26 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 27 | index aee0d48..687ef6d 100644 | |
| 25 | 28 | --- a/opendmarc/opendmarc.c |
| 26 | 29 | +++ b/opendmarc/opendmarc.c |
| 27 | @@ -190,6 +190,7 @@ | |
| 30 | @@ -190,6 +190,7 @@ struct dmarcf_config | |
| 28 | 31 | char * conf_historyfile; |
| 29 | 32 | char * conf_pslist; |
| 30 | 33 | char * conf_ignorelist; |
| 32 | 35 | char ** conf_trustedauthservids; |
| 33 | 36 | char ** conf_ignoredomains; |
| 34 | 37 | struct list * conf_domainwhitelist; |
| 35 | @@ -1419,6 +1420,10 @@ | |
| 38 | @@ -1419,6 +1420,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
| 36 | 39 | &conf->conf_rejectfail, |
| 37 | 40 | sizeof conf->conf_rejectfail); |
| 38 | 41 | |
| 43 | 46 | (void) config_get(data, "RequiredHeaders", |
| 44 | 47 | &conf->conf_reqhdrs, |
| 45 | 48 | sizeof conf->conf_reqhdrs); |
| 46 | @@ -1627,6 +1632,33 @@ | |
| 49 | @@ -1627,6 +1632,33 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
| 47 | 50 | |
| 48 | 51 | pthread_rwlock_unlock(&hash_lock); |
| 49 | 52 | |
| 77 | 80 | return 0; |
| 78 | 81 | } |
| 79 | 82 | |
| 80 | @@ -3558,7 +3590,7 @@ | |
| 83 | @@ -3561,7 +3593,7 @@ mlfi_eom(SMFICTX *ctx) | |
| 81 | 84 | random() % 100 < pct) |
| 82 | 85 | { |
| 83 | 86 | snprintf(replybuf, sizeof replybuf, |
| 86 | 89 | |
| 87 | 90 | status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, |
| 88 | 91 | DMARC_REJECT_ESC, replybuf); |
| 92 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
| 93 | index f7cea9a..ced6ddb 100644 | |
| 89 | 94 | --- a/opendmarc/opendmarc.conf.5.in |
| 90 | 95 | +++ b/opendmarc/opendmarc.conf.5.in |
| 91 | @@ -273,6 +273,13 @@ | |
| 96 | @@ -272,6 +272,13 @@ If set, messages with multiple addresses in the From: field of the message | |
| 97 | will be rejected unless all domain names in that field are the same. They | |
| 92 | 98 | will otherwise be ignored by the filter (the default). |
| 93 | 99 | |
| 94 | .TP | |
| 100 | +.TP | |
| 95 | 101 | +.I RejectString (string) |
| 96 | 102 | +This string describes the reason of reject at SMTP level. |
| 97 | 103 | +The message MUST contain the word "%s" once, which will be replaced by |
| 98 | 104 | +the RFC5322.From domain. |
| 99 | 105 | +The default is "rejected by DMARC policy for %s" |
| 100 | 106 | + |
| 101 | +.TP | |
| 107 | .TP | |
| 102 | 108 | .I ReportCommand (string) |
| 103 | 109 | Indicates the shell command to which failure reports should be passed for |
| 104 | delivery when | |
| 110 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
| 111 | index 69c9afb..2accc6f 100644 | |
| 105 | 112 | --- a/opendmarc/opendmarc.conf.sample |
| 106 | 113 | +++ b/opendmarc/opendmarc.conf.sample |
| 107 | 114 | @@ -325,6 +325,14 @@ |
| 119 | 126 | ## ReportCommand string |
| 120 | 127 | ## default "/usr/sbin/sendmail -t" |
| 121 | 128 | ## |
| 129 | diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h | |
| 130 | index e36f93a..a3b053e 100644 | |
| 122 | 131 | --- a/opendmarc/opendmarc.h |
| 123 | 132 | +++ b/opendmarc/opendmarc.h |
| 124 | 133 | @@ -34,6 +34,7 @@ |
| 4 | 4 | =================================================================== |
| 5 | 5 | --- |
| 6 | 6 | db/Makefile.am | 2 +- |
| 7 | db/README.update-db-schema.mysql | 8 ++++++ | |
| 7 | db/README.update-db-schema.mysql | 8 ++++++++ | |
| 8 | 8 | db/schema.mysql | 3 ++- |
| 9 | db/update-db-schema.mysql | 12 +++++++++ | |
| 10 | reports/opendmarc-expire.in | 13 +++++++++- | |
| 11 | reports/opendmarc-import.in | 53 +++++++++++++++++++++++----------------- | |
| 12 | 6 files changed, 65 insertions(+), 26 deletions(-) | |
| 9 | db/update-db-schema.mysql | 12 ++++++++++++ | |
| 10 | reports/opendmarc-expire.in | 13 ++++++++++++- | |
| 11 | 5 files changed, 35 insertions(+), 3 deletions(-) | |
| 13 | 12 | create mode 100644 db/README.update-db-schema.mysql |
| 14 | 13 | create mode 100644 db/update-db-schema.mysql |
| 15 | 14 | |
| 15 | diff --git a/db/Makefile.am b/db/Makefile.am | |
| 16 | index 43b8614..83bc1d1 100644 | |
| 16 | 17 | --- a/db/Makefile.am |
| 17 | 18 | +++ b/db/Makefile.am |
| 18 | 19 | @@ -1,3 +1,3 @@ |
| 20 | 21 | |
| 21 | 22 | -dist_doc_DATA = README.schema schema.mysql |
| 22 | 23 | +dist_doc_DATA = README.schema schema.mysql README.update-db-schema.mysql update-db-schema.mysql |
| 24 | diff --git a/db/README.update-db-schema.mysql b/db/README.update-db-schema.mysql | |
| 25 | new file mode 100644 | |
| 26 | index 0000000..8a6a909 | |
| 23 | 27 | --- /dev/null |
| 24 | 28 | +++ b/db/README.update-db-schema.mysql |
| 25 | 29 | @@ -0,0 +1,8 @@ |
| 31 | 35 | +You might receive up to four errors about duplicate keys - this is expected if your database |
| 32 | 36 | +already has these keys (because you used the MySQL schema in the db sub-direcory instead of |
| 33 | 37 | +the obsolete schema in the reports sub-dirctory). |
| 38 | diff --git a/db/schema.mysql b/db/schema.mysql | |
| 39 | index 059c3de..926d141 100644 | |
| 34 | 40 | --- a/db/schema.mysql |
| 35 | 41 | +++ b/db/schema.mysql |
| 36 | 42 | @@ -5,6 +5,7 @@ |
| 41 | 47 | |
| 42 | 48 | -- A table for mapping domain names and their DMARC policies to IDs |
| 43 | 49 | CREATE TABLE IF NOT EXISTS domains ( |
| 44 | @@ -66,7 +67,7 @@ | |
| 50 | @@ -66,7 +67,7 @@ CREATE TABLE IF NOT EXISTS requests ( | |
| 45 | 51 | pct TINYINT NOT NULL DEFAULT '0', |
| 46 | 52 | locked TINYINT NOT NULL DEFAULT '0', |
| 47 | 53 | firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, |
| 50 | 56 | |
| 51 | 57 | PRIMARY KEY(id), |
| 52 | 58 | KEY(lastsent), |
| 59 | diff --git a/db/update-db-schema.mysql b/db/update-db-schema.mysql | |
| 60 | new file mode 100644 | |
| 61 | index 0000000..5c0a190 | |
| 53 | 62 | --- /dev/null |
| 54 | 63 | +++ b/db/update-db-schema.mysql |
| 55 | 64 | @@ -0,0 +1,12 @@ |
| 65 | 74 | +ALTER TABLE messages ADD KEY date (date); |
| 66 | 75 | +ALTER TABLE signatures ADD KEY message (message); |
| 67 | 76 | + |
| 77 | diff --git a/reports/opendmarc-expire.in b/reports/opendmarc-expire.in | |
| 78 | index 326a5a3..0115429 100755 | |
| 68 | 79 | --- a/reports/opendmarc-expire.in |
| 69 | 80 | +++ b/reports/opendmarc-expire.in |
| 70 | @@ -210,6 +210,17 @@ | |
| 81 | @@ -210,6 +210,17 @@ if ($verbose) | |
| 71 | 82 | print STDERR "$progname: connected to database\n"; |
| 72 | 83 | } |
| 73 | 84 | |
| 85 | 96 | # |
| 86 | 97 | # Expire messages |
| 87 | 98 | # |
| 88 | @@ -414,7 +425,7 @@ | |
| 99 | @@ -414,7 +425,7 @@ if ($verbose) | |
| 89 | 100 | print STDERR "$progname: expiring request data older than $maxage days\n"; |
| 90 | 101 | } |
| 91 | 102 | |
| 6 | 6 | reports/opendmarc-import.in | 6 +++--- |
| 7 | 7 | 1 file changed, 3 insertions(+), 3 deletions(-) |
| 8 | 8 | |
| 9 | diff --git a/reports/opendmarc-import.in b/reports/opendmarc-import.in | |
| 10 | index 3a2f404..0169c9e 100755 | |
| 9 | 11 | --- a/reports/opendmarc-import.in |
| 10 | 12 | +++ b/reports/opendmarc-import.in |
| 11 | @@ -649,7 +649,7 @@ | |
| 13 | @@ -649,7 +649,7 @@ while (<$inputfh>) | |
| 12 | 14 | } |
| 13 | 15 | |
| 14 | 16 | case "from" { |
| 17 | 19 | } |
| 18 | 20 | |
| 19 | 21 | case "job" { |
| 20 | @@ -691,7 +691,7 @@ | |
| 22 | @@ -691,7 +691,7 @@ while (<$inputfh>) | |
| 21 | 23 | } |
| 22 | 24 | |
| 23 | 25 | case "mfrom" { |
| 26 | 28 | } |
| 27 | 29 | |
| 28 | 30 | case "p" { |
| 29 | @@ -703,7 +703,7 @@ | |
| 31 | @@ -703,7 +703,7 @@ while (<$inputfh>) | |
| 30 | 32 | } |
| 31 | 33 | |
| 32 | 34 | case "pdomain" { |
| 6 | 6 | reports/opendmarc-reports.in | 8 +++++++- |
| 7 | 7 | 1 file changed, 7 insertions(+), 1 deletion(-) |
| 8 | 8 | |
| 9 | diff --git a/reports/opendmarc-reports.in b/reports/opendmarc-reports.in | |
| 10 | index 69a2194..143997e 100755 | |
| 9 | 11 | --- a/reports/opendmarc-reports.in |
| 10 | 12 | +++ b/reports/opendmarc-reports.in |
| 11 | @@ -65,6 +65,7 @@ | |
| 13 | @@ -65,6 +65,7 @@ my $domainset; | |
| 12 | 14 | my $forcedomain; |
| 13 | 15 | my @skipdomains; |
| 14 | 16 | |
| 16 | 18 | my $policy; |
| 17 | 19 | my $spolicy; |
| 18 | 20 | my $policystr; |
| 19 | @@ -447,7 +448,7 @@ | |
| 21 | @@ -447,7 +448,7 @@ foreach (@$domainset) | |
| 20 | 22 | next; |
| 21 | 23 | } |
| 22 | 24 | |
| 25 | 27 | if (!$dbi_s->execute($domainid)) |
| 26 | 28 | { |
| 27 | 29 | print STDERR "$progname: can't get reporting URI for domain $domain: " . $dbi_h->errstr . "\n"; |
| 28 | @@ -457,6 +458,7 @@ | |
| 30 | @@ -457,6 +458,7 @@ foreach (@$domainset) | |
| 29 | 31 | } |
| 30 | 32 | |
| 31 | 33 | undef $repuri; |
| 33 | 35 | |
| 34 | 36 | while ($dbi_a = $dbi_s->fetchrow_arrayref()) |
| 35 | 37 | { |
| 36 | @@ -488,6 +490,10 @@ | |
| 38 | @@ -488,6 +490,10 @@ foreach (@$domainset) | |
| 37 | 39 | { |
| 38 | 40 | $lastsent = $dbi_a->[6]; |
| 39 | 41 | } |
| 9 | 9 | opendmarc/opendmarc.conf.sample | 10 ++++++++++ |
| 10 | 10 | 4 files changed, 53 insertions(+), 1 deletion(-) |
| 11 | 11 | |
| 12 | diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h | |
| 13 | index 8398007..84cdcc5 100644 | |
| 12 | 14 | --- a/opendmarc/opendmarc-config.h |
| 13 | 15 | +++ b/opendmarc/opendmarc-config.h |
| 14 | @@ -40,6 +40,7 @@ | |
| 16 | @@ -40,6 +40,7 @@ struct configdef dmarcf_config[] = | |
| 15 | 17 | { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, |
| 16 | 18 | { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, |
| 17 | 19 | { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, |
| 19 | 21 | { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, |
| 20 | 22 | { "PidFile", CONFIG_TYPE_STRING, FALSE }, |
| 21 | 23 | { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, |
| 24 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
| 25 | index 687ef6d..5b09c3f 100644 | |
| 22 | 26 | --- a/opendmarc/opendmarc.c |
| 23 | 27 | +++ b/opendmarc/opendmarc.c |
| 24 | @@ -195,6 +195,7 @@ | |
| 28 | @@ -195,6 +195,7 @@ struct dmarcf_config | |
| 25 | 29 | char ** conf_ignoredomains; |
| 26 | 30 | struct list * conf_domainwhitelist; |
| 27 | 31 | unsigned int conf_domainwhitelisthashcount; |
| 29 | 33 | }; |
| 30 | 34 | |
| 31 | 35 | /* LIST -- basic linked list of strings */ |
| 32 | @@ -1381,6 +1382,11 @@ | |
| 36 | @@ -1381,6 +1382,11 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
| 33 | 37 | if (str != NULL) |
| 34 | 38 | dmarcf_mkarray(str, ",", &conf->conf_ignoredomains); |
| 35 | 39 | |
| 41 | 45 | (void) config_get(data, "AuthservIDWithJobID", |
| 42 | 46 | &conf->conf_authservidwithjobid, |
| 43 | 47 | sizeof conf->conf_authservidwithjobid); |
| 44 | @@ -2339,6 +2345,7 @@ | |
| 48 | @@ -2339,6 +2345,7 @@ sfsistat | |
| 45 | 49 | mlfi_eom(SMFICTX *ctx) |
| 46 | 50 | { |
| 47 | 51 | _Bool wspf = FALSE; |
| 49 | 53 | int c; |
| 50 | 54 | int pc; |
| 51 | 55 | int policy; |
| 52 | @@ -3800,7 +3807,34 @@ | |
| 56 | @@ -3803,7 +3810,34 @@ mlfi_eom(SMFICTX *ctx) | |
| 53 | 57 | ** Record activity in the history file. |
| 54 | 58 | */ |
| 55 | 59 | |
| 85 | 89 | (conf->conf_recordall || ostatus != DMARC_DNS_ERROR_NO_RECORD)) |
| 86 | 90 | { |
| 87 | 91 | FILE *f; |
| 92 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
| 93 | index ced6ddb..dcb518c 100644 | |
| 88 | 94 | --- a/opendmarc/opendmarc.conf.5.in |
| 89 | 95 | +++ b/opendmarc/opendmarc.conf.5.in |
| 90 | @@ -232,6 +232,13 @@ | |
| 96 | @@ -231,6 +231,13 @@ be ignored by the filter. The list should be comma-separated. Matching | |
| 97 | against this list is case-insensitive. The default is an empty list, meaning | |
| 91 | 98 | no mail is ignored. |
| 92 | 99 | |
| 93 | .TP | |
| 100 | +.TP | |
| 94 | 101 | +.I IgnoreMailTo (string) |
| 95 | 102 | +Gives a list of mail addresses which aren't entered into the history file. |
| 96 | 103 | +This is useful to prevent exchanging mutual message reports. The |
| 97 | 104 | +list should be comma-separated. Matching against this list is |
| 98 | 105 | +case-insensitive. The default is an empty list, meaning no mail is ignored. |
| 99 | 106 | + |
| 100 | +.TP | |
| 107 | .TP | |
| 101 | 108 | .I MilterDebug (integer) |
| 102 | 109 | Sets the debug level to be requested from the milter library. The |
| 103 | default is 0. | |
| 110 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
| 111 | index 2accc6f..4e1f1ab 100644 | |
| 104 | 112 | --- a/opendmarc/opendmarc.conf.sample |
| 105 | 113 | +++ b/opendmarc/opendmarc.conf.sample |
| 106 | 114 | @@ -268,6 +268,16 @@ |
| 0 | 0 | From: Scott Kitterman <scott@kitterman.com> |
| 1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
| 2 | 2 | Subject: ticket212 |
| 3 | ||
| 3 | 4 | Bug: https://sourceforge.net/p/opendmarc/tickets/212/ |
| 4 | ||
| 5 | 5 | --- |
| 6 | 6 | libopendmarc/opendmarc_tld.c | 7 +++++-- |
| 7 | 7 | 1 file changed, 5 insertions(+), 2 deletions(-) |
| 8 | 8 | |
| 9 | diff --git a/libopendmarc/opendmarc_tld.c b/libopendmarc/opendmarc_tld.c | |
| 10 | index 6dd889d..fa2de26 100644 | |
| 9 | 11 | --- a/libopendmarc/opendmarc_tld.c |
| 10 | 12 | +++ b/libopendmarc/opendmarc_tld.c |
| 11 | @@ -134,8 +134,11 @@ | |
| 13 | @@ -134,8 +134,11 @@ opendmarc_tld_read_file(char *path_fname, char *commentstring, char *drop, char | |
| 12 | 14 | return (errno == 0) ? ENOMEM : errno; |
| 13 | 15 | |
| 14 | 16 | fp = fopen(path_fname, "r"); |