Patch collection for OpenDMARC 1.3.2-beta1
Introduction
I created this page to support others in running an up-to-date OpenDMARC installation and to support the author to release a new version.
The former version of this page for Beta0 can be found here.
Download OpenDMARC 1.3.2-beta1
Get the current beta release from http://downloads.sourceforge.net/project/opendmarc/Pre-Releases/opendmarc-1.3.2.Beta1.tar.gz and untar it in a directory of your choice with tar -xzf opendmarc-1.3.2.Beta1.tar.gz
Get the patch collection
Download the patch collection from http://batleth.sapienti-sat.org/projects/opendmarc/patches-2016122101.tar.gz. Then untar it with tar -xzf patches-2016122101.tar.gz
in the same directory as above.
Apply the patches
Change into the directory of the OpenDMARC source an apply all patches in the order of the ticket numbers. The thre patches without ticket numbers must be applied last:
cd opendmarc-1.3.2
for patch in ../patches-2016122101/*; do echo $patch; patch -sp1 < $patch; done
Run configure
Here is how I configure the OpenDMARC source to use libspf2 - it's actually taken from the Debian package build by Scott Kitterman:
./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc LDFLAGS="-lresolv -Wl,-z,defs -L/usr/lib/libmilter" --enable-live-tests --enable-filter-tests --with-spf --with-spf2-include=/usr/include/spf2 --with-spf2-lib=/usr/lib --with-sql-backend
The patches:
-
Ticket 95 - SPF validation fail for ipv6
written by Andreas Schulze
status: needed - bug fix
Adds IPv6 support to internal SPF processing.
-
Ticket 138 - pass failed messages from p=quarantine domains
written by Marcos Moraes, documentation by Juri Haberland
status: recommended - enhancement, needs patch for ticket 180 to be applied first!
Messages from domains announcing p=quarantaine (that fail DMARC) stay in the MTA queue until administrative intervention. This patch with a sensible default let such messages pass for later processing. Major benefit: clean MTA queue.
-
Ticket 153 - duplicate dkim auth_result sections
reported by Tomky, patch written by Andreas Schulze
status: needed - bug fix
Don't report identical DKIM results multiple times.
-
Ticket 159 - opendmarc-importstats ignores value of HistoryFile
written by Juri Haberland
status: needed - bug fix
The opendmarc-importstats script looks for the history file in a hard-coded place. This patch gets the location from the opendmarc.conf file.
-
Ticket 165 - SPF Internal check fails on helo
written by M. Favero, adapted by Juri Haberland
status: needed - bug fix
The patch is partly included in 1.3.2-beta1, but one small bit was forgotten while applying it manually.
-
Ticket 166 - wrong report start and end times in DMARC reports
written by Juri Haberland
status: needed - bug fix
The DMARC reports sent by opendmarc-reports report a wrong date range in the report itself as well as in the report name. This patch fixes that problem.
-
Ticket 180 - Override MLM patch
written by Juri Haberland
status: recommended - enhancement
This patch adds a new config option to OpenDMARC to specify a file with hostnames, IP address and networks, which will be whitelisted as mailing list manager, if a mail from such a host fails the DMARC test. The resulting DMARC report will report a local override of type "Mailing List".
-
Ticket 182 - log ignored authenticated clients
written by Juri Haberland
status: optional - enhancement
This patch introduces logging of ignored authenticated clients.
-
Ticket 183 - add timezone to date reported in DMARC reports
written by Juri Haberland
status: optional - enhancement
This patch adds the timezone to the date shown in DMARC reports and reformats the output to look like RFC 2822 format.
-
Ticket 184 - report the hostname in failure reports
written by Juri Haberland
status: optional - enhancement
This patch is similar to ticket #139 (add rDNS info to failure reports), but this one adds the hostname (rDNS) to the failure message, which is what people see first after opening a failure report.
-
Ticket 185 - Segfaults every connection attempts
reported by Matt Domsch, written by Juri Haberland
status: needed - bug fix
This patch fixes a segmentation fault on every connection attempt.
-
Ticket 187 - compile and functional fix for SPF result logging
reported by Scott Kitterman and Steve Jenkins, patch by Juri Haberland
status: needed - bug fix
The commit that introduced a slightly altered patch for ticket #127 was incomplete. Compilation fails with a syntax error and and the functionality is wrong due to a wrong comparison. There is also a mismatch between the two strings that can be logged: one has a trailing colon, the other does not. This patch fixes all three issues.
-
Ticket 193 - SQL strict mode compatibility
reported by Michiel Hazelhof, written by Juri Haberland
status: needed - bug fix
Since MySQL version 5.7 the strict mode is enabled by default. That makes opendmarc-import fail to import the history data for reporting as well as opendmarc-expire failes. This patch fixes it.
-
changeSubjectFailureReport_v2.patch
written by Juri Haberland
status: optional - enhancement
This is an optional patch that changes the Subject: line of a failure report.
-
content-description.patch
written by Juri Haberland
status: optional - enhancement
Adds a 'Content-Description' MIME header to the failure reports, to make some buggy Webmail-Software happy.
-
reportDestVerificationV2.patch
written by Juri Haberland
status: recommended - enhancement
This patch is not yet linked to an OpenDMARC ticket, as I want to receive some feedback from others. It adds external report destination verification and report address replacement. It also reorganizes the way the reports are sent. In addition it sends an error report if all report addresses are unusable due to size limitations.
-
moreHeadersFailureReportVsBeta1.patch
written by Juri Haberland
status: optional - enhancement
This patch is not yet linked to an OpenDMARC ticket. It adds some mandatory headers to the failure report.
-
use_envdomain_SPF_logging.patch
written by Juri Haberland
status: recommended - bug fix
This patch is not yet linked to an OpenDMARC ticket and its name is somewhat mis-leading: It exchanges the use of the envelope from against the use of the envelope domain, which is recommended to be use in the AUthentication-Results header by RFC 5451, section 2.4.2. As a side effect it also changes what is logged via syslog.