diff options
author | Mario Preksavec <mario@slackware.hr> | 2021-12-06 01:06:22 +0100 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2021-12-10 08:37:44 +0700 |
commit | ce2d5a5e9ffec3ead14379240b9d77a6bbd626ad (patch) | |
tree | 0110f19a8ebbb4f7220734eb9abf155e06bf890c /network | |
parent | 4f1672ed46c7cd09fb89b434153da482309dc43a (diff) |
network/opendmarc: Updated for version 1.4.1.1.
Signed-off-by: Mario Preksavec <mario@slackware.hr>
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network')
17 files changed, 293 insertions, 687 deletions
diff --git a/network/opendmarc/opendmarc.SlackBuild b/network/opendmarc/opendmarc.SlackBuild index d029020475a6f..5ef68fe806d00 100644 --- a/network/opendmarc/opendmarc.SlackBuild +++ b/network/opendmarc/opendmarc.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for opendmarc -# Copyright 2019 Mario Preksavec, Zagreb, Croatia +# Copyright 2019, 2021 Mario Preksavec, Zagreb, Croatia # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,11 +25,14 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=opendmarc -VERSION=${VERSION:-1.3.2} +VERSION=${VERSION:-1.4.1.1} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} +SRCNAM=rel-$PRGNAM-${VERSION//./-} +DIRNAM=OpenDMARC-$SRCNAM + if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i586 ;; @@ -97,9 +100,9 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION +rm -rf $DIRNAM +tar xvf $CWD/$SRCNAM.tar.gz +cd $DIRNAM chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -108,8 +111,13 @@ find -L . \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; # http://batleth.sapienti-sat.org/projects/opendmarc/ -# ... and a few more -for i in $CWD/patches/* ; do patch -p1 <$i ; done +# https://github.com/trusteddomainproject/OpenDMARC/pulls +for i in $CWD/patches/* ; do + case $i in + */z04_moreHeadersFailureReportVsBeta1.patch) : ;; + *) patch -p1 <$i ;; + esac +done autoreconf -vif @@ -132,10 +140,6 @@ make install DESTDIR=$PKG # Install init script install -D -m0755 -oroot -groot contrib/init/generic/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new -sed -e "s|^\(prefix=\).*|\1|" \ - -e "s|^\(exec_prefix=\).*|\1/usr|" \ - -e "s|/etc/sysconfig/opendmarc|/etc/default/opendmarc|" \ - -i $PKG/etc/rc.d/rc.$PRGNAM.new # Configure defaults install -D -m0644 -oroot -groot $PRGNAM/$PRGNAM.conf.sample $PKG/etc/$PRGNAM.conf.new @@ -149,10 +153,6 @@ sed -e "s|^# \(AuthservID\) .*|\1 HOSTNAME|" \ -e "s|^# \(UserID\) .*|\1 $PRGNAM:$PRGNAM|" \ -i $PKG/etc/$PRGNAM.conf.new -# Home directory for runtime data -mkdir -p $PKG/var/run/$PRGNAM -chown $PRGNAM:$PRGNAM $PKG/var/run/$PRGNAM - find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true @@ -160,7 +160,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a RELEASE_NOTES $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CONTRIBUTING README README.md RELEASE_NOTES $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE diff --git a/network/opendmarc/opendmarc.info b/network/opendmarc/opendmarc.info index 061a20ed5ee91..aa640887dbf20 100644 --- a/network/opendmarc/opendmarc.info +++ b/network/opendmarc/opendmarc.info @@ -1,8 +1,8 @@ PRGNAM="opendmarc" -VERSION="1.3.2" +VERSION="1.4.1.1" HOMEPAGE="http://www.trusteddomain.org/opendmarc/" -DOWNLOAD="https://sourceforge.net/projects/opendmarc/files/opendmarc-1.3.2.tar.gz" -MD5SUM="2b4e9b8be7fe61800515cef1d7e6a905" +DOWNLOAD="https://github.com/trusteddomainproject/OpenDMARC/archive/refs/tags/rel-opendmarc-1-4-1-1.tar.gz" +MD5SUM="18fe4c7bedbc6f893e96b0b47dfcc280" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" diff --git a/network/opendmarc/patches/fix-generic-init-script.diff b/network/opendmarc/patches/fix-generic-init-script.diff new file mode 100644 index 0000000000000..0c9a794915c47 --- /dev/null +++ b/network/opendmarc/patches/fix-generic-init-script.diff @@ -0,0 +1,36 @@ +--- OpenDMARC-rel-opendmarc-1-4-1-1/contrib/init/generic/opendmarc.orig 2021-04-30 18:34:43.000000000 +0200 ++++ OpenDMARC-rel-opendmarc-1-4-1-1/contrib/init/generic/opendmarc 2021-08-15 04:11:56.270775519 +0200 +@@ -19,18 +19,19 @@ + + . /etc/rc.d/init.d/functions + +-prefix=/usr/local +-exec_prefix=${prefix} ++prefix= ++exec_prefix=/usr + + RETVAL=0 + prog="opendmarc" + + DAEMON=${exec_prefix}/sbin/$prog + CONF_FILE=${prefix}/etc/$prog.conf +-PID_FILE=${prefix}/var/run/$prog/$prog.pid ++RUN_DIR=${prefix}/var/run/$prog ++PID_FILE=$RUN_DIR/$prog.pid + +-if [ -f /etc/sysconfig/opendmarc ]; then +- . /etc/sysconfig/opendmarc ++if [ -f /etc/default/opendmarc ]; then ++ . /etc/default/opendmarc + fi + + start() { +@@ -40,6 +41,8 @@ + echo OpenDMARC already running as pid $PID + exit 2; + else ++ mkdir -p $RUN_DIR ++ chown $prog:$prog $RUN_DIR + daemon $DAEMON -c $CONF_FILE -P $PID_FILE + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/opendmarc diff --git a/network/opendmarc/patches/pull116.diff b/network/opendmarc/patches/pull116.diff new file mode 100644 index 0000000000000..cdedb80324a5d --- /dev/null +++ b/network/opendmarc/patches/pull116.diff @@ -0,0 +1,131 @@ +diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h +index 1b781df..8398007 100644 +--- a/opendmarc/opendmarc-config.h ++++ b/opendmarc/opendmarc-config.h +@@ -47,6 +47,7 @@ struct configdef dmarcf_config[] = + { "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE }, ++ { "RejectString", CONFIG_TYPE_STRING, FALSE }, + { "ReportCommand", CONFIG_TYPE_STRING, FALSE }, + { "Socket", CONFIG_TYPE_STRING, FALSE }, + { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE }, +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index a1e49ec..c28aedd 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -190,6 +190,7 @@ struct dmarcf_config + char * conf_historyfile; + char * conf_pslist; + char * conf_ignorelist; ++ char * conf_rejectstring; + char ** conf_trustedauthservids; + char ** conf_ignoredomains; + struct list * conf_domainwhitelist; +@@ -1427,6 +1428,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, + &conf->conf_rejectfail, + sizeof conf->conf_rejectfail); + ++ (void) config_get(data, "RejectString", ++ &conf->conf_rejectstring, ++ sizeof conf->conf_rejectstring); ++ + (void) config_get(data, "RequiredHeaders", + &conf->conf_reqhdrs, + sizeof conf->conf_reqhdrs); +@@ -1635,6 +1640,36 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, + + pthread_rwlock_unlock(&hash_lock); + ++ if ( conf->conf_rejectstring == NULL ) { ++ conf->conf_rejectstring = DEFREJECTSTR; ++ } else { ++ /* Count occurrences of "%s" in RejectString */ ++ int countocc = 0; ++ const char *tmp = conf->conf_rejectstring; ++ if (strstr(tmp, '%%')) { ++ snprintf(err, errlen, "%s: The RejectString contains a %%%% (escaped %%)!", ++ basedir); ++ return -1; ++ } ++ while(tmp = strstr(tmp, "%s")) ++ { ++ countocc++; ++ tmp++; ++ } ++ switch ( countocc ) { ++ case 0: ++ snprintf(err, errlen, "%s: The RejectString doesn't contain %%s!", ++ basedir); ++ return -1; ++ case 1: ++ break; ++ default: ++ snprintf(err, errlen, "%s: The RejectString contains %d occurences of %%s instead of one!", ++ basedir, countocc); ++ return -1; ++ } ++ } ++ + return 0; + } + +@@ -3566,7 +3601,7 @@ mlfi_eom(SMFICTX *ctx) + random() % 100 < pct) + { + snprintf(replybuf, sizeof replybuf, +- "rejected by DMARC policy for %s", pdomain); ++ conf->conf_rejectstring, pdomain); + + status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, + DMARC_REJECT_ESC, replybuf); +diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in +index f6fd6b4..4b6df51 100644 +--- a/opendmarc/opendmarc.conf.5.in ++++ b/opendmarc/opendmarc.conf.5.in +@@ -261,6 +261,13 @@ If set, messages with multiple addresses in the From: field of the message + will be rejected unless all domain names in that field are the same. They + will otherwise be ignored by the filter (the default). + ++.TP ++.I RejectString (string) ++This string describes the reason of reject at SMTP level. ++The message MUST contain the word "%s" once, which will be replaced by the ++RFC5322.From domain. Escaped "%" ("%%") are not allowed in this string. ++The default is "rejected by DMARC policy for %s" ++ + .TP + .I ReportCommand (string) + Indicates the shell command to which failure reports should be passed for +diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample +index 7b31987..462e6cf 100644 +--- a/opendmarc/opendmarc.conf.sample ++++ b/opendmarc/opendmarc.conf.sample +@@ -303,6 +303,15 @@ + # + # RejectFailures false + ++## RejectString string ++## default ("rejected by DMARC policy for %s") ++## ++## This string describes the reason of reject. The message MUST contain the ++## word "%s" (only once), which will be replaced with the RFC5322.From domain. ++## Escaped "%" ("%%") are not allowed in this string. ++# ++# RejectString rejected by DMARC policy for %s ++ + ## RejectMultiValueFrom { true | false } + ## default "false" + ## +diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h +index e36f93a..a4593dc 100644 +--- a/opendmarc/opendmarc.h ++++ b/opendmarc/opendmarc.h +@@ -34,6 +34,7 @@ + #define BUFRSZ 2048 + #define DEFCONFFILE CONFIG_BASE "/opendmarc.conf" + #define DEFREPORTCMD "/usr/sbin/sendmail -t -odq" ++#define DEFREJECTSTR "rejected by DMARC policy for %s" + #define JOBIDUNKNOWN "(unknown-jobid)" + #define MAXARGV 65536 + #define MAXHEADER 1024 diff --git a/network/opendmarc/patches/pull172.diff b/network/opendmarc/patches/pull172.diff new file mode 100644 index 0000000000000..1b7cd634fcc0a --- /dev/null +++ b/network/opendmarc/patches/pull172.diff @@ -0,0 +1,58 @@ +diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in +index f7cea9a..52490cd 100644 +--- a/opendmarc/opendmarc.conf.5.in ++++ b/opendmarc/opendmarc.conf.5.in +@@ -196,18 +196,7 @@ aggregate reports can be extracted using + If set, the milter will signal to the mta that messages with + p=quarantine, which fail dmarc authentication, should be held in + the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-If false, messsages will be accepted and passed along with the +-regular mail flow, and the quarantine will be left up to downstream +-MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, +-including the Authentication-Results header added by this filter. +-The default is "false". +- +-.TP +-.I HoldQuarantinedMessages (Boolean) +-If set, the milter will signal to the mta that messages with +-p=quarantine, which fail dmarc authentication, should be held in +-the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-If false, messsages will be accepted and passed along with the ++If false, messages will be accepted and passed along with the + regular mail flow, and the quarantine will be left up to downstream + MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, + including the Authentication-Results header added by this filter. +diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample +index 69c9afb..0222ecd 100644 +--- a/opendmarc/opendmarc.conf.sample ++++ b/opendmarc/opendmarc.conf.sample +@@ -219,7 +219,7 @@ + ## If set, the milter will signal to the mta that messages with + ## p=quarantine, which fail dmarc authentication, should be held in + ## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-## If false, messsages will be accepted and passed along with the ++## If false, messages will be accepted and passed along with the + ## regular mail flow, and the quarantine will be left up to downstream + ## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, + ## including the Authentication-Results header added by OpenDMARC +@@ -234,20 +234,6 @@ + # + # IgnoreAuthenticatedClients false + +-## HoldQuarantinedMessages { true | false } +-## default "false" +-## +-## If set, the milter will signal to the mta that messages with +-## p=quarantine, which fail dmarc authentication, should be held in +-## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-## If false, messsages will be accepted and passed along with the +-## regular mail flow, and the quarantine will be left up to downstream +-## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, +-## including the Authentication-Results header added by OpenDMARC +-# +-# HoldQuarantinedMessages false +- +- + ## IgnoreHosts path + ## default (internal) + ## diff --git a/network/opendmarc/patches/pull178.diff b/network/opendmarc/patches/pull178.diff new file mode 100644 index 0000000000000..39eaf43386fb8 --- /dev/null +++ b/network/opendmarc/patches/pull178.diff @@ -0,0 +1,36 @@ +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 65f6b49..ffcbc3f 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2474,17 +2474,22 @@ mlfi_eom(SMFICTX *ctx) + + for (c = 1; users[c] != NULL; c++) + { +- if (strcasecmp(domains[0], domains[c]) != 0) ++ if (domains[0] != NULL ++ && domains[c] != NULL ++ && strcasecmp(domains[0], domains[c]) != 0) + { +- syslog(LOG_ERR, +- "%s: multi-valued From field detected", +- dfc->mctx_jobid); +- } ++ if (conf->conf_dolog) ++ { ++ syslog(LOG_ERR, ++ "%s: multi-valued From field detected", ++ dfc->mctx_jobid); ++ } + +- if (conf->conf_reject_multi_from) +- return SMFIS_REJECT; +- else +- return SMFIS_ACCEPT; ++ if (conf->conf_reject_multi_from) ++ return SMFIS_REJECT; ++ else ++ return SMFIS_ACCEPT; ++ } + } + + user = users[0]; diff --git a/network/opendmarc/patches/ticket137.patch b/network/opendmarc/patches/ticket137.patch deleted file mode 100644 index df6c062152b5e..0000000000000 --- a/network/opendmarc/patches/ticket137.patch +++ /dev/null @@ -1,51 +0,0 @@ -From afc1615946cd127d9ea28e0892934251c6a00a84 Mon Sep 17 00:00:00 2001 -From: "Murray S. Kucherawy" <msk@trusteddomain.org> -Date: Sat, 4 Mar 2017 08:03:22 -0800 -Subject: [PATCH] Fix bug #137: Handle base64 inside AR tokens that are values. - Problem reported by Joseph Coffland. - ---- - RELEASE_NOTES | 2 ++ - opendmarc/opendmarc-ar.c | 14 +++++++++++++- - 2 files changed, 15 insertions(+), 1 deletion(-) - -Index: opendmarc/RELEASE_NOTES -=================================================================== ---- opendmarc.orig/RELEASE_NOTES 2018-12-17 01:38:44.570329334 -0500 -+++ opendmarc/RELEASE_NOTES 2018-12-17 01:40:21.062333399 -0500 -@@ -3,6 +3,10 @@ - This listing shows the versions of the OpenDMARC package, the date of - release, and a summary of the changes in that release. - -+ 1.4.0 2017/??/?? -+ Fix bug #137: Handle base64 inside AR tokens that are values. -+ Problem reported by Joseph Coffland. -+ - 1.3.2 2016/12/19 - Feature request #86: Change meaning of "RequiredHeaders" such that - header validity is always checked, but messages are only -Index: opendmarc/opendmarc/opendmarc-ar.c -=================================================================== ---- opendmarc.orig/opendmarc/opendmarc-ar.c 2018-12-17 01:38:44.570329334 -0500 -+++ opendmarc/opendmarc/opendmarc-ar.c 2018-12-17 01:38:44.566329334 -0500 -@@ -602,7 +602,19 @@ - ar->ares_result[n - 1].result_props = r; - - prevstate = state; -- state = 9; -+ if (c < ntoks - 1 && tokens[c + 1][1] == '\0') -+ { -+ if (tokens[c + 1][0] == ';') -+ state = 2; -+ else if (tokens[c + 1][0] == '=') -+ r--; -+ else -+ state = 9; -+ } -+ else -+ { -+ state = 9; -+ } - - break; - } diff --git a/network/opendmarc/patches/ticket146.patch b/network/opendmarc/patches/ticket146.patch deleted file mode 100644 index c7f6f5748b1f7..0000000000000 --- a/network/opendmarc/patches/ticket146.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff --git a/reports/opendmarc-import.8.in b/reports/opendmarc-import.8.in -index 8f55848..4e854ac 100644 ---- a/reports/opendmarc-import.8.in -+++ b/reports/opendmarc-import.8.in -@@ -12,8 +12,6 @@ reads per-message data recorded by an instance of - and inserts it into an SQL database, for later use by - .B opendmarc-reports(8) - to generate aggregate reports. -- --Records are read from standard input. - .SH OPTIONS - .TP - .I --dbhost=hostname -@@ -44,6 +42,9 @@ the environment variable is not set. - .I --help - Prints a help message and terminates. - .TP -+.I --input=file -+Reads from the named file instead of from standard input (the default). -+.TP - .I --verbose - Increase the amount of verbosity written to standard output. - .TP -diff --git a/reports/opendmarc-import.in b/reports/opendmarc-import.in -index 5a28f2f..cccbace 100755 ---- a/reports/opendmarc-import.in -+++ b/reports/opendmarc-import.in -@@ -35,11 +35,14 @@ my $def_dbuser = "opendmarc"; - my $def_dbpasswd = "opendmarc"; - my $def_dbport = "3306"; - my $def_interval = "86400"; -+my $def_inputfh = *STDIN; - my $dbhost; - my $dbname; - my $dbuser; - my $dbpasswd; - my $dbport; -+my $inputfile; -+my $inputfh; - - my $dbscheme = "@SQL_BACKEND@"; - -@@ -326,6 +329,7 @@ sub usage - print STDERR "\t--dbpasswd=passwd database password [$def_dbpasswd]\n"; - print STDERR "\t--dbport=port database port [$def_dbport]\n"; - print STDERR "\t--dbuser=user database user [$def_dbuser]\n"; -+ print STDERR "\t--input=file input file [STDIN]\n"; - print STDERR "\t--help print help and exit\n"; - print STDERR "\t--verbose verbose output\n"; - print STDERR "\t--version print version and exit\n"; -@@ -337,6 +341,7 @@ my $opt_retval = &Getopt::Long::GetOptions ('dbhost=s' => \$dbhost, - 'dbpasswd=s' => \$dbpasswd, - 'dbport=s' => \$dbport, - 'dbuser=s' => \$dbuser, -+ 'input=s' => \$inputfile, - 'help!' => \$helponly, - 'verbose!' => \$verbose, - 'version!' => \$showversion, -@@ -428,6 +433,24 @@ if ($verbose) - print STDERR "$progname: started at " . localtime() . "\n"; - } - -+ -+if (!defined($inputfile)) -+{ -+ $inputfh = $def_inputfh; -+} -+else -+{ -+ open($inputfh, "<", $inputfile) or die "$progname: unable to open $inputfile: $!\n"; -+ if ($verbose) -+ { -+ print STDERR "$progname: opened file $inputfile\n" -+ } -+} -+if (!flock($inputfh, LOCK_SH)) -+{ -+ print STDERR "$progname: warning: unable to establish read lock\n"; -+} -+ - my $dbi_dsn = "DBI:" . $dbscheme . ":database=" . $dbname . - ";host=" . $dbhost . ";port=" . $dbport; - -@@ -447,13 +470,10 @@ if ($verbose) - # Read history file from stdin. - # - -+ - $lineno = 0; --if (!flock(STDIN, LOCK_SH)) --{ -- print STDERR "$progname: warning: unable to establish read lock\n"; --} - --while (<STDIN>) -+while (<$inputfh>) - { - $lineno++; - -@@ -592,6 +612,10 @@ if (defined($jobid)) - update_db(); - } - -+if (defined($inputfile)) -+{ -+ close($inputfh); -+} - # - # all done! - # diff --git a/network/opendmarc/patches/ticket153.patch b/network/opendmarc/patches/ticket153.patch deleted file mode 100644 index 1193409cb7d6d..0000000000000 --- a/network/opendmarc/patches/ticket153.patch +++ /dev/null @@ -1,35 +0,0 @@ -Description: do not report same dkim result multiple times - in the same record object -URL: https://sf.net/p/opendmarc/tickets/153/ -Author: Tomki ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: opendmarc-1.3.2/reports/opendmarc-reports.in -=================================================================== ---- opendmarc-1.3.2.orig/reports/opendmarc-reports.in 2017-03-13 19:01:56.496961757 -0400 -+++ opendmarc-1.3.2/reports/opendmarc-reports.in 2017-03-13 19:01:56.492961756 -0400 -@@ -703,6 +703,7 @@ - exit(1); - } - -+ my %dkim_domain_result_cache = (); - while ($dbi_a = $dbi_d->fetchrow_arrayref()) - { - undef $dkimdomain; -@@ -716,11 +717,15 @@ - $dkimresult = $dbi_a->[1]; - } - -- - if (!defined($dkimdomain)) - { - next; - } -+ if (defined($dkim_domain_result_cache{$dkimdomain}{$dkimresult})) -+ { -+ next; # no duplicate per-record auth_result dkim sections -+ } -+ $dkim_domain_result_cache{$dkimdomain}{$dkimresult}++; - - switch ($dkimresult) - { diff --git a/network/opendmarc/patches/ticket180.patch b/network/opendmarc/patches/ticket180.patch deleted file mode 100644 index cd38c39c383b8..0000000000000 --- a/network/opendmarc/patches/ticket180.patch +++ /dev/null @@ -1,280 +0,0 @@ -diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h -index 7ba394b..28f605e 100644 ---- a/opendmarc/opendmarc-config.h -+++ b/opendmarc/opendmarc-config.h -@@ -36,6 +36,7 @@ struct configdef dmarcf_config[] = - { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, - { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, - { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, -+ { "OverrideMLM", CONFIG_TYPE_STRING, FALSE }, - { "PidFile", CONFIG_TYPE_STRING, FALSE }, - { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, - { "RecordAllMessages", CONFIG_TYPE_BOOLEAN, FALSE }, -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index ba04312..07e089d 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -168,6 +168,7 @@ struct dmarcf_config - char * conf_ignorelist; - char ** conf_trustedauthservids; - char ** conf_ignoredomains; -+ struct list * conf_overridemlm; - }; - - /* LIST -- basic linked list of strings */ -@@ -1221,6 +1222,18 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, - if (str != NULL) - dmarcf_mkarray(str, &conf->conf_ignoredomains); - -+ str = NULL; -+ (void) config_get(data, "OverrideMLM", &str, sizeof str); -+ if (str != NULL) -+ { -+ if (!dmarcf_loadlist(str, &conf->conf_overridemlm)) -+ { -+ fprintf(stderr, -+ "%s: can't load override MLM list from %s: %s\n", -+ progname, str, strerror(errno)); -+ } -+ } -+ - (void) config_get(data, "AuthservIDWithJobID", - &conf->conf_authservidwithjobid, - sizeof conf->conf_authservidwithjobid); -@@ -2982,30 +2995,45 @@ mlfi_eom(SMFICTX *ctx) - case DMARC_POLICY_REJECT: /* Explicit reject */ - aresult = "fail"; - -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_overridemlm != NULL && -+ (dmarcf_checkhost(cc->cctx_host, conf->conf_overridemlm) || -+ (dmarcf_checkip((struct sockaddr *)&cc->cctx_ip, conf->conf_overridemlm)))) - { -- snprintf(replybuf, sizeof replybuf, -- "rejected by DMARC policy for %s", pdomain); -- -- status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, -- DMARC_REJECT_ESC, replybuf); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_dolog) - { -- syslog(LOG_ERR, "%s: smfi_setreply() failed", -- dfc->mctx_jobid); -+ syslog(LOG_INFO, "%s: overriding policy for mail from %s: MLM", -+ dfc->mctx_jobid, dfc->mctx_fromdomain); - } -- -- ret = SMFIS_REJECT; -- result = DMARC_RESULT_REJECT; -+ ret = SMFIS_ACCEPT; -+ result = DMARC_RESULT_OVRD_MAILING_LIST; - } -- -- if (conf->conf_copyfailsto != NULL) -+ else - { -- status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_rejectfail && random() % 100 < pct) -+ { -+ snprintf(replybuf, sizeof replybuf, -+ "rejected by DMARC policy for %s", pdomain); -+ -+ status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, -+ DMARC_REJECT_ESC, replybuf); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_setreply() failed", -+ dfc->mctx_jobid); -+ } -+ -+ ret = SMFIS_REJECT; -+ result = DMARC_RESULT_REJECT; -+ } -+ -+ if (conf->conf_copyfailsto != NULL) - { -- syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -- dfc->mctx_jobid); -+ status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -+ dfc->mctx_jobid); -+ } - } - } - -@@ -3014,30 +3042,45 @@ mlfi_eom(SMFICTX *ctx) - case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ - aresult = "fail"; - -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_overridemlm != NULL && -+ (dmarcf_checkhost(cc->cctx_host, conf->conf_overridemlm) || -+ (dmarcf_checkip((struct sockaddr *)&cc->cctx_ip, conf->conf_overridemlm)))) - { -- snprintf(replybuf, sizeof replybuf, -- "quarantined by DMARC policy for %s", -- pdomain); -- -- status = smfi_quarantine(ctx, replybuf); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_dolog) - { -- syslog(LOG_ERR, "%s: smfi_quarantine() failed", -- dfc->mctx_jobid); -+ syslog(LOG_INFO, "%s: overriding policy for mail from %s: MLM", -+ dfc->mctx_jobid, dfc->mctx_fromdomain); - } -- - ret = SMFIS_ACCEPT; -- result = DMARC_RESULT_QUARANTINE; -+ result = DMARC_RESULT_OVRD_MAILING_LIST; - } -- -- if (conf->conf_copyfailsto != NULL) -+ else - { -- status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_rejectfail && random() % 100 < pct) -+ { -+ snprintf(replybuf, sizeof replybuf, -+ "quarantined by DMARC policy for %s", -+ pdomain); -+ -+ status = smfi_quarantine(ctx, replybuf); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_quarantine() failed", -+ dfc->mctx_jobid); -+ } -+ -+ ret = SMFIS_ACCEPT; -+ result = DMARC_RESULT_QUARANTINE; -+ } -+ -+ if (conf->conf_copyfailsto != NULL) - { -- syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -- dfc->mctx_jobid); -+ status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -+ dfc->mctx_jobid); -+ } - } - } - -diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in -index bdf2550..9ee16ae 100644 ---- a/opendmarc/opendmarc.conf.5.in -+++ b/opendmarc/opendmarc.conf.5.in -@@ -190,6 +190,14 @@ Sets the debug level to be requested from the milter library. The - default is 0. - - .TP -+.I OverrideMLM (string) -+Specifies the path to a file that contains a list of hostnames, IP -+addresses, and/or CIDR expressions identifying hosts that run -+mailing lists. Mails from these systems will be accepted even if -+all DMARC tests fail. Such cases will be reported as "override/ -+reason: MLM" -+ -+.TP - .I PidFile (string) - Specifies the path to a file that should be created at process start - containing the process ID. -diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample -index 97b210f..fbfa49d 100644 ---- a/opendmarc/opendmarc.conf.sample -+++ b/opendmarc/opendmarc.conf.sample -@@ -212,6 +212,17 @@ - # - # MilterDebug 0 - -+## OverrideMLM (path) -+## default (none) -+## -+## Specifies the path to a file that contains a list of hostnames, IP -+## addresses, and/or CIDR expressions identifying hosts that run -+## mailing lists. Mails from these systems will be accepted even if -+## all DMARC tests fail. Such cases will be reported as "override/ -+## reason: MLM" -+# -+# OverrideMLM /usr/local/etc/opendmarc/overrideMLM.conf -+ - ## PidFile path - ## default (none) - ## -diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h -index c1d6593..f9b1e0b 100644 ---- a/opendmarc/opendmarc.h -+++ b/opendmarc/opendmarc.h -@@ -52,6 +52,12 @@ - #define DMARC_RESULT_ACCEPT 2 - #define DMARC_RESULT_TEMPFAIL 3 - #define DMARC_RESULT_QUARANTINE 4 -+#define DMARC_RESULT_OVRD_FORWARDED 5 -+#define DMARC_RESULT_OVRD_SAMPLED_OUT 6 -+#define DMARC_RESULT_OVRD_TRUSTED_FORWARDER 7 -+#define DMARC_RESULT_OVRD_MAILING_LIST 8 -+#define DMARC_RESULT_OVRD_LOCAL_POLICY 9 -+#define DMARC_RESULT_OVRD_OTHER 10 - - /* prototypes, etc., exported for test.c */ - extern char *progname; -diff --git a/reports/opendmarc-reports.in b/reports/opendmarc-reports.in -index 2da1c31..a489c95 100755 ---- a/reports/opendmarc-reports.in -+++ b/reports/opendmarc-reports.in -@@ -91,6 +91,8 @@ my $ipaddr; - my $fromdomain; - my $envdomain; - my $dkimdomain; -+my $reason; -+my $comment; - - my $repdest; - -@@ -609,6 +611,8 @@ foreach (@$domainset) - while ($dbi_a = $dbi_s->fetchrow_arrayref()) - { - undef $msgid; -+ undef $reason; -+ undef $comment; - - if (defined($dbi_a->[0])) - { -@@ -656,6 +660,12 @@ foreach (@$domainset) - case 1 { $dispstr = "reject"; } - case 2 { $dispstr = "none"; } - case 4 { $dispstr = "quarantine"; } -+ case 5 { $dispstr = "none"; $reason = "forwarded"; } -+ case 6 { $dispstr = "none"; $reason = "sampled_out"; } -+ case 7 { $dispstr = "none"; $reason = "trusted_forwarder"; } -+ case 8 { $dispstr = "none"; $reason = "mailing_list"; } -+ case 9 { $dispstr = "none"; $reason = "local_policy"; $comment = ""; } -+ case 10 { $dispstr = "none"; $reason = "other"; $comment = ""; } - else { $dispstr = "unknown"; } - } - -@@ -697,6 +707,16 @@ foreach (@$domainset) - print $tmpout " <disposition>$dispstr</disposition>\n"; - print $tmpout " <dkim>$align_dkimstr</dkim>\n"; - print $tmpout " <spf>$align_spfstr</spf>\n"; -+ if (defined($reason)) -+ { -+ print $tmpout " <reason>\n"; -+ print $tmpout " <type>$reason</type>\n"; -+ if (defined($comment)) -+ { -+ print $tmpout " <comment>$comment</$comment>\n"; -+ } -+ print $tmpout " </reason>\n"; -+ } - print $tmpout " </policy_evaluated>\n"; - print $tmpout " </row>\n"; - print $tmpout " <identifiers>\n"; diff --git a/network/opendmarc/patches/ticket193.patch b/network/opendmarc/patches/ticket193-fixed.patch index 1ee1911174e97..7ccb1424c5b03 100644 --- a/network/opendmarc/patches/ticket193.patch +++ b/network/opendmarc/patches/ticket193-fixed.patch @@ -32,15 +32,6 @@ Index: opendmarc/db/schema.mysql -- A table for mapping domain names and their DMARC policies to IDs CREATE TABLE IF NOT EXISTS domains ( -@@ -28,7 +29,7 @@ - pct TINYINT NOT NULL, - locked TINYINT NOT NULL DEFAULT '0', - firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, -- lastsent TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', -+ lastsent TIMESTAMP NOT NULL DEFAULT '1970-01-01 00:00:01', - - PRIMARY KEY(id), - KEY(lastsent), Index: opendmarc/db/update-db-schema.mysql =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -93,7 +84,7 @@ Index: opendmarc/reports/opendmarc-import.in =================================================================== --- opendmarc.orig/reports/opendmarc-import.in 2018-12-17 01:41:11.326335516 -0500 +++ opendmarc/reports/opendmarc-import.in 2018-12-17 01:41:11.322335516 -0500 -@@ -207,20 +207,18 @@ +@@ -207,14 +207,12 @@ $envfrom_id = get_table_id($envdomain, "domains"); $pdomain_id = get_table_id($pdomain, "domains"); $ipaddr_id = get_table_id($ipaddr, "ipaddr", "addr"); @@ -110,13 +101,6 @@ Index: opendmarc/reports/opendmarc-import.in return; } -- $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); -- if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $spf, $align_spf, $align_dkim, $sigcount)) -+ $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, policy_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); -+ if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $pdomain_id, $spf, $align_spf, $align_dkim, $sigcount)) - { - print STDERR "$progname: failed to insert message: " . $dbi_h->errstr . "\n"; - return; @@ -278,41 +276,51 @@ } $dbi_s->finish; diff --git a/network/opendmarc/patches/ticket203.patch b/network/opendmarc/patches/ticket203.patch deleted file mode 100644 index 8aa5113176dc0..0000000000000 --- a/network/opendmarc/patches/ticket203.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c -index 862c449..8048ec3 100644 ---- a/libopendmarc/opendmarc_policy.c -+++ b/libopendmarc/opendmarc_policy.c -@@ -1087,6 +1087,10 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - /* - * A possibly comma delimited list of URI of where to send reports. - */ -+ -+ if (pctx->rua_list != NULL) -+ return DMARC_PARSE_ERROR_BAD_VALUE; -+ - for (xp = vp; *xp != '\0'; ) - { - u_char xbuf[256]; -@@ -1115,6 +1119,10 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - * A possibly comma delimited list of URI of where to send - * MARF reports. - */ -+ -+ if (pctx->ruf_list != NULL) -+ return DMARC_PARSE_ERROR_BAD_VALUE; -+ - for (xp = vp; *xp != '\0'; ) - { - u_char xbuf[256]; diff --git a/network/opendmarc/patches/ticket207.patch b/network/opendmarc/patches/ticket207-fixed.patch index e86b8c770466f..149a676c76edf 100644 --- a/network/opendmarc/patches/ticket207.patch +++ b/network/opendmarc/patches/ticket207-fixed.patch @@ -39,11 +39,11 @@ Index: opendmarc/reports/opendmarc-reports.in $dbi_s->finish; @@ -564,7 +570,7 @@ - print $tmpout " </report_metadata>\n"; + print $tmpout " </report_metadata>\n"; - print $tmpout " <policy_published>\n"; -- print $tmpout " <domain>$domain</domain>\n"; -+ print $tmpout " <domain>$poldomain</domain>\n"; - print $tmpout " <adkim>$adkimstr</adkim>\n"; - print $tmpout " <aspf>$aspfstr</aspf>\n"; - print $tmpout " <p>$policystr</p>\n"; + print $tmpout " <policy_published>\n"; +- print $tmpout " <domain>$domain</domain>\n"; ++ print $tmpout " <domain>$poldomain</domain>\n"; + print $tmpout " <adkim>$adkimstr</adkim>\n"; + print $tmpout " <aspf>$aspfstr</aspf>\n"; + print $tmpout " <p>$policystr</p>\n"; diff --git a/network/opendmarc/patches/ticket208.patch b/network/opendmarc/patches/ticket208-fixed.patch index fc8c6455d82f7..e44589e47113e 100644 --- a/network/opendmarc/patches/ticket208.patch +++ b/network/opendmarc/patches/ticket208-fixed.patch @@ -1,23 +1,22 @@ diff -ur opendmarc-1.3.2/opendmarc/opendmarc.c opendmarc-1.3.2_fix/opendmarc/opendmarc.c --- opendmarc-1.3.2/opendmarc/opendmarc.c 2017-03-04 14:28:39.000000000 +0100 +++ opendmarc-1.3.2_fix/opendmarc/opendmarc.c 2017-03-27 18:11:14.977304726 +0200 -@@ -168,7 +168,8 @@ +@@ -168,6 +168,7 @@ char * conf_ignorelist; char ** conf_trustedauthservids; char ** conf_ignoredomains; - struct list * conf_overridemlm; + char ** conf_ignorereceivers; + struct list * conf_domainwhitelist; + unsigned int conf_domainwhitelisthashcount; }; - - /* LIST -- basic linked list of strings */ @@ -1226,6 +1227,11 @@ if (str != NULL) - dmarcf_mkarray(str, &conf->conf_ignoredomains); + dmarcf_mkarray(str, ",", &conf->conf_ignoredomains); + str = NULL; + (void) config_get(data, "IgnoreMailTo", &str, sizeof str); + if (str != NULL) -+ dmarcf_mkarray(str, &conf->conf_ignorereceivers); ++ dmarcf_mkarray(str, ",", &conf->conf_ignorereceivers); + (void) config_get(data, "AuthservIDWithJobID", &conf->conf_authservidwithjobid, diff --git a/network/opendmarc/patches/ticket227.patch b/network/opendmarc/patches/ticket227.patch deleted file mode 100644 index b2786aef61554..0000000000000 --- a/network/opendmarc/patches/ticket227.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c -index 36412e4..f151fda 100644 ---- a/libopendmarc/opendmarc_policy.c -+++ b/libopendmarc/opendmarc_policy.c -@@ -1058,7 +1058,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - /* - * Be generous. Accept, for example, "rf=a, aspf=afrf or any -@@ -1100,7 +1100,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - pctx->rua_list = opendmarc_util_pushargv(xp, pctx->rua_list, - &(pctx->rua_cnt)); -@@ -1132,7 +1132,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - pctx->ruf_list = opendmarc_util_pushargv(xp, pctx->ruf_list, - &(pctx->ruf_cnt)); -@@ -1159,7 +1159,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - switch ((int)*xp) - { diff --git a/network/opendmarc/patches/z00_ticket138_v3.patch b/network/opendmarc/patches/z00_ticket138_v3.patch deleted file mode 100644 index 4bcd4f92b4b43..0000000000000 --- a/network/opendmarc/patches/z00_ticket138_v3.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h -index 28f605e..ff4983d 100644 ---- a/opendmarc/opendmarc-config.h -+++ b/opendmarc/opendmarc-config.h -@@ -32,6 +32,7 @@ struct configdef dmarcf_config[] = - { "FailureReportsOnNone", CONFIG_TYPE_BOOLEAN, FALSE }, - { "FailureReportsSentBy", CONFIG_TYPE_STRING, FALSE }, - { "HistoryFile", CONFIG_TYPE_STRING, FALSE }, -+ { "HoldQuarantinedMessages", CONFIG_TYPE_BOOLEAN, FALSE }, - { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, - { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, - { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index 0179f4d..5aade55 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -155,6 +155,7 @@ struct dmarcf_config - _Bool conf_spfselfvalidate; - #endif /* WITH_SPF */ - _Bool conf_ignoreauthclients; -+ _Bool conf_holdquarantinedmessages; - unsigned int conf_refcnt; - unsigned int conf_dnstimeout; - struct config * conf_data; -@@ -1297,6 +1298,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, - &conf->conf_recordall, - sizeof conf->conf_recordall); - -+ (void) config_get(data, "HoldQuarantinedMessages", -+ &conf->conf_holdquarantinedmessages, -+ sizeof conf->conf_holdquarantinedmessages); -+ - (void) config_get(data, "IgnoreAuthenticatedClients", - &conf->conf_ignoreauthclients, - sizeof conf->conf_ignoreauthclients); -@@ -3064,7 +3069,8 @@ mlfi_eom(SMFICTX *ctx) - } - else - { -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_rejectfail && random() % 100 < pct && -+ conf->conf_holdquarantinedmessages) - { - snprintf(replybuf, sizeof replybuf, - "quarantined by DMARC policy for %s", -diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in -index 9ee16ae..565e992 100644 ---- a/opendmarc/opendmarc.conf.5.in -+++ b/opendmarc/opendmarc.conf.5.in -@@ -167,6 +167,13 @@ rather periodically imported into a relational database from which the - aggregate reports can be extracted. - - .TP -+.I HoldQuarantinedMessages (Boolean) -+If set to true, causes mail that fails the DMARC tests to get hold -+by the MTA if the purported sender of the message has a policy of -+"quarantine". Does nothing if the policy is either "none" or "reject". -+The default is "true". -+ -+.TP - .I IgnoreAuthenticatedClients (Boolean) - If set, causes mail from authenticated clients (i.e., those that used - SMTP AUTH) to be ignored by the filter. The default is "false". -diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample -index fbfa49d..a2e1da3 100644 ---- a/opendmarc/opendmarc.conf.sample -+++ b/opendmarc/opendmarc.conf.sample -@@ -177,6 +177,15 @@ - # - # HistoryFile /var/run/opendmarc.dat - -+## HoldQuarantinedMessages { true | false } -+## default "true" -+## -+## If set to true, causes mail that fails the DMARC tests to get hold -+## by the MTA if the purported sender of the message has a policy of -+## "quarantine". Does nothing if the policy is either "none" or "reject". -+# -+# HoldQuarantinedMessages true -+ - ## IgnoreAuthenticatedClients { true | false } - ## default "false" - ## diff --git a/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch b/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch deleted file mode 100644 index 3a702fe8c055b..0000000000000 --- a/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index f5c30f9..29f3f93 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -2542,7 +2542,7 @@ mlfi_eom(SMFICTX *ctx) - &used_mfrom); - if (used_mfrom == TRUE) - { -- use_domain = dfc->mctx_envfrom; -+ use_domain = dfc->mctx_envdomain; - spf_mode = DMARC_POLICY_SPF_ORIGIN_MAILFROM; - } - else |