Commit | Line | Data |
---|---|---|
4840604e TL |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | /* Experimental DMARC support. | |
5 | Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013 | |
6 | License: GPL */ | |
7 | ||
8 | /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project; | |
9 | All rights reserved, licensed for use per LICENSE.opendmarc. */ | |
10 | ||
11 | /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */ | |
12 | ||
13 | #include "exim.h" | |
14 | #ifdef EXPERIMENTAL_DMARC | |
4a8ce2d8 TL |
15 | #if !defined EXPERIMENTAL_SPF |
16 | #error SPF must also be enabled for DMARC | |
17 | #elif defined DISABLE_DKIM | |
18 | #error DKIM must also be enabled for DMARC | |
19 | #else | |
4840604e TL |
20 | |
21 | #include "functions.h" | |
22 | #include "dmarc.h" | |
23 | #include "pdkim/pdkim.h" | |
24 | ||
25 | OPENDMARC_LIB_T dmarc_ctx; | |
26 | DMARC_POLICY_T *dmarc_pctx = NULL; | |
27 | OPENDMARC_STATUS_T libdm_status, action, dmarc_policy; | |
28 | OPENDMARC_STATUS_T da, sa, action; | |
29 | BOOL dmarc_abort = FALSE; | |
30 | uschar *dmarc_pass_fail = US"skipped"; | |
31 | extern pdkim_signature *dkim_signatures; | |
32 | header_line *from_header = NULL; | |
4840604e TL |
33 | extern SPF_response_t *spf_response; |
34 | int dmarc_spf_result = 0; | |
35 | uschar *spf_sender_domain = NULL; | |
36 | uschar *spf_human_readable = NULL; | |
4840604e TL |
37 | u_char *header_from_sender = NULL; |
38 | int history_file_status = DMARC_HIST_OK; | |
4840604e TL |
39 | uschar *dkim_history_buffer= NULL; |
40 | ||
41 | /* Accept an error_block struct, initialize if empty, parse to the | |
42 | * end, and append the two strings passed to it. Used for adding | |
43 | * variable amounts of value:pair data to the forensic emails. */ | |
44 | ||
45 | static error_block * | |
46 | add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) | |
47 | { | |
48 | error_block *eb = malloc(sizeof(error_block)); | |
49 | if (eblock == NULL) | |
50 | eblock = eb; | |
51 | else | |
52 | { | |
53 | /* Find the end of the eblock struct and point it at eb */ | |
54 | error_block *tmp = eblock; | |
55 | while(tmp->next != NULL) | |
56 | tmp = tmp->next; | |
57 | tmp->next = eb; | |
58 | } | |
59 | eb->text1 = t1; | |
60 | eb->text2 = t2; | |
61 | eb->next = NULL; | |
62 | return eblock; | |
63 | } | |
64 | ||
65 | /* dmarc_init sets up a context that can be re-used for several | |
66 | messages on the same SMTP connection (that come from the | |
67 | same host with the same HELO string) */ | |
68 | ||
4a8ce2d8 TL |
69 | int dmarc_init() |
70 | { | |
4840604e TL |
71 | int *netmask = NULL; /* Ignored */ |
72 | int is_ipv6 = 0; | |
73 | char *tld_file = (dmarc_tld_file == NULL) ? | |
74 | "/etc/exim/opendmarc.tlds" : | |
75 | (char *)dmarc_tld_file; | |
76 | ||
77 | /* Set some sane defaults. Also clears previous results when | |
78 | * multiple messages in one connection. */ | |
79 | dmarc_pctx = NULL; | |
80 | dmarc_status = US"none"; | |
81 | dmarc_abort = FALSE; | |
82 | dmarc_pass_fail = US"skipped"; | |
83 | dmarc_used_domain = US""; | |
84 | header_from_sender = NULL; | |
4840604e TL |
85 | spf_sender_domain = NULL; |
86 | spf_human_readable = NULL; | |
4840604e TL |
87 | |
88 | /* ACLs have "control=dmarc_disable_verify" */ | |
89 | if (dmarc_disable_verify == TRUE) | |
90 | return OK; | |
91 | ||
92 | (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx); | |
93 | dmarc_ctx.nscount = 0; | |
94 | libdm_status = opendmarc_policy_library_init(&dmarc_ctx); | |
95 | if (libdm_status != DMARC_PARSE_OKAY) | |
96 | { | |
97 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s", | |
98 | opendmarc_policy_status_to_str(libdm_status)); | |
99 | dmarc_abort = TRUE; | |
100 | } | |
ac7a78c5 TL |
101 | if (dmarc_tld_file == NULL) |
102 | dmarc_abort = TRUE; | |
103 | else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL)) | |
4840604e TL |
104 | { |
105 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", | |
106 | tld_file, errno); | |
107 | dmarc_abort = TRUE; | |
108 | } | |
109 | if (sender_host_address == NULL) | |
110 | dmarc_abort = TRUE; | |
111 | /* This catches locally originated email and startup errors above. */ | |
112 | if ( dmarc_abort == FALSE ) | |
113 | { | |
114 | is_ipv6 = string_is_ip_address(sender_host_address, netmask); | |
115 | is_ipv6 = (is_ipv6 == 6) ? TRUE : | |
116 | (is_ipv6 == 4) ? FALSE : FALSE; | |
117 | dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6); | |
118 | if (dmarc_pctx == NULL ) | |
119 | { | |
120 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s", | |
121 | sender_host_address); | |
122 | dmarc_abort = TRUE; | |
123 | } | |
124 | } | |
125 | ||
126 | return OK; | |
127 | } | |
128 | ||
129 | ||
130 | /* dmarc_store_data stores the header data so that subsequent | |
131 | * dmarc_process can access the data */ | |
132 | ||
133 | int dmarc_store_data(header_line *hdr) { | |
134 | /* No debug output because would change every test debug output */ | |
135 | if (dmarc_disable_verify != TRUE) | |
136 | from_header = hdr; | |
137 | return OK; | |
138 | } | |
139 | ||
140 | ||
141 | /* dmarc_process adds the envelope sender address to the existing | |
142 | context (if any), retrieves the result, sets up expansion | |
143 | strings and evaluates the condition outcome. */ | |
144 | ||
145 | int dmarc_process() { | |
146 | int sr, origin; /* used in SPF section */ | |
147 | pdkim_signature *sig = NULL; | |
148 | BOOL has_dmarc_record = TRUE; | |
149 | u_char **ruf; /* forensic report addressees, if called for */ | |
150 | ||
151 | /* ACLs have "control=dmarc_disable_verify" */ | |
152 | if (dmarc_disable_verify == TRUE) | |
153 | { | |
154 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); | |
155 | return OK; | |
156 | } | |
157 | ||
158 | /* Store the header From: sender domain for this part of DMARC. | |
159 | * If there is no from_header struct, then it's likely this message | |
160 | * is locally generated and relying on fixups to add it. Just skip | |
161 | * the entire DMARC system if we can't find a From: header....or if | |
162 | * there was a previous error. | |
163 | */ | |
164 | if (from_header == NULL || dmarc_abort == TRUE) | |
165 | dmarc_abort = TRUE; | |
166 | else | |
167 | { | |
168 | /* I strongly encourage anybody who can make this better to contact me directly! | |
169 | * <cannonball> Is this an insane way to extract the email address from the From: header? | |
170 | * <jgh_hm> it's sure a horrid layer-crossing.... | |
171 | * <cannonball> I'm not denying that :-/ | |
172 | * <jgh_hm> there may well be no better though | |
173 | */ | |
174 | header_from_sender = expand_string( | |
175 | string_sprintf("${domain:${extract{1}{:}{${addresses:%s}}}}", | |
176 | from_header->text) ); | |
177 | /* The opendmarc library extracts the domain from the email address, but | |
178 | * only try to store it if it's not empty. Otherwise, skip out of DMARC. */ | |
179 | if (strcmp( CCS header_from_sender, "") == 0) | |
180 | dmarc_abort = TRUE; | |
181 | libdm_status = (dmarc_abort == TRUE) ? | |
182 | DMARC_PARSE_OKAY : | |
183 | opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender); | |
184 | if (libdm_status != DMARC_PARSE_OKAY) | |
185 | { | |
186 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store header From: in DMARC: %s, header was '%s'", | |
187 | opendmarc_policy_status_to_str(libdm_status), from_header->text); | |
188 | dmarc_abort = TRUE; | |
189 | } | |
190 | } | |
191 | ||
192 | /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should | |
193 | * instead do this in the ACLs. */ | |
194 | if (dmarc_abort == FALSE && sender_host_authenticated == NULL) | |
195 | { | |
4840604e TL |
196 | /* Use the envelope sender domain for this part of DMARC */ |
197 | spf_sender_domain = expand_string(US"$sender_address_domain"); | |
198 | if ( spf_response == NULL ) | |
199 | { | |
200 | /* No spf data means null envelope sender so generate a domain name | |
201 | * from the sender_host_name || sender_helo_name */ | |
202 | if (spf_sender_domain == NULL) | |
203 | { | |
204 | spf_sender_domain = (sender_host_name == NULL) ? sender_helo_name : sender_host_name; | |
205 | uschar *subdomain = spf_sender_domain; | |
206 | int count = 0; | |
207 | while (subdomain && *subdomain != '.') | |
208 | { | |
209 | subdomain++; | |
210 | count++; | |
211 | } | |
212 | /* If parsed characters in temp var "subdomain" and is pointing to | |
213 | * a period now, get rid of the period and use that. Otherwise | |
214 | * will use whatever was first set in spf_sender_domain. Goal is to | |
215 | * generate a sane answer, not necessarily the right/best answer b/c | |
216 | * at this point with a null sender, it's a bounce message, making | |
217 | * the spf domain be subjective. */ | |
218 | if (count > 0 && *subdomain == '.') | |
219 | { | |
220 | subdomain++; | |
221 | spf_sender_domain = subdomain; | |
222 | } | |
223 | log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", | |
224 | spf_sender_domain); | |
225 | DEBUG(D_receive) | |
226 | debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain); | |
227 | } | |
228 | dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE; | |
229 | origin = DMARC_POLICY_SPF_ORIGIN_HELO; | |
230 | spf_human_readable = US""; | |
231 | } | |
232 | else | |
233 | { | |
234 | sr = spf_response->result; | |
235 | dmarc_spf_result = (sr == SPF_RESULT_NEUTRAL) ? DMARC_POLICY_SPF_OUTCOME_NONE : | |
236 | (sr == SPF_RESULT_PASS) ? DMARC_POLICY_SPF_OUTCOME_PASS : | |
237 | (sr == SPF_RESULT_FAIL) ? DMARC_POLICY_SPF_OUTCOME_FAIL : | |
238 | (sr == SPF_RESULT_SOFTFAIL) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL : | |
239 | DMARC_POLICY_SPF_OUTCOME_NONE; | |
240 | origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM; | |
241 | spf_human_readable = (uschar *)spf_response->header_comment; | |
242 | DEBUG(D_receive) | |
243 | debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain); | |
244 | } | |
245 | if (strcmp( CCS spf_sender_domain, "") == 0) | |
246 | dmarc_abort = TRUE; | |
247 | if (dmarc_abort == FALSE) | |
248 | { | |
249 | libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain, | |
250 | dmarc_spf_result, origin, spf_human_readable); | |
251 | if (libdm_status != DMARC_PARSE_OKAY) | |
252 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s", | |
253 | opendmarc_policy_status_to_str(libdm_status)); | |
254 | } | |
4840604e TL |
255 | |
256 | /* Now we cycle through the dkim signature results and put into | |
257 | * the opendmarc context, further building the DMARC reply. */ | |
258 | sig = dkim_signatures; | |
259 | dkim_history_buffer = US""; | |
260 | while (sig != NULL) | |
261 | { | |
262 | int dkim_result, vs; | |
263 | vs = sig->verify_status; | |
264 | dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS : | |
265 | ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL : | |
266 | ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : | |
267 | DMARC_POLICY_DKIM_OUTCOME_NONE; | |
268 | libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain, | |
269 | dkim_result, US""); | |
270 | DEBUG(D_receive) | |
271 | debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); | |
272 | if (libdm_status != DMARC_PARSE_OKAY) | |
273 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s", | |
274 | sig->domain, opendmarc_policy_status_to_str(libdm_status)); | |
275 | ||
276 | dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer, | |
277 | sig->domain, dkim_result); | |
278 | sig = sig->next; | |
279 | } | |
280 | libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US""); | |
281 | switch (libdm_status) | |
282 | { | |
283 | case DMARC_DNS_ERROR_NXDOMAIN: | |
284 | case DMARC_DNS_ERROR_NO_RECORD: | |
285 | DEBUG(D_receive) | |
286 | debug_printf("DMARC no record found for %s\n", header_from_sender); | |
287 | has_dmarc_record = FALSE; | |
288 | break; | |
289 | case DMARC_PARSE_OKAY: | |
290 | DEBUG(D_receive) | |
291 | debug_printf("DMARC record found for %s\n", header_from_sender); | |
292 | break; | |
293 | case DMARC_PARSE_ERROR_BAD_VALUE: | |
294 | DEBUG(D_receive) | |
295 | debug_printf("DMARC record parse error for %s\n", header_from_sender); | |
296 | has_dmarc_record = FALSE; | |
297 | break; | |
298 | default: | |
299 | /* everything else, skip dmarc */ | |
300 | DEBUG(D_receive) | |
301 | debug_printf("DMARC skipping (%d), unsure what to do with %s", | |
302 | libdm_status, from_header->text); | |
303 | has_dmarc_record = FALSE; | |
304 | break; | |
305 | } | |
306 | /* Can't use exim's string manipulation functions so allocate memory | |
307 | * for libopendmarc using its max hostname length definition. */ | |
308 | uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar)); | |
309 | libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain, | |
310 | DMARC_MAXHOSTNAMELEN-1); | |
311 | dmarc_used_domain = string_copy(dmarc_domain); | |
312 | free(dmarc_domain); | |
313 | if (libdm_status != DMARC_PARSE_OKAY) | |
314 | { | |
315 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s", | |
316 | opendmarc_policy_status_to_str(libdm_status)); | |
317 | } | |
318 | libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx); | |
319 | dmarc_policy = libdm_status; | |
320 | switch(libdm_status) | |
321 | { | |
322 | case DMARC_POLICY_ABSENT: /* No DMARC record found */ | |
323 | dmarc_status = US"norecord"; | |
324 | dmarc_pass_fail = US"temperror"; | |
325 | dmarc_status_text = US"No DMARC record"; | |
326 | action = DMARC_RESULT_ACCEPT; | |
327 | break; | |
328 | case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */ | |
329 | dmarc_status = US"nofrom"; | |
330 | dmarc_pass_fail = US"temperror"; | |
331 | dmarc_status_text = US"No From: domain found"; | |
332 | action = DMARC_RESULT_ACCEPT; | |
333 | break; | |
334 | case DMARC_POLICY_NONE: /* Accept and report */ | |
335 | dmarc_status = US"none"; | |
336 | dmarc_pass_fail = US"none"; | |
337 | dmarc_status_text = US"None, Accept"; | |
338 | action = DMARC_RESULT_ACCEPT; | |
339 | break; | |
340 | case DMARC_POLICY_PASS: /* Explicit accept */ | |
341 | dmarc_status = US"accept"; | |
342 | dmarc_pass_fail = US"pass"; | |
343 | dmarc_status_text = US"Accept"; | |
344 | action = DMARC_RESULT_ACCEPT; | |
345 | break; | |
346 | case DMARC_POLICY_REJECT: /* Explicit reject */ | |
347 | dmarc_status = US"reject"; | |
348 | dmarc_pass_fail = US"fail"; | |
349 | dmarc_status_text = US"Reject"; | |
350 | action = DMARC_RESULT_REJECT; | |
351 | break; | |
352 | case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ | |
353 | dmarc_status = US"quarantine"; | |
354 | dmarc_pass_fail = US"fail"; | |
355 | dmarc_status_text = US"Quarantine"; | |
356 | action = DMARC_RESULT_QUARANTINE; | |
357 | break; | |
358 | default: | |
359 | dmarc_status = US"temperror"; | |
360 | dmarc_pass_fail = US"temperror"; | |
361 | dmarc_status_text = US"Internal Policy Error"; | |
362 | action = DMARC_RESULT_TEMPFAIL; | |
363 | break; | |
364 | } | |
365 | ||
366 | libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa); | |
367 | if (libdm_status != DMARC_PARSE_OKAY) | |
368 | { | |
369 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s", | |
370 | opendmarc_policy_status_to_str(libdm_status)); | |
371 | } | |
372 | ||
373 | if (has_dmarc_record == TRUE) | |
374 | { | |
375 | log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s " | |
376 | "spf_align=%s dkim_align=%s enforcement='%s'", | |
377 | spf_sender_domain, dmarc_used_domain, | |
378 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no", | |
379 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no", | |
380 | dmarc_status_text); | |
381 | history_file_status = dmarc_write_history_file(); | |
382 | /* Now get the forensic reporting addresses, if any */ | |
383 | ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1); | |
384 | dmarc_send_forensic_report(ruf); | |
385 | } | |
386 | } | |
387 | ||
388 | /* set some global variables here */ | |
389 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); | |
390 | ||
391 | /* shut down libopendmarc */ | |
392 | if ( dmarc_pctx != NULL ) | |
393 | (void) opendmarc_policy_connect_shutdown(dmarc_pctx); | |
394 | if ( dmarc_disable_verify == FALSE ) | |
395 | (void) opendmarc_policy_library_shutdown(&dmarc_ctx); | |
396 | ||
397 | return OK; | |
398 | } | |
399 | ||
400 | int dmarc_write_history_file() | |
401 | { | |
402 | static int history_file_fd; | |
403 | ssize_t written_len; | |
404 | int tmp_ans; | |
405 | u_char **rua; /* aggregate report addressees */ | |
4a8ce2d8 | 406 | uschar *history_buffer = NULL; |
4840604e TL |
407 | |
408 | if (dmarc_history_file == NULL) | |
409 | return DMARC_HIST_DISABLED; | |
410 | history_file_fd = log_create(dmarc_history_file); | |
411 | ||
412 | if (history_file_fd < 0) | |
413 | { | |
414 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s", | |
415 | dmarc_history_file); | |
416 | return DMARC_HIST_FILE_ERR; | |
417 | } | |
418 | ||
419 | /* Generate the contents of the history file */ | |
420 | history_buffer = string_sprintf("job %s\n", message_id); | |
421 | history_buffer = string_sprintf("%sreporter %s\n", history_buffer, primary_hostname); | |
422 | history_buffer = string_sprintf("%sreceived %ld\n", history_buffer, time(NULL)); | |
423 | history_buffer = string_sprintf("%sipaddr %s\n", history_buffer, sender_host_address); | |
424 | history_buffer = string_sprintf("%sfrom %s\n", history_buffer, header_from_sender); | |
425 | history_buffer = string_sprintf("%smfrom %s\n", history_buffer, | |
426 | expand_string(US"$sender_address_domain")); | |
427 | ||
4840604e TL |
428 | if (spf_response != NULL) |
429 | history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_result); | |
4a8ce2d8 | 430 | // history_buffer = string_sprintf("%sspf -1\n", history_buffer); |
4840604e TL |
431 | |
432 | history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer); | |
433 | history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain); | |
434 | history_buffer = string_sprintf("%spolicy %d\n", history_buffer, dmarc_policy); | |
435 | ||
436 | rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1); | |
437 | if (rua != NULL) | |
438 | { | |
439 | for (tmp_ans = 0; rua[tmp_ans] != NULL; tmp_ans++) | |
440 | { | |
441 | history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]); | |
442 | } | |
443 | } | |
444 | else | |
445 | history_buffer = string_sprintf("%srua -\n", history_buffer); | |
446 | ||
447 | opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans); | |
448 | history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans); | |
449 | ||
450 | opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans); | |
451 | history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans); | |
452 | ||
453 | opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans); | |
454 | history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans); | |
455 | ||
456 | opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans); | |
457 | history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans); | |
458 | ||
459 | opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans); | |
460 | history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans); | |
461 | ||
462 | history_buffer = string_sprintf("%salign_dkim %d\n", history_buffer, da); | |
463 | history_buffer = string_sprintf("%salign_spf %d\n", history_buffer, sa); | |
464 | history_buffer = string_sprintf("%saction %d\n", history_buffer, action); | |
465 | ||
466 | /* Write the contents to the history file */ | |
467 | DEBUG(D_receive) | |
468 | debug_printf("DMARC logging history data for opendmarc reporting%s\n", | |
469 | (host_checking || running_in_test_harness) ? " (not really)" : ""); | |
470 | if (host_checking || running_in_test_harness) | |
471 | { | |
472 | DEBUG(D_receive) | |
473 | debug_printf("DMARC history data for debugging:\n%s", history_buffer); | |
474 | } | |
475 | else | |
476 | { | |
477 | written_len = write_to_fd_buf(history_file_fd, | |
478 | history_buffer, | |
479 | Ustrlen(history_buffer)); | |
480 | if (written_len == 0) | |
481 | { | |
482 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s", | |
483 | dmarc_history_file); | |
484 | return DMARC_HIST_WRITE_ERR; | |
485 | } | |
486 | (void)close(history_file_fd); | |
487 | } | |
488 | return DMARC_HIST_OK; | |
489 | } | |
490 | ||
491 | void dmarc_send_forensic_report(u_char **ruf) | |
492 | { | |
493 | int c; | |
494 | uschar *recipient, *save_sender; | |
495 | BOOL send_status = FALSE; | |
496 | error_block *eblock = NULL; | |
497 | FILE *message_file = NULL; | |
498 | ||
499 | /* Earlier ACL does not have *required* control=dmarc_enable_forensic */ | |
500 | if (dmarc_enable_forensic == FALSE) | |
501 | return; | |
502 | ||
503 | if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) || | |
504 | (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) ) | |
505 | { | |
506 | if (ruf != NULL) | |
507 | { | |
508 | eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); | |
509 | eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); | |
510 | eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); | |
511 | eblock = add_to_eblock(eblock, US"SPF Alignment", | |
512 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); | |
513 | eblock = add_to_eblock(eblock, US"DKIM Alignment", | |
514 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); | |
515 | eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); | |
516 | /* Set a sane default envelope sender */ | |
517 | dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : | |
518 | dsn_from ? dsn_from : | |
519 | string_sprintf("do-not-reply@%s",primary_hostname); | |
520 | for (c = 0; ruf[c] != NULL; c++) | |
521 | { | |
522 | recipient = string_copylc(ruf[c]); | |
523 | if (Ustrncmp(recipient, "mailto:",7)) | |
524 | continue; | |
525 | /* Move to first character past the colon */ | |
526 | recipient += 7; | |
527 | DEBUG(D_receive) | |
528 | debug_printf("DMARC forensic report to %s%s\n", recipient, | |
529 | (host_checking || running_in_test_harness) ? " (not really)" : ""); | |
530 | if (host_checking || running_in_test_harness) | |
531 | continue; | |
532 | save_sender = sender_address; | |
533 | sender_address = recipient; | |
534 | send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, | |
535 | header_list, message_file, FALSE); | |
536 | sender_address = save_sender; | |
537 | if (send_status == FALSE) | |
538 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to send DMARC forensic report to %s", | |
539 | recipient); | |
540 | } | |
541 | } | |
542 | } | |
543 | } | |
544 | ||
545 | uschar *dmarc_exim_expand_query(int what) | |
546 | { | |
547 | if (dmarc_disable_verify || !dmarc_pctx) | |
548 | return dmarc_exim_expand_defaults(what); | |
549 | ||
550 | switch(what) { | |
551 | case DMARC_VERIFY_STATUS: | |
552 | return(dmarc_status); | |
553 | default: | |
554 | return US""; | |
555 | } | |
556 | } | |
557 | ||
558 | uschar *dmarc_exim_expand_defaults(int what) | |
559 | { | |
560 | switch(what) { | |
561 | case DMARC_VERIFY_STATUS: | |
562 | return (dmarc_disable_verify) ? | |
563 | US"off" : | |
564 | US"none"; | |
565 | default: | |
566 | return US""; | |
567 | } | |
568 | } | |
569 | ||
570 | uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) | |
571 | { | |
572 | uschar *hdr_tmp = US""; | |
573 | ||
574 | /* Allow a server hostname to be passed to this function, but is | |
575 | * currently unused */ | |
576 | if (hostname == NULL) | |
577 | hostname = primary_hostname; | |
578 | hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname); | |
579 | ||
580 | #if 0 | |
581 | /* I don't think this belongs here, but left it here commented out | |
582 | * because it was a lot of work to get working right. */ | |
4840604e TL |
583 | if (spf_response != NULL) { |
584 | uschar *dmarc_ar_spf = US""; | |
585 | int sr = 0; | |
586 | sr = spf_response->result; | |
587 | dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" : | |
588 | (sr == SPF_RESULT_PASS) ? US"pass" : | |
589 | (sr == SPF_RESULT_FAIL) ? US"fail" : | |
590 | (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" : | |
591 | US"none"; | |
592 | hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;", | |
593 | hdr_tmp, dmarc_ar_spf_result, | |
594 | spf_response->header_comment, | |
595 | expand_string(US"$sender_address") ); | |
596 | } | |
4840604e TL |
597 | #endif |
598 | hdr_tmp = string_sprintf("%s dmarc=%s", | |
599 | hdr_tmp, dmarc_pass_fail); | |
600 | if (header_from_sender) | |
601 | hdr_tmp = string_sprintf("%s header.from=%s", | |
602 | hdr_tmp, header_from_sender); | |
603 | return hdr_tmp; | |
604 | } | |
605 | ||
4a8ce2d8 TL |
606 | #endif /* EXPERIMENTAL_SPF */ |
607 | #endif /* EXPERIMENTAL_DMARC */ | |
4840604e TL |
608 | |
609 | // vim:sw=2 expandtab |