Patch collection for OpenDMARC 1.3.2
Introduction
I created this page to support others in running an up-to-date OpenDMARC installation and to support the author to release a new version.
The former version of this page can be found here.
I created a Ubuntu PPA with the these patches applied: https://launchpad.net/~haberland/+archive/ubuntu/opendmarc
Download OpenDMARC 1.3.2
Get the current release from http://downloads.sourceforge.net/project/opendmarc/opendmarc-1.3.2.tar.gz and untar it in a directory of your choice with tar -xzf opendmarc-1.3.2.tar.gz
Get the patch collection
Download the patch collection from http://batleth.sapienti-sat.org/projects/opendmarc/patches-2018040601.tar.gz. Then untar it with tar -xzf patches-2018040601.tar.gz
in the same directory as above.
Apply the patches
Change into the directory of the OpenDMARC source an apply all patches in the order of the ticket numbers. The thre patches without ticket numbers must be applied last:
cd opendmarc-1.3.2
for patch in ../patches-2018040601/*; do echo $patch; patch -sp1 < $patch; done
Run configure
Here is how I configure the OpenDMARC source to use libspf2 - it's actually taken from the Debian package build by Scott Kitterman:
./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc LDFLAGS="-lresolv -Wl,-z,defs -L/usr/lib/libmilter" --enable-live-tests --enable-filter-tests --with-spf --with-spf2-include=/usr/include/spf2 --with-spf2-lib=/usr/lib --with-sql-backend
The patches:
-
Ticket 137 - Chokes on OpenDKIM Authentication-Results headers
reported by Joseph Coffland, written by Murray S. Kucherawy
status: needed - bug fix commited to upstrem development branch
OpenDMARC fails to parse Auth-Res headers from OpenDKIM under certain circumstances.
-
Ticket 138 - pass failed messages from p=quarantine domains
written by Marcos Moraes, documentation by Juri Haberland
status: recommended - enhancement, needs patch for ticket 180 to be applied first!
Messages from domains announcing p=quarantaine (that fail DMARC) stay in the MTA queue until administrative intervention. This patch with a sensible default let such messages pass for later processing. Major benefit: clean MTA queue.
-
Ticket 146 - Use an input file alternatively
written by Jonny007-MKD
status: recommended - enhancement commited to upstrem development branch
Adds a '--input' parameter to opendmarc-import.
-
Ticket 153 - duplicate dkim auth_result sections
reported by Tomky, patch written by Andreas Schulze
status: needed - bug fix commited to upstrem development branch
Don't report identical DKIM results multiple times.
-
Ticket 159 - opendmarc-importstats ignores value of HistoryFile
written by Juri Haberland
status: needed - bug fix
The opendmarc-importstats script looks for the history file in a hard-coded place. This patch gets the location from the opendmarc.conf file.
-
Ticket 180 - Override MLM patch
written by Juri Haberland
status: recommended - enhancement
This patch adds a new config option to OpenDMARC to specify a file with hostnames, IP address and networks, which will be whitelisted as mailing list manager, if a mail from such a host fails the DMARC test. The resulting DMARC report will report a local override of type "Mailing List".
-
Ticket 182 - log ignored authenticated clients
written by Juri Haberland
status: optional - enhancement
This patch introduces logging of ignored authenticated clients.
-
Ticket 183 - add timezone to date reported in DMARC reports
written by Juri Haberland
status: optional - enhancement
This patch adds the timezone to the date shown in DMARC reports and reformats the output to look like RFC 2822 format.
-
Ticket 184 - report the hostname in failure reports
written by Juri Haberland
status: optional - enhancement
This patch is similar to ticket #139 (add rDNS info to failure reports), but this one adds the hostname (rDNS) to the failure message, which is what people see first after opening a failure report.
-
Ticket 193 - SQL strict mode compatibility
reported by Michiel Hazelhof, written by Juri Haberland
status: needed - bug fix
Since MySQL version 5.7 the strict mode is enabled by default. That makes opendmarc-import fail to import the history data for reporting as well as opendmarc-expire failes. This patch fixes it.
-
Ticket 203 - Duplicate E-Mail due to strange dmarc entry
reported by Dirk Stoecker, written by Murray S. Kucherawy
status: recommended - behaviour change, commited to upstream development branch
Opendmarc-reports would send multiple reports to the same destination address if it is given multiple times in a rua tag. This patch marks such a dmarc record as invalid.
-
Ticket 204 - Domain database case depends on first entry
written by Dirk Stoecker
status: recommended - bug fix
The first time a domain is received sets the case of the domain name. This patch fixes the import tool, so that domains are always entered in lower case.
-
Ticket 205 - Allow to block outgoing email
written by Dirk Stoecker
status: recommended - enhancement
Add new commandline argument '--skipdomains <filename>' to opendmarc-reports, to skip reporting for all domains noted in a file.
-
Ticket 207 - Published Policy Domain in aggregate reports is incorrect.
written by Eneas Ulir de Queiroz
status: needed - bug fix
Opendmarc-report uses the wrong domain in <policy_published>. This patch fixes it.
-
Ticket 208 - Endless loop of rua-mails
written by Dirk Stoecker
status: optional - enhancement
This patch adds a new option to OpenDMARC to ignore mail to a given email address. This can be used to prevent report loops.
-
Ticket 212 - opendmarc_tld_read_file() Memory Leak
reported by Frank J. Lhota, written by Juri Haberland
status: needed - bug fix
This patch fixes a memory leak in opendmarc_tld_read_file().
-
Ticket 227 - Consistent opendmarc_policy.c Segfault When Processing DMARC Data...
reported by V. Alex Brennen, written by Juri Haberland
status: needed - bug fix
This patch fixes a segfault in opendmarc_policy_parse_dmarc() that could occur under certain circumstances.
-
changeSubjectFailureReport_v2.patch
written by Juri Haberland
status: optional - enhancement
This is an optional patch that changes the Subject: line of a failure report.
-
content-description.patch
written by Juri Haberland
status: optional - enhancement
Adds a 'Content-Description' MIME header to the failure reports, to make some buggy Webmail-Software happy.
-
reportDestVerificationV2.patch
written by Juri Haberland
status: recommended - enhancement
This patch is not yet linked to an OpenDMARC ticket, as I want to receive some feedback from others. It adds external report destination verification and report address replacement. It also reorganizes the way the reports are sent. In addition it sends an error report if all report addresses are unusable due to size limitations.
-
moreHeadersFailureReportVsBeta1.patch
written by Juri Haberland
status: optional - enhancement
This patch is not yet linked to an OpenDMARC ticket. It adds some mandatory headers to the failure report.
-
use_envdomain_SPF_logging.patch
written by Juri Haberland
status: recommended - bug fix
This patch is not yet linked to an OpenDMARC ticket and its name is somewhat mis-leading: It exchanges the use of the envelope From against the use of the envelope domain, which is recommended to be use in the Authentication-Results header by RFC 5451, section 2.4.2. As a side effect it also changes what is logged via syslog.