1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4 /* Experimental DMARC support.
5 Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013
8 /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
9 All rights reserved, licensed for use per LICENSE.opendmarc. */
11 /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */
14 #ifdef EXPERIMENTAL_DMARC
15 #if !defined EXPERIMENTAL_SPF
16 #error SPF must also be enabled for DMARC
17 #elif defined DISABLE_DKIM
18 #error DKIM must also be enabled for DMARC
21 #include "functions.h"
23 #include "pdkim/pdkim.h"
25 OPENDMARC_LIB_T dmarc_ctx
;
26 DMARC_POLICY_T
*dmarc_pctx
= NULL
;
27 OPENDMARC_STATUS_T libdm_status
, action
, dmarc_policy
;
28 OPENDMARC_STATUS_T da
, sa
, action
;
29 BOOL dmarc_abort
= FALSE
;
30 uschar
*dmarc_pass_fail
= US
"skipped";
31 extern pdkim_signature
*dkim_signatures
;
32 header_line
*from_header
= NULL
;
33 extern SPF_response_t
*spf_response
;
34 int dmarc_spf_ares_result
= 0;
35 uschar
*spf_sender_domain
= NULL
;
36 uschar
*spf_human_readable
= NULL
;
37 u_char
*header_from_sender
= NULL
;
38 int history_file_status
= DMARC_HIST_OK
;
39 uschar
*dkim_history_buffer
= NULL
;
41 /* Accept an error_block struct, initialize if empty, parse to the
42 * end, and append the two strings passed to it. Used for adding
43 * variable amounts of value:pair data to the forensic emails. */
46 add_to_eblock(error_block
*eblock
, uschar
*t1
, uschar
*t2
)
48 error_block
*eb
= malloc(sizeof(error_block
));
53 /* Find the end of the eblock struct and point it at eb */
54 error_block
*tmp
= eblock
;
55 while(tmp
->next
!= NULL
)
65 /* dmarc_init sets up a context that can be re-used for several
66 messages on the same SMTP connection (that come from the
67 same host with the same HELO string) */
71 int *netmask
= NULL
; /* Ignored */
73 char *tld_file
= (dmarc_tld_file
== NULL
) ?
74 "/etc/exim/opendmarc.tlds" :
75 (char *)dmarc_tld_file
;
77 /* Set some sane defaults. Also clears previous results when
78 * multiple messages in one connection. */
80 dmarc_status
= US
"none";
82 dmarc_pass_fail
= US
"skipped";
83 dmarc_used_domain
= US
"";
84 dmarc_ar_header
= NULL
;
85 dmarc_has_been_checked
= FALSE
;
86 header_from_sender
= NULL
;
87 spf_sender_domain
= NULL
;
88 spf_human_readable
= NULL
;
90 /* ACLs have "control=dmarc_disable_verify" */
91 if (dmarc_disable_verify
== TRUE
)
94 (void) memset(&dmarc_ctx
, '\0', sizeof dmarc_ctx
);
95 dmarc_ctx
.nscount
= 0;
96 libdm_status
= opendmarc_policy_library_init(&dmarc_ctx
);
97 if (libdm_status
!= DMARC_PARSE_OKAY
)
99 log_write(0, LOG_MAIN
|LOG_PANIC
, "DMARC failure to init library: %s",
100 opendmarc_policy_status_to_str(libdm_status
));
103 if (dmarc_tld_file
== NULL
)
105 else if (opendmarc_tld_read_file(tld_file
, NULL
, NULL
, NULL
))
107 log_write(0, LOG_MAIN
|LOG_PANIC
, "DMARC failure to load tld list %s: %d",
111 if (sender_host_address
== NULL
)
113 /* This catches locally originated email and startup errors above. */
114 if ( dmarc_abort
== FALSE
)
116 is_ipv6
= string_is_ip_address(sender_host_address
, netmask
);
117 is_ipv6
= (is_ipv6
== 6) ? TRUE
:
118 (is_ipv6
== 4) ? FALSE
: FALSE
;
119 dmarc_pctx
= opendmarc_policy_connect_init(sender_host_address
, is_ipv6
);
120 if (dmarc_pctx
== NULL
)
122 log_write(0, LOG_MAIN
|LOG_PANIC
, "DMARC failure creating policy context: ip=%s",
123 sender_host_address
);
132 /* dmarc_store_data stores the header data so that subsequent
133 * dmarc_process can access the data */
135 int dmarc_store_data(header_line
*hdr
) {
136 /* No debug output because would change every test debug output */
137 if (dmarc_disable_verify
!= TRUE
)
143 /* dmarc_process adds the envelope sender address to the existing
144 context (if any), retrieves the result, sets up expansion
145 strings and evaluates the condition outcome. */
147 int dmarc_process() {
148 int sr
, origin
; /* used in SPF section */
149 int dmarc_spf_result
= 0; /* stores spf into dmarc conn ctx */
150 pdkim_signature
*sig
= NULL
;
151 BOOL has_dmarc_record
= TRUE
;
152 u_char
**ruf
; /* forensic report addressees, if called for */
154 /* ACLs have "control=dmarc_disable_verify" */
155 if (dmarc_disable_verify
== TRUE
)
157 dmarc_ar_header
= dmarc_auth_results_header(from_header
, NULL
);
161 /* Store the header From: sender domain for this part of DMARC.
162 * If there is no from_header struct, then it's likely this message
163 * is locally generated and relying on fixups to add it. Just skip
164 * the entire DMARC system if we can't find a From: header....or if
165 * there was a previous error.
167 if (from_header
== NULL
|| dmarc_abort
== TRUE
)
171 /* I strongly encourage anybody who can make this better to contact me directly!
172 * <cannonball> Is this an insane way to extract the email address from the From: header?
173 * <jgh_hm> it's sure a horrid layer-crossing....
174 * <cannonball> I'm not denying that :-/
175 * <jgh_hm> there may well be no better though
177 header_from_sender
= expand_string(
178 string_sprintf("${domain:${extract{1}{:}{${addresses:\\N%s\\N}}}}",
179 from_header
->text
) );
180 /* The opendmarc library extracts the domain from the email address, but
181 * only try to store it if it's not empty. Otherwise, skip out of DMARC. */
182 if ((header_from_sender
== NULL
) || (strcmp( CCS header_from_sender
, "") == 0))
184 libdm_status
= (dmarc_abort
== TRUE
) ?
186 opendmarc_policy_store_from_domain(dmarc_pctx
, header_from_sender
);
187 if (libdm_status
!= DMARC_PARSE_OKAY
)
189 log_write(0, LOG_MAIN
|LOG_PANIC
,
190 "failure to store header From: in DMARC: %s, header was '%s'",
191 opendmarc_policy_status_to_str(libdm_status
), from_header
->text
);
196 /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should
197 * instead do this in the ACLs. */
198 if (dmarc_abort
== FALSE
&& sender_host_authenticated
== NULL
)
200 /* Use the envelope sender domain for this part of DMARC */
201 spf_sender_domain
= expand_string(US
"$sender_address_domain");
202 if ( spf_response
== NULL
)
204 /* No spf data means null envelope sender so generate a domain name
205 * from the sender_helo_name */
206 if (spf_sender_domain
== NULL
)
208 spf_sender_domain
= sender_helo_name
;
209 log_write(0, LOG_MAIN
, "DMARC using synthesized SPF sender domain = %s\n",
212 debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain
);
214 dmarc_spf_result
= DMARC_POLICY_SPF_OUTCOME_NONE
;
215 dmarc_spf_ares_result
= ARES_RESULT_UNKNOWN
;
216 origin
= DMARC_POLICY_SPF_ORIGIN_HELO
;
217 spf_human_readable
= US
"";
221 sr
= spf_response
->result
;
222 dmarc_spf_result
= (sr
== SPF_RESULT_NEUTRAL
) ? DMARC_POLICY_SPF_OUTCOME_NONE
:
223 (sr
== SPF_RESULT_PASS
) ? DMARC_POLICY_SPF_OUTCOME_PASS
:
224 (sr
== SPF_RESULT_FAIL
) ? DMARC_POLICY_SPF_OUTCOME_FAIL
:
225 (sr
== SPF_RESULT_SOFTFAIL
) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL
:
226 DMARC_POLICY_SPF_OUTCOME_NONE
;
227 dmarc_spf_ares_result
= (sr
== SPF_RESULT_NEUTRAL
) ? ARES_RESULT_NEUTRAL
:
228 (sr
== SPF_RESULT_PASS
) ? ARES_RESULT_PASS
:
229 (sr
== SPF_RESULT_FAIL
) ? ARES_RESULT_FAIL
:
230 (sr
== SPF_RESULT_SOFTFAIL
) ? ARES_RESULT_SOFTFAIL
:
231 (sr
== SPF_RESULT_NONE
) ? ARES_RESULT_NONE
:
232 (sr
== SPF_RESULT_TEMPERROR
) ? ARES_RESULT_TEMPERROR
:
233 (sr
== SPF_RESULT_PERMERROR
) ? ARES_RESULT_PERMERROR
:
235 origin
= DMARC_POLICY_SPF_ORIGIN_MAILFROM
;
236 spf_human_readable
= (uschar
*)spf_response
->header_comment
;
238 debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain
);
240 if (strcmp( CCS spf_sender_domain
, "") == 0)
242 if (dmarc_abort
== FALSE
)
244 libdm_status
= opendmarc_policy_store_spf(dmarc_pctx
, spf_sender_domain
,
245 dmarc_spf_result
, origin
, spf_human_readable
);
246 if (libdm_status
!= DMARC_PARSE_OKAY
)
247 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to store spf for DMARC: %s",
248 opendmarc_policy_status_to_str(libdm_status
));
251 /* Now we cycle through the dkim signature results and put into
252 * the opendmarc context, further building the DMARC reply. */
253 sig
= dkim_signatures
;
254 dkim_history_buffer
= US
"";
257 int dkim_result
, dkim_ares_result
, vs
, ves
;
258 vs
= sig
->verify_status
;
259 ves
= sig
->verify_ext_status
;
260 dkim_result
= ( vs
== PDKIM_VERIFY_PASS
) ? DMARC_POLICY_DKIM_OUTCOME_PASS
:
261 ( vs
== PDKIM_VERIFY_FAIL
) ? DMARC_POLICY_DKIM_OUTCOME_FAIL
:
262 ( vs
== PDKIM_VERIFY_INVALID
) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL
:
263 DMARC_POLICY_DKIM_OUTCOME_NONE
;
264 libdm_status
= opendmarc_policy_store_dkim(dmarc_pctx
, (uschar
*)sig
->domain
,
267 debug_printf("DMARC adding DKIM sender domain = %s\n", sig
->domain
);
268 if (libdm_status
!= DMARC_PARSE_OKAY
)
269 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to store dkim (%s) for DMARC: %s",
270 sig
->domain
, opendmarc_policy_status_to_str(libdm_status
));
272 dkim_ares_result
= ( vs
== PDKIM_VERIFY_PASS
) ? ARES_RESULT_PASS
:
273 ( vs
== PDKIM_VERIFY_FAIL
) ? ARES_RESULT_FAIL
:
274 ( vs
== PDKIM_VERIFY_NONE
) ? ARES_RESULT_NONE
:
275 ( vs
== PDKIM_VERIFY_INVALID
) ?
276 ( ves
== PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE
? ARES_RESULT_PERMERROR
:
277 ves
== PDKIM_VERIFY_INVALID_BUFFER_SIZE
? ARES_RESULT_PERMERROR
:
278 ves
== PDKIM_VERIFY_INVALID_PUBKEY_PARSING
? ARES_RESULT_PERMERROR
:
279 ARES_RESULT_UNKNOWN
) :
281 dkim_history_buffer
= string_sprintf("%sdkim %s %d\n", dkim_history_buffer
,
282 sig
->domain
, dkim_ares_result
);
285 libdm_status
= opendmarc_policy_query_dmarc(dmarc_pctx
, US
"");
286 switch (libdm_status
)
288 case DMARC_DNS_ERROR_NXDOMAIN
:
289 case DMARC_DNS_ERROR_NO_RECORD
:
291 debug_printf("DMARC no record found for %s\n", header_from_sender
);
292 has_dmarc_record
= FALSE
;
294 case DMARC_PARSE_OKAY
:
296 debug_printf("DMARC record found for %s\n", header_from_sender
);
298 case DMARC_PARSE_ERROR_BAD_VALUE
:
300 debug_printf("DMARC record parse error for %s\n", header_from_sender
);
301 has_dmarc_record
= FALSE
;
304 /* everything else, skip dmarc */
306 debug_printf("DMARC skipping (%d), unsure what to do with %s",
307 libdm_status
, from_header
->text
);
308 has_dmarc_record
= FALSE
;
311 /* Can't use exim's string manipulation functions so allocate memory
312 * for libopendmarc using its max hostname length definition. */
313 uschar
*dmarc_domain
= (uschar
*)calloc(DMARC_MAXHOSTNAMELEN
, sizeof(uschar
));
314 libdm_status
= opendmarc_policy_fetch_utilized_domain(dmarc_pctx
, dmarc_domain
,
315 DMARC_MAXHOSTNAMELEN
-1);
316 dmarc_used_domain
= string_copy(dmarc_domain
);
318 if (libdm_status
!= DMARC_PARSE_OKAY
)
320 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to read domainname used for DMARC lookup: %s",
321 opendmarc_policy_status_to_str(libdm_status
));
323 libdm_status
= opendmarc_get_policy_to_enforce(dmarc_pctx
);
324 dmarc_policy
= libdm_status
;
327 case DMARC_POLICY_ABSENT
: /* No DMARC record found */
328 dmarc_status
= US
"norecord";
329 dmarc_pass_fail
= US
"none";
330 dmarc_status_text
= US
"No DMARC record";
331 action
= DMARC_RESULT_ACCEPT
;
333 case DMARC_FROM_DOMAIN_ABSENT
: /* No From: domain */
334 dmarc_status
= US
"nofrom";
335 dmarc_pass_fail
= US
"temperror";
336 dmarc_status_text
= US
"No From: domain found";
337 action
= DMARC_RESULT_ACCEPT
;
339 case DMARC_POLICY_NONE
: /* Accept and report */
340 dmarc_status
= US
"none";
341 dmarc_pass_fail
= US
"none";
342 dmarc_status_text
= US
"None, Accept";
343 action
= DMARC_RESULT_ACCEPT
;
345 case DMARC_POLICY_PASS
: /* Explicit accept */
346 dmarc_status
= US
"accept";
347 dmarc_pass_fail
= US
"pass";
348 dmarc_status_text
= US
"Accept";
349 action
= DMARC_RESULT_ACCEPT
;
351 case DMARC_POLICY_REJECT
: /* Explicit reject */
352 dmarc_status
= US
"reject";
353 dmarc_pass_fail
= US
"fail";
354 dmarc_status_text
= US
"Reject";
355 action
= DMARC_RESULT_REJECT
;
357 case DMARC_POLICY_QUARANTINE
: /* Explicit quarantine */
358 dmarc_status
= US
"quarantine";
359 dmarc_pass_fail
= US
"fail";
360 dmarc_status_text
= US
"Quarantine";
361 action
= DMARC_RESULT_QUARANTINE
;
364 dmarc_status
= US
"temperror";
365 dmarc_pass_fail
= US
"temperror";
366 dmarc_status_text
= US
"Internal Policy Error";
367 action
= DMARC_RESULT_TEMPFAIL
;
371 libdm_status
= opendmarc_policy_fetch_alignment(dmarc_pctx
, &da
, &sa
);
372 if (libdm_status
!= DMARC_PARSE_OKAY
)
374 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to read DMARC alignment: %s",
375 opendmarc_policy_status_to_str(libdm_status
));
378 if (has_dmarc_record
== TRUE
)
380 log_write(0, LOG_MAIN
, "DMARC results: spf_domain=%s dmarc_domain=%s "
381 "spf_align=%s dkim_align=%s enforcement='%s'",
382 spf_sender_domain
, dmarc_used_domain
,
383 (sa
==DMARC_POLICY_SPF_ALIGNMENT_PASS
) ?"yes":"no",
384 (da
==DMARC_POLICY_DKIM_ALIGNMENT_PASS
)?"yes":"no",
386 history_file_status
= dmarc_write_history_file();
387 /* Now get the forensic reporting addresses, if any */
388 ruf
= opendmarc_policy_fetch_ruf(dmarc_pctx
, NULL
, 0, 1);
389 dmarc_send_forensic_report(ruf
);
393 /* set some global variables here */
394 dmarc_ar_header
= dmarc_auth_results_header(from_header
, NULL
);
396 /* shut down libopendmarc */
397 if ( dmarc_pctx
!= NULL
)
398 (void) opendmarc_policy_connect_shutdown(dmarc_pctx
);
399 if ( dmarc_disable_verify
== FALSE
)
400 (void) opendmarc_policy_library_shutdown(&dmarc_ctx
);
405 int dmarc_write_history_file()
410 u_char
**rua
; /* aggregate report addressees */
411 uschar
*history_buffer
= NULL
;
413 if (dmarc_history_file
== NULL
)
414 return DMARC_HIST_DISABLED
;
415 history_file_fd
= log_create(dmarc_history_file
);
417 if (history_file_fd
< 0)
419 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to create DMARC history file: %s",
421 return DMARC_HIST_FILE_ERR
;
424 /* Generate the contents of the history file */
425 history_buffer
= string_sprintf("job %s\n", message_id
);
426 history_buffer
= string_sprintf("%sreporter %s\n", history_buffer
, primary_hostname
);
427 history_buffer
= string_sprintf("%sreceived %ld\n", history_buffer
, time(NULL
));
428 history_buffer
= string_sprintf("%sipaddr %s\n", history_buffer
, sender_host_address
);
429 history_buffer
= string_sprintf("%sfrom %s\n", history_buffer
, header_from_sender
);
430 history_buffer
= string_sprintf("%smfrom %s\n", history_buffer
,
431 expand_string(US
"$sender_address_domain"));
433 if (spf_response
!= NULL
)
434 history_buffer
= string_sprintf("%sspf %d\n", history_buffer
, dmarc_spf_ares_result
);
435 // history_buffer = string_sprintf("%sspf -1\n", history_buffer);
437 history_buffer
= string_sprintf("%s%s", history_buffer
, dkim_history_buffer
);
438 history_buffer
= string_sprintf("%spdomain %s\n", history_buffer
, dmarc_used_domain
);
439 history_buffer
= string_sprintf("%spolicy %d\n", history_buffer
, dmarc_policy
);
441 rua
= opendmarc_policy_fetch_rua(dmarc_pctx
, NULL
, 0, 1);
444 for (tmp_ans
= 0; rua
[tmp_ans
] != NULL
; tmp_ans
++)
446 history_buffer
= string_sprintf("%srua %s\n", history_buffer
, rua
[tmp_ans
]);
450 history_buffer
= string_sprintf("%srua -\n", history_buffer
);
452 opendmarc_policy_fetch_pct(dmarc_pctx
, &tmp_ans
);
453 history_buffer
= string_sprintf("%spct %d\n", history_buffer
, tmp_ans
);
455 opendmarc_policy_fetch_adkim(dmarc_pctx
, &tmp_ans
);
456 history_buffer
= string_sprintf("%sadkim %d\n", history_buffer
, tmp_ans
);
458 opendmarc_policy_fetch_aspf(dmarc_pctx
, &tmp_ans
);
459 history_buffer
= string_sprintf("%saspf %d\n", history_buffer
, tmp_ans
);
461 opendmarc_policy_fetch_p(dmarc_pctx
, &tmp_ans
);
462 history_buffer
= string_sprintf("%sp %d\n", history_buffer
, tmp_ans
);
464 opendmarc_policy_fetch_sp(dmarc_pctx
, &tmp_ans
);
465 history_buffer
= string_sprintf("%ssp %d\n", history_buffer
, tmp_ans
);
467 history_buffer
= string_sprintf("%salign_dkim %d\n", history_buffer
, da
);
468 history_buffer
= string_sprintf("%salign_spf %d\n", history_buffer
, sa
);
469 history_buffer
= string_sprintf("%saction %d\n", history_buffer
, action
);
471 /* Write the contents to the history file */
473 debug_printf("DMARC logging history data for opendmarc reporting%s\n",
474 (host_checking
|| running_in_test_harness
) ? " (not really)" : "");
475 if (host_checking
|| running_in_test_harness
)
478 debug_printf("DMARC history data for debugging:\n%s", history_buffer
);
482 written_len
= write_to_fd_buf(history_file_fd
,
484 Ustrlen(history_buffer
));
485 if (written_len
== 0)
487 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to write to DMARC history file: %s",
489 return DMARC_HIST_WRITE_ERR
;
491 (void)close(history_file_fd
);
493 return DMARC_HIST_OK
;
496 void dmarc_send_forensic_report(u_char
**ruf
)
499 uschar
*recipient
, *save_sender
;
500 BOOL send_status
= FALSE
;
501 error_block
*eblock
= NULL
;
502 FILE *message_file
= NULL
;
504 /* Earlier ACL does not have *required* control=dmarc_enable_forensic */
505 if (dmarc_enable_forensic
== FALSE
)
508 if ((dmarc_policy
== DMARC_POLICY_REJECT
&& action
== DMARC_RESULT_REJECT
) ||
509 (dmarc_policy
== DMARC_POLICY_QUARANTINE
&& action
== DMARC_RESULT_QUARANTINE
) )
513 eblock
= add_to_eblock(eblock
, US
"Sender Domain", dmarc_used_domain
);
514 eblock
= add_to_eblock(eblock
, US
"Sender IP Address", sender_host_address
);
515 eblock
= add_to_eblock(eblock
, US
"Received Date", tod_stamp(tod_full
));
516 eblock
= add_to_eblock(eblock
, US
"SPF Alignment",
517 (sa
==DMARC_POLICY_SPF_ALIGNMENT_PASS
) ?US
"yes":US
"no");
518 eblock
= add_to_eblock(eblock
, US
"DKIM Alignment",
519 (da
==DMARC_POLICY_DKIM_ALIGNMENT_PASS
)?US
"yes":US
"no");
520 eblock
= add_to_eblock(eblock
, US
"DMARC Results", dmarc_status_text
);
521 /* Set a sane default envelope sender */
522 dsn_from
= dmarc_forensic_sender
? dmarc_forensic_sender
:
523 dsn_from
? dsn_from
:
524 string_sprintf("do-not-reply@%s",primary_hostname
);
525 for (c
= 0; ruf
[c
] != NULL
; c
++)
527 recipient
= string_copylc(ruf
[c
]);
528 if (Ustrncmp(recipient
, "mailto:",7))
530 /* Move to first character past the colon */
533 debug_printf("DMARC forensic report to %s%s\n", recipient
,
534 (host_checking
|| running_in_test_harness
) ? " (not really)" : "");
535 if (host_checking
|| running_in_test_harness
)
537 save_sender
= sender_address
;
538 sender_address
= recipient
;
539 send_status
= moan_to_sender(ERRMESS_DMARC_FORENSIC
, eblock
,
540 header_list
, message_file
, FALSE
);
541 sender_address
= save_sender
;
542 if (send_status
== FALSE
)
543 log_write(0, LOG_MAIN
|LOG_PANIC
, "failure to send DMARC forensic report to %s",
550 uschar
*dmarc_exim_expand_query(int what
)
552 if (dmarc_disable_verify
|| !dmarc_pctx
)
553 return dmarc_exim_expand_defaults(what
);
556 case DMARC_VERIFY_STATUS
:
557 return(dmarc_status
);
563 uschar
*dmarc_exim_expand_defaults(int what
)
566 case DMARC_VERIFY_STATUS
:
567 return (dmarc_disable_verify
) ?
575 uschar
*dmarc_auth_results_header(header_line
*from_header
, uschar
*hostname
)
577 uschar
*hdr_tmp
= US
"";
579 /* Allow a server hostname to be passed to this function, but is
580 * currently unused */
581 if (hostname
== NULL
)
582 hostname
= primary_hostname
;
583 hdr_tmp
= string_sprintf("%s %s;", DMARC_AR_HEADER
, hostname
);
586 /* I don't think this belongs here, but left it here commented out
587 * because it was a lot of work to get working right. */
588 if (spf_response
!= NULL
) {
589 uschar
*dmarc_ar_spf
= US
"";
591 sr
= spf_response
->result
;
592 dmarc_ar_spf
= (sr
== SPF_RESULT_NEUTRAL
) ? US
"neutral" :
593 (sr
== SPF_RESULT_PASS
) ? US
"pass" :
594 (sr
== SPF_RESULT_FAIL
) ? US
"fail" :
595 (sr
== SPF_RESULT_SOFTFAIL
) ? US
"softfail" :
597 hdr_tmp
= string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
598 hdr_tmp
, dmarc_ar_spf_result
,
599 spf_response
->header_comment
,
600 expand_string(US
"$sender_address") );
603 hdr_tmp
= string_sprintf("%s dmarc=%s",
604 hdr_tmp
, dmarc_pass_fail
);
605 if (header_from_sender
)
606 hdr_tmp
= string_sprintf("%s header.from=%s",
607 hdr_tmp
, header_from_sender
);
611 #endif /* EXPERIMENTAL_SPF */
612 #endif /* EXPERIMENTAL_DMARC */
614 // vim:sw=2 expandtab