New upstream release
* New upstream release
- Refresh patches
- Drop debian/patches/cve-2021-34555.patch, equivalent fix incorporated
upstream
Scott Kitterman
2 years ago
0 | opendmarc (1.4.2-1) unstable; urgency=medium | |
1 | ||
2 | * New upstream release | |
3 | - Refresh patches | |
4 | - Drop debian/patches/cve-2021-34555.patch, equivalent fix incorporated | |
5 | upstream | |
6 | ||
7 | -- Scott Kitterman <scott@kitterman.com> Tue, 18 Jan 2022 12:14:37 -0500 | |
8 | ||
0 | 9 | opendmarc (1.4.1.1-2) unstable; urgency=medium |
1 | 10 | |
2 | 11 | * Deprecate /lib/opendmarc/opendmarc.service.generate script: instead, edit |
0 | Description: Add ARC override for policy "quarantine" | |
0 | From: Scott Kitterman <scott@kitterman.com> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Add ARC override for policy "quarantine" | |
3 | ||
1 | 4 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6697440/opendmarc-arc-overwrite-for-quarantines-patch.txt |
2 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/24 |
6 | --- | |
7 | opendmarc/opendmarc.c | 29 +++++++++++++++++------------ | |
8 | 1 file changed, 17 insertions(+), 12 deletions(-) | |
3 | 9 | |
10 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
11 | index be3d496..9317817 100644 | |
4 | 12 | --- a/opendmarc/opendmarc.c |
5 | 13 | +++ b/opendmarc/opendmarc.c |
6 | @@ -3639,16 +3639,7 @@ | |
14 | @@ -3637,16 +3637,7 @@ mlfi_eom(SMFICTX *ctx) | |
7 | 15 | conf->conf_holdquarantinedmessages && |
8 | 16 | random() % 100 < pct) |
9 | 17 | { |
21 | 29 | |
22 | 30 | ret = SMFIS_ACCEPT; |
23 | 31 | result = DMARC_RESULT_QUARANTINE; |
24 | @@ -3685,7 +3676,7 @@ | |
32 | @@ -3683,7 +3674,7 @@ mlfi_eom(SMFICTX *ctx) | |
25 | 33 | ** arc.chain to assist with administrative debugging. |
26 | 34 | */ |
27 | 35 | |
30 | 38 | dfc->mctx_arcpass == ARES_RESULT_PASS && |
31 | 39 | dfc->mctx_arcpolicypass != DMARC_ARC_POLICY_RESULT_PASS && |
32 | 40 | conf->conf_dolog) |
33 | @@ -3695,7 +3686,7 @@ | |
41 | @@ -3693,7 +3684,7 @@ mlfi_eom(SMFICTX *ctx) | |
34 | 42 | dfc->mctx_jobid); |
35 | 43 | } |
36 | 44 | |
39 | 47 | dfc->mctx_arcpolicypass == DMARC_ARC_POLICY_RESULT_PASS) |
40 | 48 | { |
41 | 49 | ret = SMFIS_ACCEPT; |
42 | @@ -3707,6 +3698,20 @@ | |
43 | dfc->mctx_jobid); | |
50 | @@ -3706,6 +3697,20 @@ mlfi_eom(SMFICTX *ctx) | |
44 | 51 | } |
45 | 52 | } |
46 | + | |
53 | ||
47 | 54 | + if (result == DMARC_RESULT_QUARANTINE) |
48 | 55 | + { |
49 | 56 | + snprintf(replybuf, sizeof replybuf, |
57 | 64 | + dfc->mctx_jobid); |
58 | 65 | + } |
59 | 66 | + } |
60 | ||
67 | + | |
61 | 68 | /* |
62 | 69 | ** Append arc override to historyfile. The format |
70 | ** |
0 | Description: Fix segfaults, increase token max lengths in ARC-Seal headers | |
0 | From: Scott Kitterman <scott@kitterman.com> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Fix segfaults, increase token max lengths in ARC-Seal headers | |
3 | ||
1 | 4 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6717466/opendmarc-arcseal.patch.txt |
2 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/183 |
6 | --- | |
7 | opendmarc/opendmarc-arcseal.c | 7 ++++++- | |
8 | opendmarc/opendmarc-arcseal.h | 2 +- | |
9 | 2 files changed, 7 insertions(+), 2 deletions(-) | |
3 | 10 | |
11 | diff --git a/opendmarc/opendmarc-arcseal.c b/opendmarc/opendmarc-arcseal.c | |
12 | index 73eebb7..66fc62a 100644 | |
4 | 13 | --- a/opendmarc/opendmarc-arcseal.c |
5 | 14 | +++ b/opendmarc/opendmarc-arcseal.c |
6 | 15 | @@ -29,7 +29,7 @@ |
12 | 21 | |
13 | 22 | /* tables */ |
14 | 23 | struct opendmarc_arcseal_lookup |
15 | @@ -167,7 +167,12 @@ | |
24 | @@ -167,7 +167,12 @@ opendmarc_arcseal_parse(u_char *hdr, struct arcseal *as) | |
16 | 25 | if (*token_ptr == '\0') |
17 | 26 | return 0; |
18 | 27 | tag_label = strsep(&token_ptr, "="); |
25 | 34 | |
26 | 35 | tag_code = opendmarc_arcseal_convert(as_tags, tag_label); |
27 | 36 | |
37 | diff --git a/opendmarc/opendmarc-arcseal.h b/opendmarc/opendmarc-arcseal.h | |
38 | index 4eb0927..6e11a06 100644 | |
28 | 39 | --- a/opendmarc/opendmarc-arcseal.h |
29 | 40 | +++ b/opendmarc/opendmarc-arcseal.h |
30 | 41 | @@ -32,7 +32,7 @@ |
0 | Description: Make function check_domain static | |
1 | Author: David Bürgin <dbuergin@gluet.ch> | |
0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Make function check_domain static | |
3 | ||
2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/177 |
5 | --- | |
6 | libopendmarc/opendmarc_policy.c | 2 +- | |
7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
3 | 8 | |
9 | diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c | |
10 | index 32053db..c864906 100644 | |
4 | 11 | --- a/libopendmarc/opendmarc_policy.c |
5 | 12 | +++ b/libopendmarc/opendmarc_policy.c |
6 | 13 | @@ -35,7 +35,7 @@ |
0 | Description: Fix off-by-one error buffer overrun in opendmarc_util_cleanup | |
0 | From: Scott Kitterman <scott@kitterman.com> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Fix off-by-one error buffer overrun in opendmarc_util_cleanup | |
3 | ||
1 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/188 |
5 | --- | |
6 | libopendmarc/opendmarc_util.c | 2 +- | |
7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
2 | 8 | |
9 | diff --git a/libopendmarc/opendmarc_util.c b/libopendmarc/opendmarc_util.c | |
10 | index 4ab8ac0..86cc69b 100644 | |
3 | 11 | --- a/libopendmarc/opendmarc_util.c |
4 | 12 | +++ b/libopendmarc/opendmarc_util.c |
5 | @@ -160,7 +160,7 @@ | |
13 | @@ -160,7 +160,7 @@ opendmarc_util_cleanup(u_char *str, u_char *buf, size_t buflen) | |
6 | 14 | { |
7 | 15 | char *sp, *ep; |
8 | 16 |
0 | Description: opendmarc/opendmarc.c:dmarfc_config_free: don't assert conf->conf_refcnt == 0 | |
0 | From: Scott Kitterman <scott@kitterman.com> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: opendmarc/opendmarc.c:dmarfc_config_free: don't assert | |
3 | conf->conf_refcnt == 0 | |
4 | ||
1 | 5 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/18 |
6 | --- | |
7 | opendmarc/opendmarc.c | 1 - | |
8 | 1 file changed, 1 deletion(-) | |
2 | 9 | |
10 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
11 | index fbb6e40..fbf06b6 100644 | |
3 | 12 | --- a/opendmarc/opendmarc.c |
4 | 13 | +++ b/opendmarc/opendmarc.c |
5 | @@ -4227,7 +4227,6 @@ | |
14 | @@ -4225,7 +4225,6 @@ static void | |
6 | 15 | dmarcf_config_free(struct dmarcf_config *conf) |
7 | 16 | { |
8 | 17 | assert(conf != NULL); |
0 | Description: CVE-2021-34555: Fix multi-value From rejection logic | |
1 | Author: David Bürgin <dbuergin@gluet.ch> | |
2 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/178 | |
3 | ||
4 | --- a/opendmarc/opendmarc.c | |
5 | +++ b/opendmarc/opendmarc.c | |
6 | @@ -2513,17 +2513,22 @@ | |
7 | ||
8 | for (c = 1; users[c] != NULL; c++) | |
9 | { | |
10 | - if (strcasecmp(domains[0], domains[c]) != 0) | |
11 | + if (domains[0] != NULL | |
12 | + && domains[c] != NULL | |
13 | + && strcasecmp(domains[0], domains[c]) != 0) | |
14 | { | |
15 | - syslog(LOG_ERR, | |
16 | - "%s: multi-valued From field detected", | |
17 | - dfc->mctx_jobid); | |
18 | - } | |
19 | + if (conf->conf_dolog) | |
20 | + { | |
21 | + syslog(LOG_ERR, | |
22 | + "%s: multi-valued From field detected", | |
23 | + dfc->mctx_jobid); | |
24 | + } | |
25 | ||
26 | - if (conf->conf_reject_multi_from) | |
27 | - return SMFIS_REJECT; | |
28 | - else | |
29 | - return SMFIS_ACCEPT; | |
30 | + if (conf->conf_reject_multi_from) | |
31 | + return SMFIS_REJECT; | |
32 | + else | |
33 | + return SMFIS_ACCEPT; | |
34 | + } | |
35 | } | |
36 | ||
37 | user = users[0]; |
6 | 6 | contrib/rddmarc/dmarcfail.py | 2 +- |
7 | 7 | 1 file changed, 1 insertion(+), 1 deletion(-) |
8 | 8 | |
9 | diff --git a/contrib/rddmarc/dmarcfail.py b/contrib/rddmarc/dmarcfail.py | |
10 | index 96df270..f849d92 100644 | |
9 | 11 | --- a/contrib/rddmarc/dmarcfail.py |
10 | 12 | +++ b/contrib/rddmarc/dmarcfail.py |
11 | 13 | @@ -1,4 +1,4 @@ |
0 | Description: Fix memory leak when evaluating ARC chain by freeing temporary string "arcdomain" | |
0 | From: Scott Kitterman <scott@kitterman.com> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Fix memory leak when evaluating ARC chain by freeing temporary | |
3 | string "arcdomain" | |
4 | ||
1 | 5 | Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6682308/opendmarc-free-arcdomain-patch.txt |
2 | 6 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/182 |
7 | --- | |
8 | opendmarc/opendmarc.c | 3 +++ | |
9 | 1 file changed, 3 insertions(+) | |
3 | 10 | |
11 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
12 | index fbf06b6..be3d496 100644 | |
4 | 13 | --- a/opendmarc/opendmarc.c |
5 | 14 | +++ b/opendmarc/opendmarc.c |
6 | @@ -3011,6 +3011,9 @@ | |
15 | @@ -3009,6 +3009,9 @@ mlfi_eom(SMFICTX *ctx) | |
7 | 16 | eptr = hsearch(entry, |
8 | 17 | FIND); |
9 | 18 | pthread_rwlock_unlock(&hash_lock); |
0 | Description: Correct HoldQuarantinedMessages documentation | |
1 | Author: David Bürgin <dbuergin@gluet.ch> | |
0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Correct HoldQuarantinedMessages documentation | |
3 | ||
2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/165 |
5 | --- | |
6 | opendmarc/opendmarc.conf.5.in | 13 +------------ | |
7 | opendmarc/opendmarc.conf.sample | 16 +--------------- | |
8 | 2 files changed, 2 insertions(+), 27 deletions(-) | |
3 | 9 | |
10 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
11 | index dcb518c..0580b9d 100644 | |
12 | --- a/opendmarc/opendmarc.conf.5.in | |
13 | +++ b/opendmarc/opendmarc.conf.5.in | |
14 | @@ -196,18 +196,7 @@ aggregate reports can be extracted using | |
15 | If set, the milter will signal to the mta that messages with | |
16 | p=quarantine, which fail dmarc authentication, should be held in | |
17 | the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
18 | -If false, messsages will be accepted and passed along with the | |
19 | -regular mail flow, and the quarantine will be left up to downstream | |
20 | -MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
21 | -including the Authentication-Results header added by this filter. | |
22 | -The default is "false". | |
23 | - | |
24 | -.TP | |
25 | -.I HoldQuarantinedMessages (Boolean) | |
26 | -If set, the milter will signal to the mta that messages with | |
27 | -p=quarantine, which fail dmarc authentication, should be held in | |
28 | -the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
29 | -If false, messsages will be accepted and passed along with the | |
30 | +If false, messages will be accepted and passed along with the | |
31 | regular mail flow, and the quarantine will be left up to downstream | |
32 | MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
33 | including the Authentication-Results header added by this filter. | |
34 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
35 | index 4e1f1ab..c545ba6 100644 | |
4 | 36 | --- a/opendmarc/opendmarc.conf.sample |
5 | 37 | +++ b/opendmarc/opendmarc.conf.sample |
6 | 38 | @@ -219,7 +219,7 @@ |
33 | 65 | ## IgnoreHosts path |
34 | 66 | ## default (internal) |
35 | 67 | ## |
36 | --- a/opendmarc/opendmarc.conf.5.in | |
37 | +++ b/opendmarc/opendmarc.conf.5.in | |
38 | @@ -196,18 +196,7 @@ | |
39 | If set, the milter will signal to the mta that messages with | |
40 | p=quarantine, which fail dmarc authentication, should be held in | |
41 | the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
42 | -If false, messsages will be accepted and passed along with the | |
43 | -regular mail flow, and the quarantine will be left up to downstream | |
44 | -MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
45 | -including the Authentication-Results header added by this filter. | |
46 | -The default is "false". | |
47 | - | |
48 | -.TP | |
49 | -.I HoldQuarantinedMessages (Boolean) | |
50 | -If set, the milter will signal to the mta that messages with | |
51 | -p=quarantine, which fail dmarc authentication, should be held in | |
52 | -the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. | |
53 | -If false, messsages will be accepted and passed along with the | |
54 | +If false, messages will be accepted and passed along with the | |
55 | regular mail flow, and the quarantine will be left up to downstream | |
56 | MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, | |
57 | including the Authentication-Results header added by this filter. |
0 | Description: Insert trace headers at index 0 | |
1 | Author: David Bürgin <dbuergin@gluet.ch> | |
0 | From: =?utf-8?q?David_B=C3=BCrgin?= <dbuergin@gluet.ch> | |
1 | Date: Tue, 18 Jan 2022 11:57:01 -0500 | |
2 | Subject: Insert trace headers at index 0 | |
3 | ||
2 | 4 | Bug: https://github.com/trusteddomainproject/OpenDMARC/pull/171 |
5 | --- | |
6 | opendmarc/opendmarc.c | 8 ++++---- | |
7 | 1 file changed, 4 insertions(+), 4 deletions(-) | |
3 | 8 | |
9 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
10 | index 5b09c3f..fbb6e40 100644 | |
4 | 11 | --- a/opendmarc/opendmarc.c |
5 | 12 | +++ b/opendmarc/opendmarc.c |
6 | @@ -3179,7 +3179,7 @@ | |
13 | @@ -3177,7 +3177,7 @@ mlfi_eom(SMFICTX *ctx) | |
7 | 14 | authservid, pass_fail, use_domain); |
8 | 15 | } |
9 | 16 | |
12 | 19 | header) == MI_FAILURE) |
13 | 20 | { |
14 | 21 | if (conf->conf_dolog) |
15 | @@ -3244,7 +3244,7 @@ | |
22 | @@ -3242,7 +3242,7 @@ mlfi_eom(SMFICTX *ctx) | |
16 | 23 | "%s; dmarc=permerror header.from=%s", |
17 | 24 | authservid, dfc->mctx_fromdomain); |
18 | 25 | |
21 | 28 | header) == MI_FAILURE) |
22 | 29 | { |
23 | 30 | if (conf->conf_dolog) |
24 | @@ -3793,7 +3793,7 @@ | |
31 | @@ -3791,7 +3791,7 @@ mlfi_eom(SMFICTX *ctx) | |
25 | 32 | conf->conf_authservidwithjobid ? dfc->mctx_jobid : "", |
26 | 33 | aresult, apolicy, adisposition, dfc->mctx_fromdomain); |
27 | 34 | |
30 | 37 | header) == MI_FAILURE) |
31 | 38 | { |
32 | 39 | if (conf->conf_dolog) |
33 | @@ -3912,7 +3912,7 @@ | |
40 | @@ -3910,7 +3910,7 @@ mlfi_eom(SMFICTX *ctx) | |
34 | 41 | dfc->mctx_jobid != NULL ? dfc->mctx_jobid |
35 | 42 | : JOBIDUNKNOWN); |
36 | 43 |
5 | 5 | ticket207.patch |
6 | 6 | ticket208.patch |
7 | 7 | ticket212.patch |
8 | cve-2021-34555.patch | |
9 | 8 | hold-quarantined-messages-doc.patch |
10 | 9 | insheader.patch |
11 | 10 | check_domain.patch |
0 | 0 | From: Scott Kitterman <scott@kitterman.com> |
1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
2 | 2 | Subject: ticket159 |
3 | ||
3 | 4 | Bug: https://sourceforge.net/p/opendmarc/tickets/159/ |
4 | ||
5 | 5 | --- |
6 | 6 | configure.ac | 1 + |
7 | 7 | reports/opendmarc-importstats | 26 -------------------------- |
8 | 8 | reports/opendmarc-importstats.in | 27 +++++++++++++++++++++++++++ |
9 | 9 | 3 files changed, 28 insertions(+), 26 deletions(-) |
10 | 10 | delete mode 100755 reports/opendmarc-importstats |
11 | create mode 100755 reports/opendmarc-importstats.in | |
11 | create mode 100644 reports/opendmarc-importstats.in | |
12 | 12 | |
13 | diff --git a/configure.ac b/configure.ac | |
14 | index 692dbe4..cf4ff90 100644 | |
13 | 15 | --- a/configure.ac |
14 | 16 | +++ b/configure.ac |
15 | @@ -538,6 +538,7 @@ | |
17 | @@ -538,6 +538,7 @@ AC_CONFIG_FILES([ Makefile | |
16 | 18 | reports/opendmarc-expire.8 |
17 | 19 | reports/opendmarc-import |
18 | 20 | reports/opendmarc-import.8 |
20 | 22 | reports/opendmarc-importstats.8 |
21 | 23 | reports/opendmarc-params |
22 | 24 | reports/opendmarc-params.8 |
25 | diff --git a/reports/opendmarc-importstats b/reports/opendmarc-importstats | |
26 | deleted file mode 100755 | |
27 | index 839a871..0000000 | |
23 | 28 | --- a/reports/opendmarc-importstats |
24 | 29 | +++ /dev/null |
25 | 30 | @@ -1,26 +0,0 @@ |
49 | 54 | - ls -l ${statsdb}.OLD.$$ |
50 | 55 | - fi |
51 | 56 | -fi |
57 | diff --git a/reports/opendmarc-importstats.in b/reports/opendmarc-importstats.in | |
58 | new file mode 100644 | |
59 | index 0000000..3a28ee3 | |
52 | 60 | --- /dev/null |
53 | 61 | +++ b/reports/opendmarc-importstats.in |
54 | 62 | @@ -0,0 +1,27 @@ |
1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
2 | 2 | Subject: allow one to configure the SMTP Reject reason. This patch adds the |
3 | 3 | RejectString option. |
4 | ||
4 | 5 | Bug: https://sourceforge.net/p/opendmarc/tickets/168/ |
5 | Author: M. Favero | |
6 | ||
7 | 6 | --- |
8 | 7 | opendmarc/opendmarc-config.h | 1 + |
9 | 8 | opendmarc/opendmarc.c | 34 +++++++++++++++++++++++++++++++++- |
12 | 11 | opendmarc/opendmarc.h | 1 + |
13 | 12 | 5 files changed, 50 insertions(+), 1 deletion(-) |
14 | 13 | |
14 | diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h | |
15 | index 1b781df..8398007 100644 | |
15 | 16 | --- a/opendmarc/opendmarc-config.h |
16 | 17 | +++ b/opendmarc/opendmarc-config.h |
17 | @@ -47,6 +47,7 @@ | |
18 | @@ -47,6 +47,7 @@ struct configdef dmarcf_config[] = | |
18 | 19 | { "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE }, |
19 | 20 | { "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE }, |
20 | 21 | { "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE }, |
22 | 23 | { "ReportCommand", CONFIG_TYPE_STRING, FALSE }, |
23 | 24 | { "Socket", CONFIG_TYPE_STRING, FALSE }, |
24 | 25 | { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE }, |
26 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
27 | index aee0d48..687ef6d 100644 | |
25 | 28 | --- a/opendmarc/opendmarc.c |
26 | 29 | +++ b/opendmarc/opendmarc.c |
27 | @@ -190,6 +190,7 @@ | |
30 | @@ -190,6 +190,7 @@ struct dmarcf_config | |
28 | 31 | char * conf_historyfile; |
29 | 32 | char * conf_pslist; |
30 | 33 | char * conf_ignorelist; |
32 | 35 | char ** conf_trustedauthservids; |
33 | 36 | char ** conf_ignoredomains; |
34 | 37 | struct list * conf_domainwhitelist; |
35 | @@ -1419,6 +1420,10 @@ | |
38 | @@ -1419,6 +1420,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
36 | 39 | &conf->conf_rejectfail, |
37 | 40 | sizeof conf->conf_rejectfail); |
38 | 41 | |
43 | 46 | (void) config_get(data, "RequiredHeaders", |
44 | 47 | &conf->conf_reqhdrs, |
45 | 48 | sizeof conf->conf_reqhdrs); |
46 | @@ -1627,6 +1632,33 @@ | |
49 | @@ -1627,6 +1632,33 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
47 | 50 | |
48 | 51 | pthread_rwlock_unlock(&hash_lock); |
49 | 52 | |
77 | 80 | return 0; |
78 | 81 | } |
79 | 82 | |
80 | @@ -3558,7 +3590,7 @@ | |
83 | @@ -3561,7 +3593,7 @@ mlfi_eom(SMFICTX *ctx) | |
81 | 84 | random() % 100 < pct) |
82 | 85 | { |
83 | 86 | snprintf(replybuf, sizeof replybuf, |
86 | 89 | |
87 | 90 | status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, |
88 | 91 | DMARC_REJECT_ESC, replybuf); |
92 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
93 | index f7cea9a..ced6ddb 100644 | |
89 | 94 | --- a/opendmarc/opendmarc.conf.5.in |
90 | 95 | +++ b/opendmarc/opendmarc.conf.5.in |
91 | @@ -273,6 +273,13 @@ | |
96 | @@ -272,6 +272,13 @@ If set, messages with multiple addresses in the From: field of the message | |
97 | will be rejected unless all domain names in that field are the same. They | |
92 | 98 | will otherwise be ignored by the filter (the default). |
93 | 99 | |
94 | .TP | |
100 | +.TP | |
95 | 101 | +.I RejectString (string) |
96 | 102 | +This string describes the reason of reject at SMTP level. |
97 | 103 | +The message MUST contain the word "%s" once, which will be replaced by |
98 | 104 | +the RFC5322.From domain. |
99 | 105 | +The default is "rejected by DMARC policy for %s" |
100 | 106 | + |
101 | +.TP | |
107 | .TP | |
102 | 108 | .I ReportCommand (string) |
103 | 109 | Indicates the shell command to which failure reports should be passed for |
104 | delivery when | |
110 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
111 | index 69c9afb..2accc6f 100644 | |
105 | 112 | --- a/opendmarc/opendmarc.conf.sample |
106 | 113 | +++ b/opendmarc/opendmarc.conf.sample |
107 | 114 | @@ -325,6 +325,14 @@ |
119 | 126 | ## ReportCommand string |
120 | 127 | ## default "/usr/sbin/sendmail -t" |
121 | 128 | ## |
129 | diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h | |
130 | index e36f93a..a3b053e 100644 | |
122 | 131 | --- a/opendmarc/opendmarc.h |
123 | 132 | +++ b/opendmarc/opendmarc.h |
124 | 133 | @@ -34,6 +34,7 @@ |
4 | 4 | =================================================================== |
5 | 5 | --- |
6 | 6 | db/Makefile.am | 2 +- |
7 | db/README.update-db-schema.mysql | 8 ++++++ | |
7 | db/README.update-db-schema.mysql | 8 ++++++++ | |
8 | 8 | db/schema.mysql | 3 ++- |
9 | db/update-db-schema.mysql | 12 +++++++++ | |
10 | reports/opendmarc-expire.in | 13 +++++++++- | |
11 | reports/opendmarc-import.in | 53 +++++++++++++++++++++++----------------- | |
12 | 6 files changed, 65 insertions(+), 26 deletions(-) | |
9 | db/update-db-schema.mysql | 12 ++++++++++++ | |
10 | reports/opendmarc-expire.in | 13 ++++++++++++- | |
11 | 5 files changed, 35 insertions(+), 3 deletions(-) | |
13 | 12 | create mode 100644 db/README.update-db-schema.mysql |
14 | 13 | create mode 100644 db/update-db-schema.mysql |
15 | 14 | |
15 | diff --git a/db/Makefile.am b/db/Makefile.am | |
16 | index 43b8614..83bc1d1 100644 | |
16 | 17 | --- a/db/Makefile.am |
17 | 18 | +++ b/db/Makefile.am |
18 | 19 | @@ -1,3 +1,3 @@ |
20 | 21 | |
21 | 22 | -dist_doc_DATA = README.schema schema.mysql |
22 | 23 | +dist_doc_DATA = README.schema schema.mysql README.update-db-schema.mysql update-db-schema.mysql |
24 | diff --git a/db/README.update-db-schema.mysql b/db/README.update-db-schema.mysql | |
25 | new file mode 100644 | |
26 | index 0000000..8a6a909 | |
23 | 27 | --- /dev/null |
24 | 28 | +++ b/db/README.update-db-schema.mysql |
25 | 29 | @@ -0,0 +1,8 @@ |
31 | 35 | +You might receive up to four errors about duplicate keys - this is expected if your database |
32 | 36 | +already has these keys (because you used the MySQL schema in the db sub-direcory instead of |
33 | 37 | +the obsolete schema in the reports sub-dirctory). |
38 | diff --git a/db/schema.mysql b/db/schema.mysql | |
39 | index 059c3de..926d141 100644 | |
34 | 40 | --- a/db/schema.mysql |
35 | 41 | +++ b/db/schema.mysql |
36 | 42 | @@ -5,6 +5,7 @@ |
41 | 47 | |
42 | 48 | -- A table for mapping domain names and their DMARC policies to IDs |
43 | 49 | CREATE TABLE IF NOT EXISTS domains ( |
44 | @@ -66,7 +67,7 @@ | |
50 | @@ -66,7 +67,7 @@ CREATE TABLE IF NOT EXISTS requests ( | |
45 | 51 | pct TINYINT NOT NULL DEFAULT '0', |
46 | 52 | locked TINYINT NOT NULL DEFAULT '0', |
47 | 53 | firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, |
50 | 56 | |
51 | 57 | PRIMARY KEY(id), |
52 | 58 | KEY(lastsent), |
59 | diff --git a/db/update-db-schema.mysql b/db/update-db-schema.mysql | |
60 | new file mode 100644 | |
61 | index 0000000..5c0a190 | |
53 | 62 | --- /dev/null |
54 | 63 | +++ b/db/update-db-schema.mysql |
55 | 64 | @@ -0,0 +1,12 @@ |
65 | 74 | +ALTER TABLE messages ADD KEY date (date); |
66 | 75 | +ALTER TABLE signatures ADD KEY message (message); |
67 | 76 | + |
77 | diff --git a/reports/opendmarc-expire.in b/reports/opendmarc-expire.in | |
78 | index 326a5a3..0115429 100755 | |
68 | 79 | --- a/reports/opendmarc-expire.in |
69 | 80 | +++ b/reports/opendmarc-expire.in |
70 | @@ -210,6 +210,17 @@ | |
81 | @@ -210,6 +210,17 @@ if ($verbose) | |
71 | 82 | print STDERR "$progname: connected to database\n"; |
72 | 83 | } |
73 | 84 | |
85 | 96 | # |
86 | 97 | # Expire messages |
87 | 98 | # |
88 | @@ -414,7 +425,7 @@ | |
99 | @@ -414,7 +425,7 @@ if ($verbose) | |
89 | 100 | print STDERR "$progname: expiring request data older than $maxage days\n"; |
90 | 101 | } |
91 | 102 |
6 | 6 | reports/opendmarc-import.in | 6 +++--- |
7 | 7 | 1 file changed, 3 insertions(+), 3 deletions(-) |
8 | 8 | |
9 | diff --git a/reports/opendmarc-import.in b/reports/opendmarc-import.in | |
10 | index 3a2f404..0169c9e 100755 | |
9 | 11 | --- a/reports/opendmarc-import.in |
10 | 12 | +++ b/reports/opendmarc-import.in |
11 | @@ -649,7 +649,7 @@ | |
13 | @@ -649,7 +649,7 @@ while (<$inputfh>) | |
12 | 14 | } |
13 | 15 | |
14 | 16 | case "from" { |
17 | 19 | } |
18 | 20 | |
19 | 21 | case "job" { |
20 | @@ -691,7 +691,7 @@ | |
22 | @@ -691,7 +691,7 @@ while (<$inputfh>) | |
21 | 23 | } |
22 | 24 | |
23 | 25 | case "mfrom" { |
26 | 28 | } |
27 | 29 | |
28 | 30 | case "p" { |
29 | @@ -703,7 +703,7 @@ | |
31 | @@ -703,7 +703,7 @@ while (<$inputfh>) | |
30 | 32 | } |
31 | 33 | |
32 | 34 | case "pdomain" { |
6 | 6 | reports/opendmarc-reports.in | 8 +++++++- |
7 | 7 | 1 file changed, 7 insertions(+), 1 deletion(-) |
8 | 8 | |
9 | diff --git a/reports/opendmarc-reports.in b/reports/opendmarc-reports.in | |
10 | index 69a2194..143997e 100755 | |
9 | 11 | --- a/reports/opendmarc-reports.in |
10 | 12 | +++ b/reports/opendmarc-reports.in |
11 | @@ -65,6 +65,7 @@ | |
13 | @@ -65,6 +65,7 @@ my $domainset; | |
12 | 14 | my $forcedomain; |
13 | 15 | my @skipdomains; |
14 | 16 | |
16 | 18 | my $policy; |
17 | 19 | my $spolicy; |
18 | 20 | my $policystr; |
19 | @@ -447,7 +448,7 @@ | |
21 | @@ -447,7 +448,7 @@ foreach (@$domainset) | |
20 | 22 | next; |
21 | 23 | } |
22 | 24 | |
25 | 27 | if (!$dbi_s->execute($domainid)) |
26 | 28 | { |
27 | 29 | print STDERR "$progname: can't get reporting URI for domain $domain: " . $dbi_h->errstr . "\n"; |
28 | @@ -457,6 +458,7 @@ | |
30 | @@ -457,6 +458,7 @@ foreach (@$domainset) | |
29 | 31 | } |
30 | 32 | |
31 | 33 | undef $repuri; |
33 | 35 | |
34 | 36 | while ($dbi_a = $dbi_s->fetchrow_arrayref()) |
35 | 37 | { |
36 | @@ -488,6 +490,10 @@ | |
38 | @@ -488,6 +490,10 @@ foreach (@$domainset) | |
37 | 39 | { |
38 | 40 | $lastsent = $dbi_a->[6]; |
39 | 41 | } |
9 | 9 | opendmarc/opendmarc.conf.sample | 10 ++++++++++ |
10 | 10 | 4 files changed, 53 insertions(+), 1 deletion(-) |
11 | 11 | |
12 | diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h | |
13 | index 8398007..84cdcc5 100644 | |
12 | 14 | --- a/opendmarc/opendmarc-config.h |
13 | 15 | +++ b/opendmarc/opendmarc-config.h |
14 | @@ -40,6 +40,7 @@ | |
16 | @@ -40,6 +40,7 @@ struct configdef dmarcf_config[] = | |
15 | 17 | { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, |
16 | 18 | { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, |
17 | 19 | { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, |
19 | 21 | { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, |
20 | 22 | { "PidFile", CONFIG_TYPE_STRING, FALSE }, |
21 | 23 | { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, |
24 | diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c | |
25 | index 687ef6d..5b09c3f 100644 | |
22 | 26 | --- a/opendmarc/opendmarc.c |
23 | 27 | +++ b/opendmarc/opendmarc.c |
24 | @@ -195,6 +195,7 @@ | |
28 | @@ -195,6 +195,7 @@ struct dmarcf_config | |
25 | 29 | char ** conf_ignoredomains; |
26 | 30 | struct list * conf_domainwhitelist; |
27 | 31 | unsigned int conf_domainwhitelisthashcount; |
29 | 33 | }; |
30 | 34 | |
31 | 35 | /* LIST -- basic linked list of strings */ |
32 | @@ -1381,6 +1382,11 @@ | |
36 | @@ -1381,6 +1382,11 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, | |
33 | 37 | if (str != NULL) |
34 | 38 | dmarcf_mkarray(str, ",", &conf->conf_ignoredomains); |
35 | 39 | |
41 | 45 | (void) config_get(data, "AuthservIDWithJobID", |
42 | 46 | &conf->conf_authservidwithjobid, |
43 | 47 | sizeof conf->conf_authservidwithjobid); |
44 | @@ -2339,6 +2345,7 @@ | |
48 | @@ -2339,6 +2345,7 @@ sfsistat | |
45 | 49 | mlfi_eom(SMFICTX *ctx) |
46 | 50 | { |
47 | 51 | _Bool wspf = FALSE; |
49 | 53 | int c; |
50 | 54 | int pc; |
51 | 55 | int policy; |
52 | @@ -3800,7 +3807,34 @@ | |
56 | @@ -3803,7 +3810,34 @@ mlfi_eom(SMFICTX *ctx) | |
53 | 57 | ** Record activity in the history file. |
54 | 58 | */ |
55 | 59 | |
85 | 89 | (conf->conf_recordall || ostatus != DMARC_DNS_ERROR_NO_RECORD)) |
86 | 90 | { |
87 | 91 | FILE *f; |
92 | diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in | |
93 | index ced6ddb..dcb518c 100644 | |
88 | 94 | --- a/opendmarc/opendmarc.conf.5.in |
89 | 95 | +++ b/opendmarc/opendmarc.conf.5.in |
90 | @@ -232,6 +232,13 @@ | |
96 | @@ -231,6 +231,13 @@ be ignored by the filter. The list should be comma-separated. Matching | |
97 | against this list is case-insensitive. The default is an empty list, meaning | |
91 | 98 | no mail is ignored. |
92 | 99 | |
93 | .TP | |
100 | +.TP | |
94 | 101 | +.I IgnoreMailTo (string) |
95 | 102 | +Gives a list of mail addresses which aren't entered into the history file. |
96 | 103 | +This is useful to prevent exchanging mutual message reports. The |
97 | 104 | +list should be comma-separated. Matching against this list is |
98 | 105 | +case-insensitive. The default is an empty list, meaning no mail is ignored. |
99 | 106 | + |
100 | +.TP | |
107 | .TP | |
101 | 108 | .I MilterDebug (integer) |
102 | 109 | Sets the debug level to be requested from the milter library. The |
103 | default is 0. | |
110 | diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample | |
111 | index 2accc6f..4e1f1ab 100644 | |
104 | 112 | --- a/opendmarc/opendmarc.conf.sample |
105 | 113 | +++ b/opendmarc/opendmarc.conf.sample |
106 | 114 | @@ -268,6 +268,16 @@ |
0 | 0 | From: Scott Kitterman <scott@kitterman.com> |
1 | 1 | Date: Mon, 23 Dec 2019 11:12:36 -0500 |
2 | 2 | Subject: ticket212 |
3 | ||
3 | 4 | Bug: https://sourceforge.net/p/opendmarc/tickets/212/ |
4 | ||
5 | 5 | --- |
6 | 6 | libopendmarc/opendmarc_tld.c | 7 +++++-- |
7 | 7 | 1 file changed, 5 insertions(+), 2 deletions(-) |
8 | 8 | |
9 | diff --git a/libopendmarc/opendmarc_tld.c b/libopendmarc/opendmarc_tld.c | |
10 | index 6dd889d..fa2de26 100644 | |
9 | 11 | --- a/libopendmarc/opendmarc_tld.c |
10 | 12 | +++ b/libopendmarc/opendmarc_tld.c |
11 | @@ -134,8 +134,11 @@ | |
13 | @@ -134,8 +134,11 @@ opendmarc_tld_read_file(char *path_fname, char *commentstring, char *drop, char | |
12 | 14 | return (errno == 0) ? ENOMEM : errno; |
13 | 15 | |
14 | 16 | fp = fopen(path_fname, "r"); |