Patch collection for OpenDMARC 1.3.2-beta2
Introduction
I created this page to support others in running an up-to-date OpenDMARC installation and to support the author to release a new version.
The former version of this page for Beta1 can be found here.
Download OpenDMARC 1.3.2-beta2
Get the current beta release from http://downloads.sourceforge.net/project/opendmarc/Pre-Releases/opendmarc-1.3.2.Beta2.tar.gz and untar it in a directory of your choice with tar -xzf opendmarc-1.3.2.Beta2.tar.gz
Get the patch collection
Download the patch collection from http://batleth.sapienti-sat.org/projects/opendmarc/patches-2017020901.tar.gz. Then untar it with tar -xzf patches-2017020901.tar.gz
in the same directory as above.
Apply the patches
Change into the directory of the OpenDMARC source an apply all patches in the order of the ticket numbers. The thre patches without ticket numbers must be applied last:
cd opendmarc-1.3.2
for patch in ../patches-2017020901/*; do echo $patch; patch -sp1 < $patch; done
Run configure
Here is how I configure the OpenDMARC source to use libspf2 - it's actually taken from the Debian package build by Scott Kitterman:
./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc LDFLAGS="-lresolv -Wl,-z,defs -L/usr/lib/libmilter" --enable-live-tests --enable-filter-tests --with-spf --with-spf2-include=/usr/include/spf2 --with-spf2-lib=/usr/lib --with-sql-backend
The patches:
-
ticket095_missing.patch
written by Juri Haberland
status: needed - bug fix
The patch for Ticket 95 (SPF validation fail for ipv6) was applied to Beta2, but for some reason support for IPv4 was accidentally removed. This patch adds IPv4 support back to internal SPF processing.
-
Ticket 138 - pass failed messages from p=quarantine domains
written by Marcos Moraes, documentation by Juri Haberland
status: recommended - enhancement, needs patch for ticket 180 to be applied first!
Messages from domains announcing p=quarantaine (that fail DMARC) stay in the MTA queue until administrative intervention. This patch with a sensible default let such messages pass for later processing. Major benefit: clean MTA queue.
-
Ticket 153 - duplicate dkim auth_result sections
reported by Tomky, patch written by Andreas Schulze
status: needed - bug fix
Don't report identical DKIM results multiple times.
-
Ticket 159 - opendmarc-importstats ignores value of HistoryFile
written by Juri Haberland
status: needed - bug fix
The opendmarc-importstats script looks for the history file in a hard-coded place. This patch gets the location from the opendmarc.conf file.
-
Ticket 180 - Override MLM patch
written by Juri Haberland
status: recommended - enhancement
This patch adds a new config option to OpenDMARC to specify a file with hostnames, IP address and networks, which will be whitelisted as mailing list manager, if a mail from such a host fails the DMARC test. The resulting DMARC report will report a local override of type "Mailing List".
-
Ticket 182 - log ignored authenticated clients
written by Juri Haberland
status: optional - enhancement
This patch introduces logging of ignored authenticated clients.
-
Ticket 183 - add timezone to date reported in DMARC reports
written by Juri Haberland
status: optional - enhancement
This patch adds the timezone to the date shown in DMARC reports and reformats the output to look like RFC 2822 format.
-
Ticket 184 - report the hostname in failure reports
written by Juri Haberland
status: optional - enhancement
This patch is similar to ticket #139 (add rDNS info to failure reports), but this one adds the hostname (rDNS) to the failure message, which is what people see first after opening a failure report.
-
ticket187_missing.patch
written by Juri Haberland
status: needed - bug fix
The patch for Ticket 187 (compile and functional fix for SPF result logging) was applied to Beta2, but one small part was forgotten. This fixes the compile failure.
-
ticket189_cleanup.patch
written by Juri Haberland
status: optional - documentation fix
The patch for Ticket 189 (change documentation to be Debian-compliant) was applied to Beta2, but on small thing was forgotten. This patch fixes this.
-
Ticket 193 - SQL strict mode compatibility
reported by Michiel Hazelhof, written by Juri Haberland
status: needed - bug fix
Since MySQL version 5.7 the strict mode is enabled by default. That makes opendmarc-import fail to import the history data for reporting as well as opendmarc-expire failes. This patch fixes it.
-
ticket197_cleanup.patch
written by Juri Haberland
status: optional - documentation fix
The patch for Ticket 197 (remove one of the two MySQL DB schemata) was applied to Beta2, but one small documentation part was lost. This patch fixes it.
-
changeSubjectFailureReport_v2.patch
written by Juri Haberland
status: optional - enhancement
This is an optional patch that changes the Subject: line of a failure report.
-
content-description.patch
written by Juri Haberland
status: optional - enhancement
Adds a 'Content-Description' MIME header to the failure reports, to make some buggy Webmail-Software happy.
-
reportDestVerificationV2.patch
written by Juri Haberland
status: recommended - enhancement
This patch is not yet linked to an OpenDMARC ticket, as I want to receive some feedback from others. It adds external report destination verification and report address replacement. It also reorganizes the way the reports are sent. In addition it sends an error report if all report addresses are unusable due to size limitations.
-
moreHeadersFailureReportVsBeta1.patch
written by Juri Haberland
status: optional - enhancement
This patch is not yet linked to an OpenDMARC ticket. It adds some mandatory headers to the failure report.
-
use_envdomain_SPF_logging.patch
written by Juri Haberland
status: recommended - bug fix
This patch is not yet linked to an OpenDMARC ticket and its name is somewhat mis-leading: It exchanges the use of the envelope From against the use of the envelope domain, which is recommended to be use in the Authentication-Results header by RFC 5451, section 2.4.2. As a side effect it also changes what is logged via syslog.