last modified:

Patch collection for OpenDMARC 1.3.2

Introduction

I created this page to support others in running an up-to-date OpenDMARC installation and to support the author to release a new version.
The former version of this page for Beta2 can be found here.

Download OpenDMARC 1.3.2

Get the current release from http://downloads.sourceforge.net/project/opendmarc/opendmarc-1.3.2.tar.gz and untar it in a directory of your choice with

tar -xzf opendmarc-1.3.2.tar.gz

Get the patch collection

Download the patch collection from http://batleth.sapienti-sat.org/projects/opendmarc/patches-2017021201.tar.gz. Then untar it with

tar -xzf patches-2017021201.tar.gz

in the same directory as above.

Apply the patches

Change into the directory of the OpenDMARC source an apply all patches in the order of the ticket numbers. The thre patches without ticket numbers must be applied last:

cd opendmarc-1.3.2
for patch in ../patches-2017021201/*; do echo $patch; patch -sp1 < $patch; done

Run configure

Here is how I configure the OpenDMARC source to use libspf2 - it's actually taken from the Debian package build by Scott Kitterman:

./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc LDFLAGS="-lresolv -Wl,-z,defs -L/usr/lib/libmilter" --enable-live-tests --enable-filter-tests --with-spf --with-spf2-include=/usr/include/spf2 --with-spf2-lib=/usr/lib --with-sql-backend

The patches:

Ticket 138 - pass failed messages from p=quarantine domains
written by Marcos Moraes, documentation by Juri Haberland
status: recommended - enhancement, needs patch for ticket 180 to be applied first!
Messages from domains announcing p=quarantaine (that fail DMARC) stay in the MTA queue until administrative intervention. This patch with a sensible default let such messages pass for later processing. Major benefit: clean MTA queue.
Ticket 153 - duplicate dkim auth_result sections
reported by Tomky, patch written by Andreas Schulze
status: needed - bug fix
Don't report identical DKIM results multiple times.
Ticket 159 - opendmarc-importstats ignores value of HistoryFile
written by Juri Haberland
status: needed - bug fix
The opendmarc-importstats script looks for the history file in a hard-coded place. This patch gets the location from the opendmarc.conf file.
Ticket 180 - Override MLM patch
written by Juri Haberland
status: recommended - enhancement
This patch adds a new config option to OpenDMARC to specify a file with hostnames, IP address and networks, which will be whitelisted as mailing list manager, if a mail from such a host fails the DMARC test. The resulting DMARC report will report a local override of type "Mailing List".
Ticket 182 - log ignored authenticated clients
written by Juri Haberland
status: optional - enhancement
This patch introduces logging of ignored authenticated clients.
Ticket 183 - add timezone to date reported in DMARC reports
written by Juri Haberland
status: optional - enhancement
This patch adds the timezone to the date shown in DMARC reports and reformats the output to look like RFC 2822 format.
Ticket 184 - report the hostname in failure reports
written by Juri Haberland
status: optional - enhancement
This patch is similar to ticket #139 (add rDNS info to failure reports), but this one adds the hostname (rDNS) to the failure message, which is what people see first after opening a failure report.
Ticket 193 - SQL strict mode compatibility
reported by Michiel Hazelhof, written by Juri Haberland
status: needed - bug fix
Since MySQL version 5.7 the strict mode is enabled by default. That makes opendmarc-import fail to import the history data for reporting as well as opendmarc-expire failes. This patch fixes it.
changeSubjectFailureReport_v2.patch
written by Juri Haberland
status: optional - enhancement
This is an optional patch that changes the Subject: line of a failure report.
content-description.patch
written by Juri Haberland
status: optional - enhancement
Adds a 'Content-Description' MIME header to the failure reports, to make some buggy Webmail-Software happy.
reportDestVerificationV2.patch
written by Juri Haberland
status: recommended - enhancement
This patch is not yet linked to an OpenDMARC ticket, as I want to receive some feedback from others. It adds external report destination verification and report address replacement. It also reorganizes the way the reports are sent. In addition it sends an error report if all report addresses are unusable due to size limitations.
moreHeadersFailureReportVsBeta1.patch
written by Juri Haberland
status: optional - enhancement
This patch is not yet linked to an OpenDMARC ticket. It adds some mandatory headers to the failure report.
use_envdomain_SPF_logging.patch
written by Juri Haberland
status: recommended - bug fix
This patch is not yet linked to an OpenDMARC ticket and its name is somewhat mis-leading: It exchanges the use of the envelope From against the use of the envelope domain, which is recommended to be use in the Authentication-Results header by RFC 5451, section 2.4.2. As a side effect it also changes what is logged via syslog.