Patch collection for OpenDMARC 1.3.2-beta0

Introduction

Download OpenDMARC 1.3.2-beta0

tar -xzf opendmarc-1.3.2.Beta0.tar.gz

Get the patch collection

tar -xzf patches-2016110801.tar.gz

Apply the patches

cd opendmarc-1.3.2
for patch in ../patches-2016110801/*; do echo $patch; patch -sp1 < $patch; done

Run configure

./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc LDFLAGS="-lresolv -Wl,-z,defs -L/usr/lib/libmilter" --enable-live-tests --enable-filter-tests --with-spf --with-spf2-include=/usr/include/spf2 --with-spf2-lib=/usr/lib --with-sql-backend

The patches:

• Ticket 95 - SPF validation fail for ipv6
  written by Andreas Schulze
  status: needed - bug fix
  Adds IPv6 support to internal SPF processing.

• Ticket 138 - pass failed messages from p=quarantine domains
  written by Marcos Moraes, documentation by Juri Haberland
  status: recommended - enhancement, needs patch for ticket 180 to be applied first!
  Messages from domains announcing p=quarantaine (that fail DMARC) stay in the MTA queue until administrative intervention. This patch with a sensible default let such messages pass for later processing. Major benefit: clean MTA queue.

• Ticket 153 - duplicate dkim auth_result sections
  reported by Tomky, patch written by Andreas Schulze
  status: needed - bug fix
  Don't report identical DKIM results multiple times.

• Ticket 159 - opendmarc-importstats ignores value of HistoryFile
  written by Juri Haberland
  status: needed - bug fix
  The opendmarc-importstats script looks for the history file in a hard-coded place. This patch gets the location from the opendmarc.conf file.

• Ticket 165 - SPF Internal check fails on helo
  written by M. Favero, adapted by Juri Haberland
  status: needed - bug fix
  The patch is partly included in 1.3.2-beta0, but one small bit was forgotten while applying it manually.

• Ticket 166 - wrong report start and end times in DMARC reports
  written by Juri Haberland
  status: needed - bug fix
  The DMARC reports sent by opendmarc-reports report a wrong date range in the report itself as well as in the report name. This patch fixes that problem.

• Ticket 171 - inconsistent variable names: OPENDMARC_TEST_*
  found by Andreas Schulze, patch by Juri Haberland
  status: optional - documentation fix
  This patch fixes the wrong documentation of the OPENDMARC_TEST_HELO{NAME,HOST} env var.

• Ticket 174 - Size limit is not stripped from ruf address
  written by Juri Haberland
  status: needed - bug fix
  Size limits are not removed from 'ruf' addresses. This patch fixes this.

• Ticket 180 - Override MLM patch
  written by Juri Haberland
  status: recommended - enhancement
  This patch adds a new config option to OpenDMARC to specify a file with hostnames, IP address and networks, which will be whitelisted as mailing list manager, if a mail from such a host fails the DMARC test. The resulting DMARC report will report a local override of type "Mailing List".

• Ticket 181 - fix for help output of opendmarc-reports
  written by Juri Haberland
  status: needed - bug fix
  This patch fixes a minor documentation error in the help output of opendmarc-reports script.

• Ticket 182 - log ignored authenticated clients
  written by Juri Haberland
  status: optional - enhancement
  This patch introduces logging of ignored authenticated clients.

• Ticket 183 - add timezone to date reported in DMARC reports
  written by Juri Haberland
  status: optional - enhancement
  This patch adds the timezone to the date shown in DMARC reports and reformats the output to look like RFC 2822 format.

• Ticket 184 - report the hostname in failure reports
  written by Juri Haberland
  status: optional - enhancement
  This patch is similar to ticket #139 (add rDNS info to failure reports), but this one adds the hostname (rDNS) to the failure message, which is what people see first after opening a failure report.

• Ticket 185 - Segfaults every connection attempts
  reported by Matt Domsch, written by Juri Haberland
  status: needed - bug fix
  This patch fixes a segmentation fault on every connection attempt.

• Ticket 186 - Bug in dmarcf_config_reload function
  written by Federico Omoto
  status: needed - bug fix
  The function to reload the configuration uses a different way to load the PublicSuffixList than the initial config loader. This may lead to unwanted misbehaviour.

• Ticket 187 - compile and functional fix for SPF result logging
  reported by Scott Kitterman and Steve Jenkins, patch by Juri Haberland
  status: needed - bug fix
  The commit that introduced a slightly altered patch for ticket #127 was incomplete. Compilation fails with a syntax error and and the functionality is wrong due to a wrong comparison. There is also a mismatch between the two strings that can be logged: one has a trailing colon, the other does not. This patch fixes all three issues.

• Ticket 188 - bug fix: don't delete zip file too early in opendmarc-reports
  written by Juri Haberland
  status: needed - bug fix
  This patch fixes an issue in case a malformed reporting URI is preceding a well-formed URI.

• Ticket 189 - change documentation to be Debian-compliant
  written by Scott Kitterman
  status: optional - documentation fix for Debian
  This documentation patch removes the DMARC RFC from the documentation sub-directory and replaces it with a README.html file that includes links to online sources of the RFC, as "RFCs are not free based on Debian's definition", see post on the dev-ml.

• Ticket 193 - SQL strict mode compatibility
  reported by Michiel Hazelhof, written by Juri Haberland
  status: needed - bug fix
  Since MySQL version 5.7 the strict mode is enabled by default. That makes opendmarc-import fail to import the history data for reporting as well as opendmarc-expire failes. This patch fixes it.

• Ticket 194 - bug: wrong DMARC state in Auth-Res header
  written by Juri Haberland
  status: needed - bug fix
  If a domain has a DMARC policy of 'none' and a mail from this domain fails the DMARC tests, the Authentication-Results: header reports a state of dmarc=none instead of dmarc=fail.

• Ticket 195 - bug: Received-SPF: header results wrong
  written by Juri Haberland
  status: needed - bug fix
  If the Received-SPF: header is used, the result of parsing it is represented by the DMARC_POLICY_SPF_ macros and these values are written out to the history file, but for the history file we need the ARES_RESULT_ macros.

• Ticket 196 - bug: all messages are recorded in history file despite RecordAllMessages = false
  written by Juri Haberland
  status: needed - bug fix
  Commit 0a5e7794 introduced the feature "Inculde policy and disposition information in an Authentication-Results comment". The way it was implemented overwrote the contents of the variable ostatus, which is later evaluated. As ostatus has a wrong contents, the check to not write the message data into the history file fails and the data is always written.

• Ticket 197 - remove one of the two MySQL DB schemata
  written by Juri Haberland
  status: needed - bug fix
  There are two MySQL database schemata: db/schema.mysql and reports/mkdb.mysql. Both got fixes that the other does not have. So we should join them into one and remove the other. The patch adds two main differences from reports/mkdb.mysq to db/schema.mysql and removes reports/mkdb.mysql. The documentation is changed accordingly.

• changeSubjectFailureReport_v2.patch
  written by Juri Haberland
  status: optional - enhancement
  This is an optional patch that changes the Subject: line of a failure report.

• content-description.patch
  written by Juri Haberland
  status: optional - enhancement
  Adds a 'Content-Description' MIME header to the failure reports, to make some buggy Webmail-Software happy.

• reportDestVerificationV2.patch
  written by Juri Haberland
  status: recommended - enhancement
  This patch is not yet linked to an OpenDMARC ticket, as I want to receive some feedback from others. It adds external report destination verification and report address replacement. It also reorganizes the way the reports are sent. In addition it sends an error report if all report addresses are unusable due to size limitations.

• moreHeadersFailureReport.patch
  written by Juri Haberland
  status: optional - enhancement
  This patch is not yet linked to an OpenDMARC ticket. It adds some mandatory headers to the failure report.

• use_envdomain_SPF_logging.patch
  written by Juri Haberland
  status: recommended - bug fix
  This patch is not yet linked to an OpenDMARC ticket and its name is somewhat mis-leading: It exchanges the use of the envelope from against the use of the envelope domain, which is recommended to be use in the AUthentication-Results header by RFC 5451, section 2.4.2. As a side effect it also changes what is logged via syslog.