DMARC: add results to generic authres string; remove $dmarc_ar_header

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index eb0e1a346f21f0e3c3604b0d6ba4265eb45129e8..1dff01fb5bce44aac3d2b7c09975e11c1bb84357 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -160,6 +160,9 @@ JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
       (propating to people being dropped from mailing lists).
       Discovered and pinpointed by David Carter.
 
       (propating to people being dropped from mailing lists).
       Discovered and pinpointed by David Carter.
 

+JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+      replaced by the ${authresults } expansion.
+

 
 Exim version 4.90
 -----------------
 
 Exim version 4.90
 -----------------

diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 839200c6cd0923d63bfbb92bfd55431ea21b6a2b..2cac9e90d20920fee47d63d6673b3ca1467c5e68 100644 (file)
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -548,9 +548,8 @@ expansion variables are available:
     are "none", "reject" and "quarantine".  It is blank when there
     is any error, including no DMARC record.
 
     are "none", "reject" and "quarantine".  It is blank when there
     is any error, including no DMARC record.
 

-  o $dmarc_ar_header
-    This is the entire Authentication-Results header which you can
-    add using an add_header modifier.
+A now-redundant variable $dmarc_ar_header has now been withdrawn.
+Use the ${authresults } expansion instead.

 
 
 5. How to enable DMARC advanced operation:
 
 
 5. How to enable DMARC advanced operation:

diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index 0032afe8714a6cb9d43c41f4e067ab913bb77c00..0b45e100aba618af82703ae0b09c3c5db7958cae 100644 (file)
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -93,7 +93,6 @@ dmarc_status       = US"none";
 dmarc_abort        = FALSE;
 dmarc_pass_fail    = US"skipped";
 dmarc_used_domain  = US"";
 dmarc_abort        = FALSE;
 dmarc_pass_fail    = US"skipped";
 dmarc_used_domain  = US"";

-dmarc_ar_header    = NULL;

 dmarc_has_been_checked = FALSE;
 header_from_sender = NULL;
 spf_sender_domain  = NULL;
 dmarc_has_been_checked = FALSE;
 header_from_sender = NULL;
 spf_sender_domain  = NULL;


@@ -140,13 +139,15 @@ return OK;
 
 
 /* dmarc_store_data stores the header data so that subsequent
 
 
 /* dmarc_store_data stores the header data so that subsequent

- * dmarc_process can access the data */
+dmarc_process can access the data */

 
 

-int dmarc_store_data(header_line *hdr) {
-  /* No debug output because would change every test debug output */
-  if (dmarc_disable_verify != TRUE)
-    from_header = hdr;
-  return OK;
+int
+dmarc_store_data(header_line *hdr)
+{
+/* No debug output because would change every test debug output */
+if (!dmarc_disable_verify)
+  from_header = hdr;
+return OK;

 }
 
 
 }
 
 


@@ -208,8 +209,8 @@ if (  dmarc_policy == DMARC_POLICY_REJECT     && action == DMARC_RESULT_REJECT
 }
 
 /* dmarc_process adds the envelope sender address to the existing
 }
 
 /* dmarc_process adds the envelope sender address to the existing

-   context (if any), retrieves the result, sets up expansion
-   strings and evaluates the condition outcome. */
+context (if any), retrieves the result, sets up expansion
+strings and evaluates the condition outcome. */

 
 int
 dmarc_process()
 
 int
 dmarc_process()


@@ -223,10 +224,7 @@ u_char **ruf; /* forensic report addressees, if called for */
 
 /* ACLs have "control=dmarc_disable_verify" */
 if (dmarc_disable_verify)
 
 /* ACLs have "control=dmarc_disable_verify" */
 if (dmarc_disable_verify)

-  {
-  dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);

   return OK;
   return OK;

-  }

 
 /* Store the header From: sender domain for this part of DMARC.
  * If there is no from_header struct, then it's likely this message
 
 /* Store the header From: sender domain for this part of DMARC.
  * If there is no from_header struct, then it's likely this message


@@ -464,7 +462,7 @@ if (!dmarc_abort && !sender_host_authenticated)
     log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
                             opendmarc_policy_status_to_str(libdm_status));
 
     log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
                             opendmarc_policy_status_to_str(libdm_status));
 

-  if (has_dmarc_record == TRUE)
+  if (has_dmarc_record)

     {
     log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
                           "spf_align=%s dkim_align=%s enforcement='%s'",
     {
     log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
                           "spf_align=%s dkim_align=%s enforcement='%s'",


@@ -479,13 +477,10 @@ if (!dmarc_abort && !sender_host_authenticated)
     }
   }
 
     }
   }
 

-/* set some global variables here */
-dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
-

 /* shut down libopendmarc */
 /* shut down libopendmarc */

-if ( dmarc_pctx != NULL )
+if (dmarc_pctx)

   (void) opendmarc_policy_connect_shutdown(dmarc_pctx);
   (void) opendmarc_policy_connect_shutdown(dmarc_pctx);

-if ( dmarc_disable_verify == FALSE )
+if (!dmarc_disable_verify)

   (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
 
 return OK;
   (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
 
 return OK;


@@ -595,41 +590,14 @@ if (what == DMARC_VERIFY_STATUS)
 return US"";
 }
 
 return US"";
 }
 

-uschar *
-dmarc_auth_results_header(header_line *from_header, uschar *hostname)
-{
-uschar *hdr_tmp    = US"";
-
-/* Allow a server hostname to be passed to this function, but is
- * currently unused */
-if (!hostname)
-  hostname = primary_hostname;
-hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname);
-
-#if 0
-/* I don't think this belongs here, but left it here commented out
- * because it was a lot of work to get working right. */
-if (spf_response != NULL) {
-  uschar *dmarc_ar_spf = US"";
-  int sr               = 0;
-  sr = spf_response->result;
-  dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL)  ? US"neutral" :
-                (sr == SPF_RESULT_PASS)     ? US"pass" :
-                (sr == SPF_RESULT_FAIL)     ? US"fail" :
-                (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" :
-                US"none";
-  hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
-                          hdr_tmp, dmarc_ar_spf_result,
-                          spf_response->header_comment,
-                          expand_string(US"$sender_address") );
-}
-#endif

 
 

-hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail);
+gstring *
+authres_dmarc(gstring * g)
+{
+g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail);

 if (header_from_sender)
 if (header_from_sender)

-  hdr_tmp = string_sprintf("%s header.from=%s",
-                          hdr_tmp, header_from_sender);
-return hdr_tmp;
+  g = string_append(g, 2, US"header.from=", header_from_sender);
+return g;

 }
 
 # endif /* SUPPORT_SPF */
 }
 
 # endif /* SUPPORT_SPF */

diff --git a/src/src/expand.c b/src/src/expand.c
index 6f67ab138a26efa5f729fb9b62ebdb06e5cf061b..f1c8544c98a27deec67951e0919b1de5afa20935 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -518,7 +518,6 @@ static var_entry var_table[] = {
   { "dkim_verify_status",  vtype_stringptr,   &dkim_verify_status },
 #endif
 #ifdef EXPERIMENTAL_DMARC
   { "dkim_verify_status",  vtype_stringptr,   &dkim_verify_status },
 #endif
 #ifdef EXPERIMENTAL_DMARC

-  { "dmarc_ar_header",     vtype_stringptr,   &dmarc_ar_header },

   { "dmarc_domain_policy", vtype_stringptr,   &dmarc_domain_policy },
   { "dmarc_status",        vtype_stringptr,   &dmarc_status },
   { "dmarc_status_text",   vtype_stringptr,   &dmarc_status_text },
   { "dmarc_domain_policy", vtype_stringptr,   &dmarc_domain_policy },
   { "dmarc_status",        vtype_stringptr,   &dmarc_status },
   { "dmarc_status_text",   vtype_stringptr,   &dmarc_status_text },


@@ -4149,6 +4148,9 @@ while (*s != 0)
 #ifndef DISABLE_DKIM
       yield = authres_dkim(yield);
 #endif
 #ifndef DISABLE_DKIM
       yield = authres_dkim(yield);
 #endif

+#ifdef EXPERIMENTAL_DMARC
+      yield = authres_dmarc(yield);
+#endif

 #ifdef EXPERIMENTAL_ARC
       yield = authres_arc(yield);
 #endif
 #ifdef EXPERIMENTAL_ARC
       yield = authres_arc(yield);
 #endif

diff --git a/src/src/functions.h b/src/src/functions.h
index 0b261177ceb4f44e93ca8fc246db9c56d536bb4a..1b7aff08372d4260904a04c578235c765205c31e 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -112,15 +112,18 @@ extern void    auth_show_supported(FILE *);
 extern uschar *auth_xtextencode(uschar *, int);
 extern int     auth_xtextdecode(uschar *, uschar **);
 
 extern uschar *auth_xtextencode(uschar *, int);
 extern int     auth_xtextdecode(uschar *, uschar **);
 

-extern gstring *authres_smtpauth(gstring *);
-#ifdef SUPPORT_SPF
-extern gstring *authres_spf(gstring *);
+#ifdef EXPERIMENTAL_ARC
+extern gstring *authres_arc(gstring *);

 #endif
 #ifndef DISABLE_DKIM
 extern gstring *authres_dkim(gstring *);
 #endif
 #endif
 #ifndef DISABLE_DKIM
 extern gstring *authres_dkim(gstring *);
 #endif

-#ifdef EXPERIMENTAL_ARC
-extern gstring *authres_arc(gstring *);
+#ifdef EXPERIMENTAL_DMARC
+extern gstring *authres_dmarc(gstring *);
+#endif
+extern gstring *authres_smtpauth(gstring *);
+#ifdef SUPPORT_SPF
+extern gstring *authres_spf(gstring *);

 #endif
 
 extern uschar *b64encode(uschar *, int);
 #endif
 
 extern uschar *b64encode(uschar *, int);

diff --git a/src/src/globals.c b/src/src/globals.c
index b2aeb861f2cb839c2afd75a94b9aa659d3bcc115..55154646c4691acf15fbeeb486a3e84f7bab473c 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -682,7 +682,6 @@ uschar *dkim_verify_reason   = NULL;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 BOOL    dmarc_has_been_checked  = FALSE;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 BOOL    dmarc_has_been_checked  = FALSE;

-uschar *dmarc_ar_header         = NULL;

 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;

diff --git a/src/src/globals.h b/src/src/globals.h
index 63e0e424c844beab61ec89bc00eaa9bae4b83500..7bd681fe9981b41bcb0c16583128de7c1d747ccb 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -405,7 +405,6 @@ extern uschar *dkim_verify_reason;     /* result for this signature */
 #endif
 #ifdef EXPERIMENTAL_DMARC
 extern BOOL    dmarc_has_been_checked; /* Global variable to check if test has been called yet */
 #endif
 #ifdef EXPERIMENTAL_DMARC
 extern BOOL    dmarc_has_been_checked; /* Global variable to check if test has been called yet */

-extern uschar *dmarc_ar_header;        /* Expansion variable, suggested header for dmarc auth results */

 extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */
 extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index d4ffb3ce7108d545f4ad7ef69ba50a8079cc3bf0..17801838ddf8982649a3a94bae3700e6da3f19cf 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2009,7 +2009,7 @@ spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 dmarc_has_been_checked = dmarc_disable_verify = dmarc_enable_forensic = FALSE;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 dmarc_has_been_checked = dmarc_disable_verify = dmarc_enable_forensic = FALSE;

-dmarc_ar_header = dmarc_domain_policy = dmarc_forensic_sender =
+dmarc_domain_policy = dmarc_forensic_sender =

 dmarc_history_file = dmarc_status = dmarc_status_text =
 dmarc_tld_file = dmarc_used_domain = NULL;
 #endif
 dmarc_history_file = dmarc_status = dmarc_status_text =
 dmarc_tld_file = dmarc_used_domain = NULL;
 #endif