projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Doc: Improve clarity on -be
[exim.git] / src / src / dmarc.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4 /* Experimental DMARC support.
5 Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014
6 License: GPL */
7
8 /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
9 All rights reserved, licensed for use per LICENSE.opendmarc. */
10
11 /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */
12
13 #include "exim.h"
14 #ifdef EXPERIMENTAL_DMARC
15 # if !defined EXPERIMENTAL_SPF
16 # error SPF must also be enabled for DMARC
17 # elif defined DISABLE_DKIM
18 # error DKIM must also be enabled for DMARC
19 # else
20
21 # include "functions.h"
22 # include "dmarc.h"
23 # include "pdkim/pdkim.h"
24
25 OPENDMARC_LIB_T dmarc_ctx;
26 DMARC_POLICY_T *dmarc_pctx = NULL;
27 OPENDMARC_STATUS_T libdm_status, action, dmarc_policy;
28 OPENDMARC_STATUS_T da, sa, action;
29 BOOL dmarc_abort = FALSE;
30 uschar *dmarc_pass_fail = US"skipped";
31 extern pdkim_signature *dkim_signatures;
32 header_line *from_header = NULL;
33 extern SPF_response_t *spf_response;
34 int dmarc_spf_ares_result = 0;
35 uschar *spf_sender_domain = NULL;
36 uschar *spf_human_readable = NULL;
37 u_char *header_from_sender = NULL;
38 int history_file_status = DMARC_HIST_OK;
39 uschar *dkim_history_buffer= NULL;
40
41 typedef struct dmarc_exim_p {
42 uschar *name;
43 int value;
44 } dmarc_exim_p;
45
46 static dmarc_exim_p dmarc_policy_description[] = {
47 { US"", DMARC_RECORD_P_UNSPECIFIED },
48 { US"none", DMARC_RECORD_P_NONE },
49 { US"quarantine", DMARC_RECORD_P_QUARANTINE },
50 { US"reject", DMARC_RECORD_P_REJECT },
51 { NULL, 0 }
52 };
53 /* Accept an error_block struct, initialize if empty, parse to the
54 * end, and append the two strings passed to it. Used for adding
55 * variable amounts of value:pair data to the forensic emails. */
56
57 static error_block *
58 add_to_eblock(error_block *eblock, uschar *t1, uschar *t2)
59 {
60 error_block *eb = malloc(sizeof(error_block));
61 if (eblock == NULL)
62 eblock = eb;
63 else
64 {
65 /* Find the end of the eblock struct and point it at eb */
66 error_block *tmp = eblock;
67 while(tmp->next != NULL)
68 tmp = tmp->next;
69 tmp->next = eb;
70 }
71 eb->text1 = t1;
72 eb->text2 = t2;
73 eb->next = NULL;
74 return eblock;
75 }
76
77 /* dmarc_init sets up a context that can be re-used for several
78 messages on the same SMTP connection (that come from the
79 same host with the same HELO string) */
80
81 int dmarc_init()
82 {
83 int *netmask = NULL; /* Ignored */
84 int is_ipv6 = 0;
85 char *tld_file = (dmarc_tld_file == NULL) ?
86 "/etc/exim/opendmarc.tlds" :
87 (char *)dmarc_tld_file;
88
89 /* Set some sane defaults. Also clears previous results when
90 * multiple messages in one connection. */
91 dmarc_pctx = NULL;
92 dmarc_status = US"none";
93 dmarc_abort = FALSE;
94 dmarc_pass_fail = US"skipped";
95 dmarc_used_domain = US"";
96 dmarc_ar_header = NULL;
97 dmarc_has_been_checked = FALSE;
98 header_from_sender = NULL;
99 spf_sender_domain = NULL;
100 spf_human_readable = NULL;
101
102 /* ACLs have "control=dmarc_disable_verify" */
103 if (dmarc_disable_verify == TRUE)
104 return OK;
105
106 (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx);
107 dmarc_ctx.nscount = 0;
108 libdm_status = opendmarc_policy_library_init(&dmarc_ctx);
109 if (libdm_status != DMARC_PARSE_OKAY)
110 {
111 log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s",
112 opendmarc_policy_status_to_str(libdm_status));
113 dmarc_abort = TRUE;
114 }
115 if (dmarc_tld_file == NULL)
116 dmarc_abort = TRUE;
117 else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL))
118 {
119 log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d",
120 tld_file, errno);
121 dmarc_abort = TRUE;
122 }
123 if (sender_host_address == NULL)
124 dmarc_abort = TRUE;
125 /* This catches locally originated email and startup errors above. */
126 if (!dmarc_abort)
127 {
128 is_ipv6 = string_is_ip_address(sender_host_address, netmask) == 6;
129 dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6);
130 if (dmarc_pctx == NULL)
131 {
132 log_write(0, LOG_MAIN|LOG_PANIC,
133 "DMARC failure creating policy context: ip=%s", sender_host_address);
134 dmarc_abort = TRUE;
135 }
136 }
137
138 return OK;
139 }
140
141
142 /* dmarc_store_data stores the header data so that subsequent
143 * dmarc_process can access the data */
144
145 int dmarc_store_data(header_line *hdr) {
146 /* No debug output because would change every test debug output */
147 if (dmarc_disable_verify != TRUE)
148 from_header = hdr;
149 return OK;
150 }
151
152
153 /* dmarc_process adds the envelope sender address to the existing
154 context (if any), retrieves the result, sets up expansion
155 strings and evaluates the condition outcome. */
156
157 int
158 dmarc_process()
159 {
160 int sr, origin; /* used in SPF section */
161 int dmarc_spf_result = 0; /* stores spf into dmarc conn ctx */
162 int tmp_ans, c;
163 pdkim_signature *sig = NULL;
164 BOOL has_dmarc_record = TRUE;
165 u_char **ruf; /* forensic report addressees, if called for */
166
167 /* ACLs have "control=dmarc_disable_verify" */
168 if (dmarc_disable_verify)
169 {
170 dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
171 return OK;
172 }
173
174 /* Store the header From: sender domain for this part of DMARC.
175 * If there is no from_header struct, then it's likely this message
176 * is locally generated and relying on fixups to add it. Just skip
177 * the entire DMARC system if we can't find a From: header....or if
178 * there was a previous error.
179 */
180 if (!from_header || dmarc_abort)
181 dmarc_abort = TRUE;
182 else
183 {
184 uschar * errormsg;
185 int dummy, domain;
186 uschar * p;
187 uschar saveend;
188
189 parse_allow_group = TRUE;
190 p = parse_find_address_end(from_header->text, FALSE);
191 saveend = *p; *p = '\0';
192 if ((header_from_sender = parse_extract_address(from_header->text, &errormsg,
193 &dummy, &dummy, &domain, FALSE)))
194 header_from_sender += domain;
195 *p = saveend;
196
197 /* The opendmarc library extracts the domain from the email address, but
198 * only try to store it if it's not empty. Otherwise, skip out of DMARC. */
199 if (!header_from_sender || (strcmp( CCS header_from_sender, "") == 0))
200 dmarc_abort = TRUE;
201 libdm_status = dmarc_abort ?
202 DMARC_PARSE_OKAY :
203 opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender);
204 if (libdm_status != DMARC_PARSE_OKAY)
205 {
206 log_write(0, LOG_MAIN|LOG_PANIC,
207 "failure to store header From: in DMARC: %s, header was '%s'",
208 opendmarc_policy_status_to_str(libdm_status), from_header->text);
209 dmarc_abort = TRUE;
210 }
211 }
212
213 /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should
214 * instead do this in the ACLs. */
215 if (!dmarc_abort && !sender_host_authenticated)
216 {
217 /* Use the envelope sender domain for this part of DMARC */
218 spf_sender_domain = expand_string(US"$sender_address_domain");
219 if (!spf_response)
220 {
221 /* No spf data means null envelope sender so generate a domain name
222 * from the sender_helo_name */
223 if (!spf_sender_domain)
224 {
225 spf_sender_domain = sender_helo_name;
226 log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n",
227 spf_sender_domain);
228 DEBUG(D_receive)
229 debug_printf("DMARC using synthesized SPF sender domain = %s\n",
230 spf_sender_domain);
231 }
232 dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE;
233 dmarc_spf_ares_result = ARES_RESULT_UNKNOWN;
234 origin = DMARC_POLICY_SPF_ORIGIN_HELO;
235 spf_human_readable = US"";
236 }
237 else
238 {
239 sr = spf_response->result;
240 dmarc_spf_result = sr == SPF_RESULT_NEUTRAL ? DMARC_POLICY_SPF_OUTCOME_NONE :
241 sr == SPF_RESULT_PASS ? DMARC_POLICY_SPF_OUTCOME_PASS :
242 sr == SPF_RESULT_FAIL ? DMARC_POLICY_SPF_OUTCOME_FAIL :
243 sr == SPF_RESULT_SOFTFAIL ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL :
244 DMARC_POLICY_SPF_OUTCOME_NONE;
245 dmarc_spf_ares_result = sr == SPF_RESULT_NEUTRAL ? ARES_RESULT_NEUTRAL :
246 sr == SPF_RESULT_PASS ? ARES_RESULT_PASS :
247 sr == SPF_RESULT_FAIL ? ARES_RESULT_FAIL :
248 sr == SPF_RESULT_SOFTFAIL ? ARES_RESULT_SOFTFAIL :
249 sr == SPF_RESULT_NONE ? ARES_RESULT_NONE :
250 sr == SPF_RESULT_TEMPERROR ? ARES_RESULT_TEMPERROR :
251 sr == SPF_RESULT_PERMERROR ? ARES_RESULT_PERMERROR :
252 ARES_RESULT_UNKNOWN;
253 origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM;
254 spf_human_readable = (uschar *)spf_response->header_comment;
255 DEBUG(D_receive)
256 debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain);
257 }
258 if (strcmp( CCS spf_sender_domain, "") == 0)
259 dmarc_abort = TRUE;
260 if (!dmarc_abort)
261 {
262 libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain,
263 dmarc_spf_result, origin, spf_human_readable);
264 if (libdm_status != DMARC_PARSE_OKAY)
265 log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s",
266 opendmarc_policy_status_to_str(libdm_status));
267 }
268
269 /* Now we cycle through the dkim signature results and put into
270 * the opendmarc context, further building the DMARC reply. */
271 sig = dkim_signatures;
272 dkim_history_buffer = US"";
273 while (sig)
274 {
275 int dkim_result, dkim_ares_result, vs, ves;
276 vs = sig->verify_status;
277 ves = sig->verify_ext_status;
278 dkim_result = vs == PDKIM_VERIFY_PASS ? DMARC_POLICY_DKIM_OUTCOME_PASS :
279 vs == PDKIM_VERIFY_FAIL ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
280 vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
281 DMARC_POLICY_DKIM_OUTCOME_NONE;
282 libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain,
283 dkim_result, US"");
284 DEBUG(D_receive)
285 debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
286 if (libdm_status != DMARC_PARSE_OKAY)
287 log_write(0, LOG_MAIN|LOG_PANIC,
288 "failure to store dkim (%s) for DMARC: %s",
289 sig->domain, opendmarc_policy_status_to_str(libdm_status));
290
291 dkim_ares_result =
292 vs == PDKIM_VERIFY_PASS ? ARES_RESULT_PASS :
293 vs == PDKIM_VERIFY_FAIL ? ARES_RESULT_FAIL :
294 vs == PDKIM_VERIFY_NONE ? ARES_RESULT_NONE :
295 vs == PDKIM_VERIFY_INVALID ?
296 ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR :
297 ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR :
298 ves == PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD ? ARES_RESULT_PERMERROR :
299 ves == PDKIM_VERIFY_INVALID_PUBKEY_IMPORT ? ARES_RESULT_PERMERROR :
300 ARES_RESULT_UNKNOWN :
301 ARES_RESULT_UNKNOWN;
302 dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer,
303 sig->domain, dkim_ares_result);
304 sig = sig->next;
305 }
306 libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US"");
307 switch (libdm_status)
308 {
309 case DMARC_DNS_ERROR_NXDOMAIN:
310 case DMARC_DNS_ERROR_NO_RECORD:
311 DEBUG(D_receive)
312 debug_printf("DMARC no record found for %s\n", header_from_sender);
313 has_dmarc_record = FALSE;
314 break;
315 case DMARC_PARSE_OKAY:
316 DEBUG(D_receive)
317 debug_printf("DMARC record found for %s\n", header_from_sender);
318 break;
319 case DMARC_PARSE_ERROR_BAD_VALUE:
320 DEBUG(D_receive)
321 debug_printf("DMARC record parse error for %s\n", header_from_sender);
322 has_dmarc_record = FALSE;
323 break;
324 default:
325 /* everything else, skip dmarc */
326 DEBUG(D_receive)
327 debug_printf("DMARC skipping (%d), unsure what to do with %s",
328 libdm_status, from_header->text);
329 has_dmarc_record = FALSE;
330 break;
331 }
332
333 /* Store the policy string in an expandable variable. */
334
335 libdm_status = opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans);
336 for (c = 0; dmarc_policy_description[c].name; c++)
337 if (tmp_ans == dmarc_policy_description[c].value)
338 {
339 dmarc_domain_policy = string_sprintf("%s",dmarc_policy_description[c].name);
340 break;
341 }
342
343 /* Can't use exim's string manipulation functions so allocate memory
344 * for libopendmarc using its max hostname length definition. */
345
346 uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar));
347 libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx,
348 dmarc_domain, DMARC_MAXHOSTNAMELEN-1);
349 dmarc_used_domain = string_copy(dmarc_domain);
350 free(dmarc_domain);
351
352 if (libdm_status != DMARC_PARSE_OKAY)
353 log_write(0, LOG_MAIN|LOG_PANIC,
354 "failure to read domainname used for DMARC lookup: %s",
355 opendmarc_policy_status_to_str(libdm_status));
356
357 libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx);
358 dmarc_policy = libdm_status;
359 switch(libdm_status)
360 {
361 case DMARC_POLICY_ABSENT: /* No DMARC record found */
362 dmarc_status = US"norecord";
363 dmarc_pass_fail = US"none";
364 dmarc_status_text = US"No DMARC record";
365 action = DMARC_RESULT_ACCEPT;
366 break;
367 case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */
368 dmarc_status = US"nofrom";
369 dmarc_pass_fail = US"temperror";
370 dmarc_status_text = US"No From: domain found";
371 action = DMARC_RESULT_ACCEPT;
372 break;
373 case DMARC_POLICY_NONE: /* Accept and report */
374 dmarc_status = US"none";
375 dmarc_pass_fail = US"none";
376 dmarc_status_text = US"None, Accept";
377 action = DMARC_RESULT_ACCEPT;
378 break;
379 case DMARC_POLICY_PASS: /* Explicit accept */
380 dmarc_status = US"accept";
381 dmarc_pass_fail = US"pass";
382 dmarc_status_text = US"Accept";
383 action = DMARC_RESULT_ACCEPT;
384 break;
385 case DMARC_POLICY_REJECT: /* Explicit reject */
386 dmarc_status = US"reject";
387 dmarc_pass_fail = US"fail";
388 dmarc_status_text = US"Reject";
389 action = DMARC_RESULT_REJECT;
390 break;
391 case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */
392 dmarc_status = US"quarantine";
393 dmarc_pass_fail = US"fail";
394 dmarc_status_text = US"Quarantine";
395 action = DMARC_RESULT_QUARANTINE;
396 break;
397 default:
398 dmarc_status = US"temperror";
399 dmarc_pass_fail = US"temperror";
400 dmarc_status_text = US"Internal Policy Error";
401 action = DMARC_RESULT_TEMPFAIL;
402 break;
403 }
404
405 libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa);
406 if (libdm_status != DMARC_PARSE_OKAY)
407 log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
408 opendmarc_policy_status_to_str(libdm_status));
409
410 if (has_dmarc_record == TRUE)
411 {
412 log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
413 "spf_align=%s dkim_align=%s enforcement='%s'",
414 spf_sender_domain, dmarc_used_domain,
415 (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no",
416 (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no",
417 dmarc_status_text);
418 history_file_status = dmarc_write_history_file();
419 /* Now get the forensic reporting addresses, if any */
420 ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1);
421 dmarc_send_forensic_report(ruf);
422 }
423 }
424
425 /* set some global variables here */
426 dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
427
428 /* shut down libopendmarc */
429 if ( dmarc_pctx != NULL )
430 (void) opendmarc_policy_connect_shutdown(dmarc_pctx);
431 if ( dmarc_disable_verify == FALSE )
432 (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
433
434 return OK;
435 }
436
437 int
438 dmarc_write_history_file()
439 {
440 int history_file_fd;
441 ssize_t written_len;
442 int tmp_ans;
443 u_char **rua; /* aggregate report addressees */
444 uschar *history_buffer = NULL;
445
446 if (!dmarc_history_file)
447 return DMARC_HIST_DISABLED;
448 history_file_fd = log_create(dmarc_history_file);
449
450 if (history_file_fd < 0)
451 {
452 log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s",
453 dmarc_history_file);
454 return DMARC_HIST_FILE_ERR;
455 }
456
457 /* Generate the contents of the history file */
458 history_buffer = string_sprintf(
459 "job %s\nreporter %s\nreceived %ld\nipaddr %s\nfrom %s\nmfrom %s\n",
460 message_id, primary_hostname, time(NULL), sender_host_address,
461 header_from_sender, expand_string(US"$sender_address_domain"));
462
463 if (spf_response)
464 history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_ares_result);
465 /* history_buffer = string_sprintf("%sspf -1\n", history_buffer); */
466
467 history_buffer = string_sprintf(
468 "%s%spdomain %s\npolicy %d\n",
469 history_buffer, dkim_history_buffer, dmarc_used_domain, dmarc_policy);
470
471 if ((rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1)))
472 for (tmp_ans = 0; rua[tmp_ans]; tmp_ans++)
473 history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]);
474 else
475 history_buffer = string_sprintf("%srua -\n", history_buffer);
476
477 opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans);
478 history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans);
479
480 opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans);
481 history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans);
482
483 opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans);
484 history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans);
485
486 opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans);
487 history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans);
488
489 opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans);
490 history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans);
491
492 history_buffer = string_sprintf(
493 "%salign_dkim %d\nalign_spf %d\naction %d\n",
494 history_buffer, da, sa, action);
495
496 /* Write the contents to the history file */
497 DEBUG(D_receive)
498 debug_printf("DMARC logging history data for opendmarc reporting%s\n",
499 (host_checking || running_in_test_harness) ? " (not really)" : "");
500 if (host_checking || running_in_test_harness)
501 {
502 DEBUG(D_receive)
503 debug_printf("DMARC history data for debugging:\n%s", history_buffer);
504 }
505 else
506 {
507 written_len = write_to_fd_buf(history_file_fd,
508 history_buffer,
509 Ustrlen(history_buffer));
510 if (written_len == 0)
511 {
512 log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s",
513 dmarc_history_file);
514 return DMARC_HIST_WRITE_ERR;
515 }
516 (void)close(history_file_fd);
517 }
518 return DMARC_HIST_OK;
519 }
520
521 void
522 dmarc_send_forensic_report(u_char **ruf)
523 {
524 int c;
525 uschar *recipient, *save_sender;
526 BOOL send_status = FALSE;
527 error_block *eblock = NULL;
528 FILE *message_file = NULL;
529
530 /* Earlier ACL does not have *required* control=dmarc_enable_forensic */
531 if (!dmarc_enable_forensic)
532 return;
533
534 if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) ||
535 (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) )
536 if (ruf)
537 {
538 eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain);
539 eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address);
540 eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full));
541 eblock = add_to_eblock(eblock, US"SPF Alignment",
542 (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no");
543 eblock = add_to_eblock(eblock, US"DKIM Alignment",
544 (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no");
545 eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text);
546 /* Set a sane default envelope sender */
547 dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender :
548 dsn_from ? dsn_from :
549 string_sprintf("do-not-reply@%s",primary_hostname);
550 for (c = 0; ruf[c]; c++)
551 {
552 recipient = string_copylc(ruf[c]);
553 if (Ustrncmp(recipient, "mailto:",7))
554 continue;
555 /* Move to first character past the colon */
556 recipient += 7;
557 DEBUG(D_receive)
558 debug_printf("DMARC forensic report to %s%s\n", recipient,
559 (host_checking || running_in_test_harness) ? " (not really)" : "");
560 if (host_checking || running_in_test_harness)
561 continue;
562
563 save_sender = sender_address;
564 sender_address = recipient;
565 send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock,
566 header_list, message_file, FALSE);
567 sender_address = save_sender;
568 if (!send_status)
569 log_write(0, LOG_MAIN|LOG_PANIC,
570 "failure to send DMARC forensic report to %s", recipient);
571 }
572 }
573 }
574
575 uschar *
576 dmarc_exim_expand_query(int what)
577 {
578 if (dmarc_disable_verify || !dmarc_pctx)
579 return dmarc_exim_expand_defaults(what);
580
581 switch(what)
582 {
583 case DMARC_VERIFY_STATUS:
584 return(dmarc_status);
585 default:
586 return US"";
587 }
588 }
589
590 uschar *
591 dmarc_exim_expand_defaults(int what)
592 {
593 switch(what)
594 {
595 case DMARC_VERIFY_STATUS:
596 return dmarc_disable_verify ? US"off" : US"none";
597 default:
598 return US"";
599 }
600 }
601
602 uschar *
603 dmarc_auth_results_header(header_line *from_header, uschar *hostname)
604 {
605 uschar *hdr_tmp = US"";
606
607 /* Allow a server hostname to be passed to this function, but is
608 * currently unused */
609 if (!hostname)
610 hostname = primary_hostname;
611 hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname);
612
613 #if 0
614 /* I don't think this belongs here, but left it here commented out
615 * because it was a lot of work to get working right. */
616 if (spf_response != NULL) {
617 uschar *dmarc_ar_spf = US"";
618 int sr = 0;
619 sr = spf_response->result;
620 dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" :
621 (sr == SPF_RESULT_PASS) ? US"pass" :
622 (sr == SPF_RESULT_FAIL) ? US"fail" :
623 (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" :
624 US"none";
625 hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
626 hdr_tmp, dmarc_ar_spf_result,
627 spf_response->header_comment,
628 expand_string(US"$sender_address") );
629 }
630 #endif
631
632 hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail);
633 if (header_from_sender)
634 hdr_tmp = string_sprintf("%s header.from=%s",
635 hdr_tmp, header_from_sender);
636 return hdr_tmp;
637 }
638
639 # endif /* EXPERIMENTAL_SPF */
640 #endif /* EXPERIMENTAL_DMARC */
641 /* vi: aw ai sw=2
642 */
Unnamed repository; edit this file 'description' to name the repository.