| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | /* Experimental DMARC support. |
| 5 | Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013 |
| 6 | License: GPL */ |
| 7 | |
| 8 | /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project; |
| 9 | All rights reserved, licensed for use per LICENSE.opendmarc. */ |
| 10 | |
| 11 | /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */ |
| 12 | |
| 13 | #include "exim.h" |
| 14 | #ifdef EXPERIMENTAL_DMARC |
| 15 | #if !defined EXPERIMENTAL_SPF |
| 16 | #error SPF must also be enabled for DMARC |
| 17 | #elif defined DISABLE_DKIM |
| 18 | #error DKIM must also be enabled for DMARC |
| 19 | #else |
| 20 | |
| 21 | #include "functions.h" |
| 22 | #include "dmarc.h" |
| 23 | #include "pdkim/pdkim.h" |
| 24 | |
| 25 | OPENDMARC_LIB_T dmarc_ctx; |
| 26 | DMARC_POLICY_T *dmarc_pctx = NULL; |
| 27 | OPENDMARC_STATUS_T libdm_status, action, dmarc_policy; |
| 28 | OPENDMARC_STATUS_T da, sa, action; |
| 29 | BOOL dmarc_abort = FALSE; |
| 30 | uschar *dmarc_pass_fail = US"skipped"; |
| 31 | extern pdkim_signature *dkim_signatures; |
| 32 | header_line *from_header = NULL; |
| 33 | extern SPF_response_t *spf_response; |
| 34 | int dmarc_spf_result = 0; |
| 35 | uschar *spf_sender_domain = NULL; |
| 36 | uschar *spf_human_readable = NULL; |
| 37 | u_char *header_from_sender = NULL; |
| 38 | int history_file_status = DMARC_HIST_OK; |
| 39 | uschar *dkim_history_buffer= NULL; |
| 40 | |
| 41 | /* Accept an error_block struct, initialize if empty, parse to the |
| 42 | * end, and append the two strings passed to it. Used for adding |
| 43 | * variable amounts of value:pair data to the forensic emails. */ |
| 44 | |
| 45 | static error_block * |
| 46 | add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) |
| 47 | { |
| 48 | error_block *eb = malloc(sizeof(error_block)); |
| 49 | if (eblock == NULL) |
| 50 | eblock = eb; |
| 51 | else |
| 52 | { |
| 53 | /* Find the end of the eblock struct and point it at eb */ |
| 54 | error_block *tmp = eblock; |
| 55 | while(tmp->next != NULL) |
| 56 | tmp = tmp->next; |
| 57 | tmp->next = eb; |
| 58 | } |
| 59 | eb->text1 = t1; |
| 60 | eb->text2 = t2; |
| 61 | eb->next = NULL; |
| 62 | return eblock; |
| 63 | } |
| 64 | |
| 65 | /* dmarc_init sets up a context that can be re-used for several |
| 66 | messages on the same SMTP connection (that come from the |
| 67 | same host with the same HELO string) */ |
| 68 | |
| 69 | int dmarc_init() |
| 70 | { |
| 71 | int *netmask = NULL; /* Ignored */ |
| 72 | int is_ipv6 = 0; |
| 73 | char *tld_file = (dmarc_tld_file == NULL) ? |
| 74 | "/etc/exim/opendmarc.tlds" : |
| 75 | (char *)dmarc_tld_file; |
| 76 | |
| 77 | /* Set some sane defaults. Also clears previous results when |
| 78 | * multiple messages in one connection. */ |
| 79 | dmarc_pctx = NULL; |
| 80 | dmarc_status = US"none"; |
| 81 | dmarc_abort = FALSE; |
| 82 | dmarc_pass_fail = US"skipped"; |
| 83 | dmarc_used_domain = US""; |
| 84 | header_from_sender = NULL; |
| 85 | spf_sender_domain = NULL; |
| 86 | spf_human_readable = NULL; |
| 87 | |
| 88 | /* ACLs have "control=dmarc_disable_verify" */ |
| 89 | if (dmarc_disable_verify == TRUE) |
| 90 | return OK; |
| 91 | |
| 92 | (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx); |
| 93 | dmarc_ctx.nscount = 0; |
| 94 | libdm_status = opendmarc_policy_library_init(&dmarc_ctx); |
| 95 | if (libdm_status != DMARC_PARSE_OKAY) |
| 96 | { |
| 97 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s", |
| 98 | opendmarc_policy_status_to_str(libdm_status)); |
| 99 | dmarc_abort = TRUE; |
| 100 | } |
| 101 | if (dmarc_tld_file == NULL) |
| 102 | dmarc_abort = TRUE; |
| 103 | else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL)) |
| 104 | { |
| 105 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", |
| 106 | tld_file, errno); |
| 107 | dmarc_abort = TRUE; |
| 108 | } |
| 109 | if (sender_host_address == NULL) |
| 110 | dmarc_abort = TRUE; |
| 111 | /* This catches locally originated email and startup errors above. */ |
| 112 | if ( dmarc_abort == FALSE ) |
| 113 | { |
| 114 | is_ipv6 = string_is_ip_address(sender_host_address, netmask); |
| 115 | is_ipv6 = (is_ipv6 == 6) ? TRUE : |
| 116 | (is_ipv6 == 4) ? FALSE : FALSE; |
| 117 | dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6); |
| 118 | if (dmarc_pctx == NULL ) |
| 119 | { |
| 120 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s", |
| 121 | sender_host_address); |
| 122 | dmarc_abort = TRUE; |
| 123 | } |
| 124 | } |
| 125 | |
| 126 | return OK; |
| 127 | } |
| 128 | |
| 129 | |
| 130 | /* dmarc_store_data stores the header data so that subsequent |
| 131 | * dmarc_process can access the data */ |
| 132 | |
| 133 | int dmarc_store_data(header_line *hdr) { |
| 134 | /* No debug output because would change every test debug output */ |
| 135 | if (dmarc_disable_verify != TRUE) |
| 136 | from_header = hdr; |
| 137 | return OK; |
| 138 | } |
| 139 | |
| 140 | |
| 141 | /* dmarc_process adds the envelope sender address to the existing |
| 142 | context (if any), retrieves the result, sets up expansion |
| 143 | strings and evaluates the condition outcome. */ |
| 144 | |
| 145 | int dmarc_process() { |
| 146 | int sr, origin; /* used in SPF section */ |
| 147 | pdkim_signature *sig = NULL; |
| 148 | BOOL has_dmarc_record = TRUE; |
| 149 | u_char **ruf; /* forensic report addressees, if called for */ |
| 150 | |
| 151 | /* ACLs have "control=dmarc_disable_verify" */ |
| 152 | if (dmarc_disable_verify == TRUE) |
| 153 | { |
| 154 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); |
| 155 | return OK; |
| 156 | } |
| 157 | |
| 158 | /* Store the header From: sender domain for this part of DMARC. |
| 159 | * If there is no from_header struct, then it's likely this message |
| 160 | * is locally generated and relying on fixups to add it. Just skip |
| 161 | * the entire DMARC system if we can't find a From: header....or if |
| 162 | * there was a previous error. |
| 163 | */ |
| 164 | if (from_header == NULL || dmarc_abort == TRUE) |
| 165 | dmarc_abort = TRUE; |
| 166 | else |
| 167 | { |
| 168 | /* I strongly encourage anybody who can make this better to contact me directly! |
| 169 | * <cannonball> Is this an insane way to extract the email address from the From: header? |
| 170 | * <jgh_hm> it's sure a horrid layer-crossing.... |
| 171 | * <cannonball> I'm not denying that :-/ |
| 172 | * <jgh_hm> there may well be no better though |
| 173 | */ |
| 174 | header_from_sender = expand_string( |
| 175 | string_sprintf("${domain:${extract{1}{:}{${addresses:%s}}}}", |
| 176 | from_header->text) ); |
| 177 | /* The opendmarc library extracts the domain from the email address, but |
| 178 | * only try to store it if it's not empty. Otherwise, skip out of DMARC. */ |
| 179 | if (strcmp( CCS header_from_sender, "") == 0) |
| 180 | dmarc_abort = TRUE; |
| 181 | libdm_status = (dmarc_abort == TRUE) ? |
| 182 | DMARC_PARSE_OKAY : |
| 183 | opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender); |
| 184 | if (libdm_status != DMARC_PARSE_OKAY) |
| 185 | { |
| 186 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store header From: in DMARC: %s, header was '%s'", |
| 187 | opendmarc_policy_status_to_str(libdm_status), from_header->text); |
| 188 | dmarc_abort = TRUE; |
| 189 | } |
| 190 | } |
| 191 | |
| 192 | /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should |
| 193 | * instead do this in the ACLs. */ |
| 194 | if (dmarc_abort == FALSE && sender_host_authenticated == NULL) |
| 195 | { |
| 196 | /* Use the envelope sender domain for this part of DMARC */ |
| 197 | spf_sender_domain = expand_string(US"$sender_address_domain"); |
| 198 | if ( spf_response == NULL ) |
| 199 | { |
| 200 | /* No spf data means null envelope sender so generate a domain name |
| 201 | * from the sender_host_name || sender_helo_name */ |
| 202 | if (spf_sender_domain == NULL) |
| 203 | { |
| 204 | spf_sender_domain = (sender_host_name == NULL) ? sender_helo_name : sender_host_name; |
| 205 | uschar *subdomain = spf_sender_domain; |
| 206 | int count = 0; |
| 207 | while (subdomain && *subdomain != '.') |
| 208 | { |
| 209 | subdomain++; |
| 210 | count++; |
| 211 | } |
| 212 | /* If parsed characters in temp var "subdomain" and is pointing to |
| 213 | * a period now, get rid of the period and use that. Otherwise |
| 214 | * will use whatever was first set in spf_sender_domain. Goal is to |
| 215 | * generate a sane answer, not necessarily the right/best answer b/c |
| 216 | * at this point with a null sender, it's a bounce message, making |
| 217 | * the spf domain be subjective. */ |
| 218 | if (count > 0 && *subdomain == '.') |
| 219 | { |
| 220 | subdomain++; |
| 221 | spf_sender_domain = subdomain; |
| 222 | } |
| 223 | log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", |
| 224 | spf_sender_domain); |
| 225 | DEBUG(D_receive) |
| 226 | debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain); |
| 227 | } |
| 228 | dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE; |
| 229 | origin = DMARC_POLICY_SPF_ORIGIN_HELO; |
| 230 | spf_human_readable = US""; |
| 231 | } |
| 232 | else |
| 233 | { |
| 234 | sr = spf_response->result; |
| 235 | dmarc_spf_result = (sr == SPF_RESULT_NEUTRAL) ? DMARC_POLICY_SPF_OUTCOME_NONE : |
| 236 | (sr == SPF_RESULT_PASS) ? DMARC_POLICY_SPF_OUTCOME_PASS : |
| 237 | (sr == SPF_RESULT_FAIL) ? DMARC_POLICY_SPF_OUTCOME_FAIL : |
| 238 | (sr == SPF_RESULT_SOFTFAIL) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL : |
| 239 | DMARC_POLICY_SPF_OUTCOME_NONE; |
| 240 | origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM; |
| 241 | spf_human_readable = (uschar *)spf_response->header_comment; |
| 242 | DEBUG(D_receive) |
| 243 | debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain); |
| 244 | } |
| 245 | if (strcmp( CCS spf_sender_domain, "") == 0) |
| 246 | dmarc_abort = TRUE; |
| 247 | if (dmarc_abort == FALSE) |
| 248 | { |
| 249 | libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain, |
| 250 | dmarc_spf_result, origin, spf_human_readable); |
| 251 | if (libdm_status != DMARC_PARSE_OKAY) |
| 252 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s", |
| 253 | opendmarc_policy_status_to_str(libdm_status)); |
| 254 | } |
| 255 | |
| 256 | /* Now we cycle through the dkim signature results and put into |
| 257 | * the opendmarc context, further building the DMARC reply. */ |
| 258 | sig = dkim_signatures; |
| 259 | dkim_history_buffer = US""; |
| 260 | while (sig != NULL) |
| 261 | { |
| 262 | int dkim_result, vs; |
| 263 | vs = sig->verify_status; |
| 264 | dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS : |
| 265 | ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL : |
| 266 | ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : |
| 267 | DMARC_POLICY_DKIM_OUTCOME_NONE; |
| 268 | libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain, |
| 269 | dkim_result, US""); |
| 270 | DEBUG(D_receive) |
| 271 | debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); |
| 272 | if (libdm_status != DMARC_PARSE_OKAY) |
| 273 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s", |
| 274 | sig->domain, opendmarc_policy_status_to_str(libdm_status)); |
| 275 | |
| 276 | dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer, |
| 277 | sig->domain, dkim_result); |
| 278 | sig = sig->next; |
| 279 | } |
| 280 | libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US""); |
| 281 | switch (libdm_status) |
| 282 | { |
| 283 | case DMARC_DNS_ERROR_NXDOMAIN: |
| 284 | case DMARC_DNS_ERROR_NO_RECORD: |
| 285 | DEBUG(D_receive) |
| 286 | debug_printf("DMARC no record found for %s\n", header_from_sender); |
| 287 | has_dmarc_record = FALSE; |
| 288 | break; |
| 289 | case DMARC_PARSE_OKAY: |
| 290 | DEBUG(D_receive) |
| 291 | debug_printf("DMARC record found for %s\n", header_from_sender); |
| 292 | break; |
| 293 | case DMARC_PARSE_ERROR_BAD_VALUE: |
| 294 | DEBUG(D_receive) |
| 295 | debug_printf("DMARC record parse error for %s\n", header_from_sender); |
| 296 | has_dmarc_record = FALSE; |
| 297 | break; |
| 298 | default: |
| 299 | /* everything else, skip dmarc */ |
| 300 | DEBUG(D_receive) |
| 301 | debug_printf("DMARC skipping (%d), unsure what to do with %s", |
| 302 | libdm_status, from_header->text); |
| 303 | has_dmarc_record = FALSE; |
| 304 | break; |
| 305 | } |
| 306 | /* Can't use exim's string manipulation functions so allocate memory |
| 307 | * for libopendmarc using its max hostname length definition. */ |
| 308 | uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar)); |
| 309 | libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain, |
| 310 | DMARC_MAXHOSTNAMELEN-1); |
| 311 | dmarc_used_domain = string_copy(dmarc_domain); |
| 312 | free(dmarc_domain); |
| 313 | if (libdm_status != DMARC_PARSE_OKAY) |
| 314 | { |
| 315 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s", |
| 316 | opendmarc_policy_status_to_str(libdm_status)); |
| 317 | } |
| 318 | libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx); |
| 319 | dmarc_policy = libdm_status; |
| 320 | switch(libdm_status) |
| 321 | { |
| 322 | case DMARC_POLICY_ABSENT: /* No DMARC record found */ |
| 323 | dmarc_status = US"norecord"; |
| 324 | dmarc_pass_fail = US"temperror"; |
| 325 | dmarc_status_text = US"No DMARC record"; |
| 326 | action = DMARC_RESULT_ACCEPT; |
| 327 | break; |
| 328 | case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */ |
| 329 | dmarc_status = US"nofrom"; |
| 330 | dmarc_pass_fail = US"temperror"; |
| 331 | dmarc_status_text = US"No From: domain found"; |
| 332 | action = DMARC_RESULT_ACCEPT; |
| 333 | break; |
| 334 | case DMARC_POLICY_NONE: /* Accept and report */ |
| 335 | dmarc_status = US"none"; |
| 336 | dmarc_pass_fail = US"none"; |
| 337 | dmarc_status_text = US"None, Accept"; |
| 338 | action = DMARC_RESULT_ACCEPT; |
| 339 | break; |
| 340 | case DMARC_POLICY_PASS: /* Explicit accept */ |
| 341 | dmarc_status = US"accept"; |
| 342 | dmarc_pass_fail = US"pass"; |
| 343 | dmarc_status_text = US"Accept"; |
| 344 | action = DMARC_RESULT_ACCEPT; |
| 345 | break; |
| 346 | case DMARC_POLICY_REJECT: /* Explicit reject */ |
| 347 | dmarc_status = US"reject"; |
| 348 | dmarc_pass_fail = US"fail"; |
| 349 | dmarc_status_text = US"Reject"; |
| 350 | action = DMARC_RESULT_REJECT; |
| 351 | break; |
| 352 | case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ |
| 353 | dmarc_status = US"quarantine"; |
| 354 | dmarc_pass_fail = US"fail"; |
| 355 | dmarc_status_text = US"Quarantine"; |
| 356 | action = DMARC_RESULT_QUARANTINE; |
| 357 | break; |
| 358 | default: |
| 359 | dmarc_status = US"temperror"; |
| 360 | dmarc_pass_fail = US"temperror"; |
| 361 | dmarc_status_text = US"Internal Policy Error"; |
| 362 | action = DMARC_RESULT_TEMPFAIL; |
| 363 | break; |
| 364 | } |
| 365 | |
| 366 | libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa); |
| 367 | if (libdm_status != DMARC_PARSE_OKAY) |
| 368 | { |
| 369 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s", |
| 370 | opendmarc_policy_status_to_str(libdm_status)); |
| 371 | } |
| 372 | |
| 373 | if (has_dmarc_record == TRUE) |
| 374 | { |
| 375 | log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s " |
| 376 | "spf_align=%s dkim_align=%s enforcement='%s'", |
| 377 | spf_sender_domain, dmarc_used_domain, |
| 378 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no", |
| 379 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no", |
| 380 | dmarc_status_text); |
| 381 | history_file_status = dmarc_write_history_file(); |
| 382 | /* Now get the forensic reporting addresses, if any */ |
| 383 | ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1); |
| 384 | dmarc_send_forensic_report(ruf); |
| 385 | } |
| 386 | } |
| 387 | |
| 388 | /* set some global variables here */ |
| 389 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); |
| 390 | |
| 391 | /* shut down libopendmarc */ |
| 392 | if ( dmarc_pctx != NULL ) |
| 393 | (void) opendmarc_policy_connect_shutdown(dmarc_pctx); |
| 394 | if ( dmarc_disable_verify == FALSE ) |
| 395 | (void) opendmarc_policy_library_shutdown(&dmarc_ctx); |
| 396 | |
| 397 | return OK; |
| 398 | } |
| 399 | |
| 400 | int dmarc_write_history_file() |
| 401 | { |
| 402 | static int history_file_fd; |
| 403 | ssize_t written_len; |
| 404 | int tmp_ans; |
| 405 | u_char **rua; /* aggregate report addressees */ |
| 406 | uschar *history_buffer = NULL; |
| 407 | |
| 408 | if (dmarc_history_file == NULL) |
| 409 | return DMARC_HIST_DISABLED; |
| 410 | history_file_fd = log_create(dmarc_history_file); |
| 411 | |
| 412 | if (history_file_fd < 0) |
| 413 | { |
| 414 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s", |
| 415 | dmarc_history_file); |
| 416 | return DMARC_HIST_FILE_ERR; |
| 417 | } |
| 418 | |
| 419 | /* Generate the contents of the history file */ |
| 420 | history_buffer = string_sprintf("job %s\n", message_id); |
| 421 | history_buffer = string_sprintf("%sreporter %s\n", history_buffer, primary_hostname); |
| 422 | history_buffer = string_sprintf("%sreceived %ld\n", history_buffer, time(NULL)); |
| 423 | history_buffer = string_sprintf("%sipaddr %s\n", history_buffer, sender_host_address); |
| 424 | history_buffer = string_sprintf("%sfrom %s\n", history_buffer, header_from_sender); |
| 425 | history_buffer = string_sprintf("%smfrom %s\n", history_buffer, |
| 426 | expand_string(US"$sender_address_domain")); |
| 427 | |
| 428 | if (spf_response != NULL) |
| 429 | history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_result); |
| 430 | // history_buffer = string_sprintf("%sspf -1\n", history_buffer); |
| 431 | |
| 432 | history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer); |
| 433 | history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain); |
| 434 | history_buffer = string_sprintf("%spolicy %d\n", history_buffer, dmarc_policy); |
| 435 | |
| 436 | rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1); |
| 437 | if (rua != NULL) |
| 438 | { |
| 439 | for (tmp_ans = 0; rua[tmp_ans] != NULL; tmp_ans++) |
| 440 | { |
| 441 | history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]); |
| 442 | } |
| 443 | } |
| 444 | else |
| 445 | history_buffer = string_sprintf("%srua -\n", history_buffer); |
| 446 | |
| 447 | opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans); |
| 448 | history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans); |
| 449 | |
| 450 | opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans); |
| 451 | history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans); |
| 452 | |
| 453 | opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans); |
| 454 | history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans); |
| 455 | |
| 456 | opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans); |
| 457 | history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans); |
| 458 | |
| 459 | opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans); |
| 460 | history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans); |
| 461 | |
| 462 | history_buffer = string_sprintf("%salign_dkim %d\n", history_buffer, da); |
| 463 | history_buffer = string_sprintf("%salign_spf %d\n", history_buffer, sa); |
| 464 | history_buffer = string_sprintf("%saction %d\n", history_buffer, action); |
| 465 | |
| 466 | /* Write the contents to the history file */ |
| 467 | DEBUG(D_receive) |
| 468 | debug_printf("DMARC logging history data for opendmarc reporting%s\n", |
| 469 | (host_checking || running_in_test_harness) ? " (not really)" : ""); |
| 470 | if (host_checking || running_in_test_harness) |
| 471 | { |
| 472 | DEBUG(D_receive) |
| 473 | debug_printf("DMARC history data for debugging:\n%s", history_buffer); |
| 474 | } |
| 475 | else |
| 476 | { |
| 477 | written_len = write_to_fd_buf(history_file_fd, |
| 478 | history_buffer, |
| 479 | Ustrlen(history_buffer)); |
| 480 | if (written_len == 0) |
| 481 | { |
| 482 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s", |
| 483 | dmarc_history_file); |
| 484 | return DMARC_HIST_WRITE_ERR; |
| 485 | } |
| 486 | (void)close(history_file_fd); |
| 487 | } |
| 488 | return DMARC_HIST_OK; |
| 489 | } |
| 490 | |
| 491 | void dmarc_send_forensic_report(u_char **ruf) |
| 492 | { |
| 493 | int c; |
| 494 | uschar *recipient, *save_sender; |
| 495 | BOOL send_status = FALSE; |
| 496 | error_block *eblock = NULL; |
| 497 | FILE *message_file = NULL; |
| 498 | |
| 499 | /* Earlier ACL does not have *required* control=dmarc_enable_forensic */ |
| 500 | if (dmarc_enable_forensic == FALSE) |
| 501 | return; |
| 502 | |
| 503 | if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) || |
| 504 | (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) ) |
| 505 | { |
| 506 | if (ruf != NULL) |
| 507 | { |
| 508 | eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); |
| 509 | eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); |
| 510 | eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); |
| 511 | eblock = add_to_eblock(eblock, US"SPF Alignment", |
| 512 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); |
| 513 | eblock = add_to_eblock(eblock, US"DKIM Alignment", |
| 514 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); |
| 515 | eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); |
| 516 | /* Set a sane default envelope sender */ |
| 517 | dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : |
| 518 | dsn_from ? dsn_from : |
| 519 | string_sprintf("do-not-reply@%s",primary_hostname); |
| 520 | for (c = 0; ruf[c] != NULL; c++) |
| 521 | { |
| 522 | recipient = string_copylc(ruf[c]); |
| 523 | if (Ustrncmp(recipient, "mailto:",7)) |
| 524 | continue; |
| 525 | /* Move to first character past the colon */ |
| 526 | recipient += 7; |
| 527 | DEBUG(D_receive) |
| 528 | debug_printf("DMARC forensic report to %s%s\n", recipient, |
| 529 | (host_checking || running_in_test_harness) ? " (not really)" : ""); |
| 530 | if (host_checking || running_in_test_harness) |
| 531 | continue; |
| 532 | save_sender = sender_address; |
| 533 | sender_address = recipient; |
| 534 | send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, |
| 535 | header_list, message_file, FALSE); |
| 536 | sender_address = save_sender; |
| 537 | if (send_status == FALSE) |
| 538 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to send DMARC forensic report to %s", |
| 539 | recipient); |
| 540 | } |
| 541 | } |
| 542 | } |
| 543 | } |
| 544 | |
| 545 | uschar *dmarc_exim_expand_query(int what) |
| 546 | { |
| 547 | if (dmarc_disable_verify || !dmarc_pctx) |
| 548 | return dmarc_exim_expand_defaults(what); |
| 549 | |
| 550 | switch(what) { |
| 551 | case DMARC_VERIFY_STATUS: |
| 552 | return(dmarc_status); |
| 553 | default: |
| 554 | return US""; |
| 555 | } |
| 556 | } |
| 557 | |
| 558 | uschar *dmarc_exim_expand_defaults(int what) |
| 559 | { |
| 560 | switch(what) { |
| 561 | case DMARC_VERIFY_STATUS: |
| 562 | return (dmarc_disable_verify) ? |
| 563 | US"off" : |
| 564 | US"none"; |
| 565 | default: |
| 566 | return US""; |
| 567 | } |
| 568 | } |
| 569 | |
| 570 | uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) |
| 571 | { |
| 572 | uschar *hdr_tmp = US""; |
| 573 | |
| 574 | /* Allow a server hostname to be passed to this function, but is |
| 575 | * currently unused */ |
| 576 | if (hostname == NULL) |
| 577 | hostname = primary_hostname; |
| 578 | hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname); |
| 579 | |
| 580 | #if 0 |
| 581 | /* I don't think this belongs here, but left it here commented out |
| 582 | * because it was a lot of work to get working right. */ |
| 583 | if (spf_response != NULL) { |
| 584 | uschar *dmarc_ar_spf = US""; |
| 585 | int sr = 0; |
| 586 | sr = spf_response->result; |
| 587 | dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" : |
| 588 | (sr == SPF_RESULT_PASS) ? US"pass" : |
| 589 | (sr == SPF_RESULT_FAIL) ? US"fail" : |
| 590 | (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" : |
| 591 | US"none"; |
| 592 | hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;", |
| 593 | hdr_tmp, dmarc_ar_spf_result, |
| 594 | spf_response->header_comment, |
| 595 | expand_string(US"$sender_address") ); |
| 596 | } |
| 597 | #endif |
| 598 | hdr_tmp = string_sprintf("%s dmarc=%s", |
| 599 | hdr_tmp, dmarc_pass_fail); |
| 600 | if (header_from_sender) |
| 601 | hdr_tmp = string_sprintf("%s header.from=%s", |
| 602 | hdr_tmp, header_from_sender); |
| 603 | return hdr_tmp; |
| 604 | } |
| 605 | |
| 606 | #endif /* EXPERIMENTAL_SPF */ |
| 607 | #endif /* EXPERIMENTAL_DMARC */ |
| 608 | |
| 609 | // vim:sw=2 expandtab |