From ce2d5a5e9ffec3ead14379240b9d77a6bbd626ad Mon Sep 17 00:00:00 2001 From: Mario Preksavec Date: Mon, 6 Dec 2021 01:06:22 +0100 Subject: network/opendmarc: Updated for version 1.4.1.1. Signed-off-by: Mario Preksavec Signed-off-by: Willy Sudiarto Raharjo --- network/opendmarc/opendmarc.SlackBuild | 32 +-- network/opendmarc/opendmarc.info | 6 +- .../opendmarc/patches/fix-generic-init-script.diff | 36 +++ network/opendmarc/patches/pull116.diff | 131 ++++++++++ network/opendmarc/patches/pull172.diff | 58 +++++ network/opendmarc/patches/pull178.diff | 36 +++ network/opendmarc/patches/ticket137.patch | 51 ---- network/opendmarc/patches/ticket146.patch | 110 -------- network/opendmarc/patches/ticket153.patch | 35 --- network/opendmarc/patches/ticket180.patch | 280 --------------------- network/opendmarc/patches/ticket193-fixed.patch | 177 +++++++++++++ network/opendmarc/patches/ticket193.patch | 193 -------------- network/opendmarc/patches/ticket203.patch | 26 -- network/opendmarc/patches/ticket207-fixed.patch | 49 ++++ network/opendmarc/patches/ticket207.patch | 49 ---- network/opendmarc/patches/ticket208-fixed.patch | 115 +++++++++ network/opendmarc/patches/ticket208.patch | 116 --------- network/opendmarc/patches/ticket227.patch | 40 --- network/opendmarc/patches/z00_ticket138_v3.patch | 83 ------ .../patches/z06_use_envdomain_SPF_logging.patch | 13 - 20 files changed, 621 insertions(+), 1015 deletions(-) create mode 100644 network/opendmarc/patches/fix-generic-init-script.diff create mode 100644 network/opendmarc/patches/pull116.diff create mode 100644 network/opendmarc/patches/pull172.diff create mode 100644 network/opendmarc/patches/pull178.diff delete mode 100644 network/opendmarc/patches/ticket137.patch delete mode 100644 network/opendmarc/patches/ticket146.patch delete mode 100644 network/opendmarc/patches/ticket153.patch delete mode 100644 network/opendmarc/patches/ticket180.patch create mode 100644 network/opendmarc/patches/ticket193-fixed.patch delete mode 100644 network/opendmarc/patches/ticket193.patch delete mode 100644 network/opendmarc/patches/ticket203.patch create mode 100644 network/opendmarc/patches/ticket207-fixed.patch delete mode 100644 network/opendmarc/patches/ticket207.patch create mode 100644 network/opendmarc/patches/ticket208-fixed.patch delete mode 100644 network/opendmarc/patches/ticket208.patch delete mode 100644 network/opendmarc/patches/ticket227.patch delete mode 100644 network/opendmarc/patches/z00_ticket138_v3.patch delete mode 100644 network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch (limited to 'network/opendmarc') diff --git a/network/opendmarc/opendmarc.SlackBuild b/network/opendmarc/opendmarc.SlackBuild index d029020475a6..5ef68fe806d0 100644 --- a/network/opendmarc/opendmarc.SlackBuild +++ b/network/opendmarc/opendmarc.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for opendmarc -# Copyright 2019 Mario Preksavec, Zagreb, Croatia +# Copyright 2019, 2021 Mario Preksavec, Zagreb, Croatia # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,11 +25,14 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=opendmarc -VERSION=${VERSION:-1.3.2} +VERSION=${VERSION:-1.4.1.1} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} +SRCNAM=rel-$PRGNAM-${VERSION//./-} +DIRNAM=OpenDMARC-$SRCNAM + if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i586 ;; @@ -97,9 +100,9 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION +rm -rf $DIRNAM +tar xvf $CWD/$SRCNAM.tar.gz +cd $DIRNAM chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -108,8 +111,13 @@ find -L . \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; # http://batleth.sapienti-sat.org/projects/opendmarc/ -# ... and a few more -for i in $CWD/patches/* ; do patch -p1 <$i ; done +# https://github.com/trusteddomainproject/OpenDMARC/pulls +for i in $CWD/patches/* ; do + case $i in + */z04_moreHeadersFailureReportVsBeta1.patch) : ;; + *) patch -p1 <$i ;; + esac +done autoreconf -vif @@ -132,10 +140,6 @@ make install DESTDIR=$PKG # Install init script install -D -m0755 -oroot -groot contrib/init/generic/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new -sed -e "s|^\(prefix=\).*|\1|" \ - -e "s|^\(exec_prefix=\).*|\1/usr|" \ - -e "s|/etc/sysconfig/opendmarc|/etc/default/opendmarc|" \ - -i $PKG/etc/rc.d/rc.$PRGNAM.new # Configure defaults install -D -m0644 -oroot -groot $PRGNAM/$PRGNAM.conf.sample $PKG/etc/$PRGNAM.conf.new @@ -149,10 +153,6 @@ sed -e "s|^# \(AuthservID\) .*|\1 HOSTNAME|" \ -e "s|^# \(UserID\) .*|\1 $PRGNAM:$PRGNAM|" \ -i $PKG/etc/$PRGNAM.conf.new -# Home directory for runtime data -mkdir -p $PKG/var/run/$PRGNAM -chown $PRGNAM:$PRGNAM $PKG/var/run/$PRGNAM - find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true @@ -160,7 +160,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a RELEASE_NOTES $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CONTRIBUTING README README.md RELEASE_NOTES $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE diff --git a/network/opendmarc/opendmarc.info b/network/opendmarc/opendmarc.info index 061a20ed5ee9..aa640887dbf2 100644 --- a/network/opendmarc/opendmarc.info +++ b/network/opendmarc/opendmarc.info @@ -1,8 +1,8 @@ PRGNAM="opendmarc" -VERSION="1.3.2" +VERSION="1.4.1.1" HOMEPAGE="http://www.trusteddomain.org/opendmarc/" -DOWNLOAD="https://sourceforge.net/projects/opendmarc/files/opendmarc-1.3.2.tar.gz" -MD5SUM="2b4e9b8be7fe61800515cef1d7e6a905" +DOWNLOAD="https://github.com/trusteddomainproject/OpenDMARC/archive/refs/tags/rel-opendmarc-1-4-1-1.tar.gz" +MD5SUM="18fe4c7bedbc6f893e96b0b47dfcc280" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" diff --git a/network/opendmarc/patches/fix-generic-init-script.diff b/network/opendmarc/patches/fix-generic-init-script.diff new file mode 100644 index 000000000000..0c9a794915c4 --- /dev/null +++ b/network/opendmarc/patches/fix-generic-init-script.diff @@ -0,0 +1,36 @@ +--- OpenDMARC-rel-opendmarc-1-4-1-1/contrib/init/generic/opendmarc.orig 2021-04-30 18:34:43.000000000 +0200 ++++ OpenDMARC-rel-opendmarc-1-4-1-1/contrib/init/generic/opendmarc 2021-08-15 04:11:56.270775519 +0200 +@@ -19,18 +19,19 @@ + + . /etc/rc.d/init.d/functions + +-prefix=/usr/local +-exec_prefix=${prefix} ++prefix= ++exec_prefix=/usr + + RETVAL=0 + prog="opendmarc" + + DAEMON=${exec_prefix}/sbin/$prog + CONF_FILE=${prefix}/etc/$prog.conf +-PID_FILE=${prefix}/var/run/$prog/$prog.pid ++RUN_DIR=${prefix}/var/run/$prog ++PID_FILE=$RUN_DIR/$prog.pid + +-if [ -f /etc/sysconfig/opendmarc ]; then +- . /etc/sysconfig/opendmarc ++if [ -f /etc/default/opendmarc ]; then ++ . /etc/default/opendmarc + fi + + start() { +@@ -40,6 +41,8 @@ + echo OpenDMARC already running as pid $PID + exit 2; + else ++ mkdir -p $RUN_DIR ++ chown $prog:$prog $RUN_DIR + daemon $DAEMON -c $CONF_FILE -P $PID_FILE + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/opendmarc diff --git a/network/opendmarc/patches/pull116.diff b/network/opendmarc/patches/pull116.diff new file mode 100644 index 000000000000..cdedb80324a5 --- /dev/null +++ b/network/opendmarc/patches/pull116.diff @@ -0,0 +1,131 @@ +diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h +index 1b781df..8398007 100644 +--- a/opendmarc/opendmarc-config.h ++++ b/opendmarc/opendmarc-config.h +@@ -47,6 +47,7 @@ struct configdef dmarcf_config[] = + { "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE }, ++ { "RejectString", CONFIG_TYPE_STRING, FALSE }, + { "ReportCommand", CONFIG_TYPE_STRING, FALSE }, + { "Socket", CONFIG_TYPE_STRING, FALSE }, + { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE }, +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index a1e49ec..c28aedd 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -190,6 +190,7 @@ struct dmarcf_config + char * conf_historyfile; + char * conf_pslist; + char * conf_ignorelist; ++ char * conf_rejectstring; + char ** conf_trustedauthservids; + char ** conf_ignoredomains; + struct list * conf_domainwhitelist; +@@ -1427,6 +1428,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, + &conf->conf_rejectfail, + sizeof conf->conf_rejectfail); + ++ (void) config_get(data, "RejectString", ++ &conf->conf_rejectstring, ++ sizeof conf->conf_rejectstring); ++ + (void) config_get(data, "RequiredHeaders", + &conf->conf_reqhdrs, + sizeof conf->conf_reqhdrs); +@@ -1635,6 +1640,36 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, + + pthread_rwlock_unlock(&hash_lock); + ++ if ( conf->conf_rejectstring == NULL ) { ++ conf->conf_rejectstring = DEFREJECTSTR; ++ } else { ++ /* Count occurrences of "%s" in RejectString */ ++ int countocc = 0; ++ const char *tmp = conf->conf_rejectstring; ++ if (strstr(tmp, '%%')) { ++ snprintf(err, errlen, "%s: The RejectString contains a %%%% (escaped %%)!", ++ basedir); ++ return -1; ++ } ++ while(tmp = strstr(tmp, "%s")) ++ { ++ countocc++; ++ tmp++; ++ } ++ switch ( countocc ) { ++ case 0: ++ snprintf(err, errlen, "%s: The RejectString doesn't contain %%s!", ++ basedir); ++ return -1; ++ case 1: ++ break; ++ default: ++ snprintf(err, errlen, "%s: The RejectString contains %d occurences of %%s instead of one!", ++ basedir, countocc); ++ return -1; ++ } ++ } ++ + return 0; + } + +@@ -3566,7 +3601,7 @@ mlfi_eom(SMFICTX *ctx) + random() % 100 < pct) + { + snprintf(replybuf, sizeof replybuf, +- "rejected by DMARC policy for %s", pdomain); ++ conf->conf_rejectstring, pdomain); + + status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, + DMARC_REJECT_ESC, replybuf); +diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in +index f6fd6b4..4b6df51 100644 +--- a/opendmarc/opendmarc.conf.5.in ++++ b/opendmarc/opendmarc.conf.5.in +@@ -261,6 +261,13 @@ If set, messages with multiple addresses in the From: field of the message + will be rejected unless all domain names in that field are the same. They + will otherwise be ignored by the filter (the default). + ++.TP ++.I RejectString (string) ++This string describes the reason of reject at SMTP level. ++The message MUST contain the word "%s" once, which will be replaced by the ++RFC5322.From domain. Escaped "%" ("%%") are not allowed in this string. ++The default is "rejected by DMARC policy for %s" ++ + .TP + .I ReportCommand (string) + Indicates the shell command to which failure reports should be passed for +diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample +index 7b31987..462e6cf 100644 +--- a/opendmarc/opendmarc.conf.sample ++++ b/opendmarc/opendmarc.conf.sample +@@ -303,6 +303,15 @@ + # + # RejectFailures false + ++## RejectString string ++## default ("rejected by DMARC policy for %s") ++## ++## This string describes the reason of reject. The message MUST contain the ++## word "%s" (only once), which will be replaced with the RFC5322.From domain. ++## Escaped "%" ("%%") are not allowed in this string. ++# ++# RejectString rejected by DMARC policy for %s ++ + ## RejectMultiValueFrom { true | false } + ## default "false" + ## +diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h +index e36f93a..a4593dc 100644 +--- a/opendmarc/opendmarc.h ++++ b/opendmarc/opendmarc.h +@@ -34,6 +34,7 @@ + #define BUFRSZ 2048 + #define DEFCONFFILE CONFIG_BASE "/opendmarc.conf" + #define DEFREPORTCMD "/usr/sbin/sendmail -t -odq" ++#define DEFREJECTSTR "rejected by DMARC policy for %s" + #define JOBIDUNKNOWN "(unknown-jobid)" + #define MAXARGV 65536 + #define MAXHEADER 1024 diff --git a/network/opendmarc/patches/pull172.diff b/network/opendmarc/patches/pull172.diff new file mode 100644 index 000000000000..1b7cd634fcc0 --- /dev/null +++ b/network/opendmarc/patches/pull172.diff @@ -0,0 +1,58 @@ +diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in +index f7cea9a..52490cd 100644 +--- a/opendmarc/opendmarc.conf.5.in ++++ b/opendmarc/opendmarc.conf.5.in +@@ -196,18 +196,7 @@ aggregate reports can be extracted using + If set, the milter will signal to the mta that messages with + p=quarantine, which fail dmarc authentication, should be held in + the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-If false, messsages will be accepted and passed along with the +-regular mail flow, and the quarantine will be left up to downstream +-MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, +-including the Authentication-Results header added by this filter. +-The default is "false". +- +-.TP +-.I HoldQuarantinedMessages (Boolean) +-If set, the milter will signal to the mta that messages with +-p=quarantine, which fail dmarc authentication, should be held in +-the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-If false, messsages will be accepted and passed along with the ++If false, messages will be accepted and passed along with the + regular mail flow, and the quarantine will be left up to downstream + MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, + including the Authentication-Results header added by this filter. +diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample +index 69c9afb..0222ecd 100644 +--- a/opendmarc/opendmarc.conf.sample ++++ b/opendmarc/opendmarc.conf.sample +@@ -219,7 +219,7 @@ + ## If set, the milter will signal to the mta that messages with + ## p=quarantine, which fail dmarc authentication, should be held in + ## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-## If false, messsages will be accepted and passed along with the ++## If false, messages will be accepted and passed along with the + ## regular mail flow, and the quarantine will be left up to downstream + ## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, + ## including the Authentication-Results header added by OpenDMARC +@@ -234,20 +234,6 @@ + # + # IgnoreAuthenticatedClients false + +-## HoldQuarantinedMessages { true | false } +-## default "false" +-## +-## If set, the milter will signal to the mta that messages with +-## p=quarantine, which fail dmarc authentication, should be held in +-## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA. +-## If false, messsages will be accepted and passed along with the +-## regular mail flow, and the quarantine will be left up to downstream +-## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers, +-## including the Authentication-Results header added by OpenDMARC +-# +-# HoldQuarantinedMessages false +- +- + ## IgnoreHosts path + ## default (internal) + ## diff --git a/network/opendmarc/patches/pull178.diff b/network/opendmarc/patches/pull178.diff new file mode 100644 index 000000000000..39eaf43386fb --- /dev/null +++ b/network/opendmarc/patches/pull178.diff @@ -0,0 +1,36 @@ +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 65f6b49..ffcbc3f 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2474,17 +2474,22 @@ mlfi_eom(SMFICTX *ctx) + + for (c = 1; users[c] != NULL; c++) + { +- if (strcasecmp(domains[0], domains[c]) != 0) ++ if (domains[0] != NULL ++ && domains[c] != NULL ++ && strcasecmp(domains[0], domains[c]) != 0) + { +- syslog(LOG_ERR, +- "%s: multi-valued From field detected", +- dfc->mctx_jobid); +- } ++ if (conf->conf_dolog) ++ { ++ syslog(LOG_ERR, ++ "%s: multi-valued From field detected", ++ dfc->mctx_jobid); ++ } + +- if (conf->conf_reject_multi_from) +- return SMFIS_REJECT; +- else +- return SMFIS_ACCEPT; ++ if (conf->conf_reject_multi_from) ++ return SMFIS_REJECT; ++ else ++ return SMFIS_ACCEPT; ++ } + } + + user = users[0]; diff --git a/network/opendmarc/patches/ticket137.patch b/network/opendmarc/patches/ticket137.patch deleted file mode 100644 index df6c062152b5..000000000000 --- a/network/opendmarc/patches/ticket137.patch +++ /dev/null @@ -1,51 +0,0 @@ -From afc1615946cd127d9ea28e0892934251c6a00a84 Mon Sep 17 00:00:00 2001 -From: "Murray S. Kucherawy" -Date: Sat, 4 Mar 2017 08:03:22 -0800 -Subject: [PATCH] Fix bug #137: Handle base64 inside AR tokens that are values. - Problem reported by Joseph Coffland. - ---- - RELEASE_NOTES | 2 ++ - opendmarc/opendmarc-ar.c | 14 +++++++++++++- - 2 files changed, 15 insertions(+), 1 deletion(-) - -Index: opendmarc/RELEASE_NOTES -=================================================================== ---- opendmarc.orig/RELEASE_NOTES 2018-12-17 01:38:44.570329334 -0500 -+++ opendmarc/RELEASE_NOTES 2018-12-17 01:40:21.062333399 -0500 -@@ -3,6 +3,10 @@ - This listing shows the versions of the OpenDMARC package, the date of - release, and a summary of the changes in that release. - -+ 1.4.0 2017/??/?? -+ Fix bug #137: Handle base64 inside AR tokens that are values. -+ Problem reported by Joseph Coffland. -+ - 1.3.2 2016/12/19 - Feature request #86: Change meaning of "RequiredHeaders" such that - header validity is always checked, but messages are only -Index: opendmarc/opendmarc/opendmarc-ar.c -=================================================================== ---- opendmarc.orig/opendmarc/opendmarc-ar.c 2018-12-17 01:38:44.570329334 -0500 -+++ opendmarc/opendmarc/opendmarc-ar.c 2018-12-17 01:38:44.566329334 -0500 -@@ -602,7 +602,19 @@ - ar->ares_result[n - 1].result_props = r; - - prevstate = state; -- state = 9; -+ if (c < ntoks - 1 && tokens[c + 1][1] == '\0') -+ { -+ if (tokens[c + 1][0] == ';') -+ state = 2; -+ else if (tokens[c + 1][0] == '=') -+ r--; -+ else -+ state = 9; -+ } -+ else -+ { -+ state = 9; -+ } - - break; - } diff --git a/network/opendmarc/patches/ticket146.patch b/network/opendmarc/patches/ticket146.patch deleted file mode 100644 index c7f6f5748b1f..000000000000 --- a/network/opendmarc/patches/ticket146.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff --git a/reports/opendmarc-import.8.in b/reports/opendmarc-import.8.in -index 8f55848..4e854ac 100644 ---- a/reports/opendmarc-import.8.in -+++ b/reports/opendmarc-import.8.in -@@ -12,8 +12,6 @@ reads per-message data recorded by an instance of - and inserts it into an SQL database, for later use by - .B opendmarc-reports(8) - to generate aggregate reports. -- --Records are read from standard input. - .SH OPTIONS - .TP - .I --dbhost=hostname -@@ -44,6 +42,9 @@ the environment variable is not set. - .I --help - Prints a help message and terminates. - .TP -+.I --input=file -+Reads from the named file instead of from standard input (the default). -+.TP - .I --verbose - Increase the amount of verbosity written to standard output. - .TP -diff --git a/reports/opendmarc-import.in b/reports/opendmarc-import.in -index 5a28f2f..cccbace 100755 ---- a/reports/opendmarc-import.in -+++ b/reports/opendmarc-import.in -@@ -35,11 +35,14 @@ my $def_dbuser = "opendmarc"; - my $def_dbpasswd = "opendmarc"; - my $def_dbport = "3306"; - my $def_interval = "86400"; -+my $def_inputfh = *STDIN; - my $dbhost; - my $dbname; - my $dbuser; - my $dbpasswd; - my $dbport; -+my $inputfile; -+my $inputfh; - - my $dbscheme = "@SQL_BACKEND@"; - -@@ -326,6 +329,7 @@ sub usage - print STDERR "\t--dbpasswd=passwd database password [$def_dbpasswd]\n"; - print STDERR "\t--dbport=port database port [$def_dbport]\n"; - print STDERR "\t--dbuser=user database user [$def_dbuser]\n"; -+ print STDERR "\t--input=file input file [STDIN]\n"; - print STDERR "\t--help print help and exit\n"; - print STDERR "\t--verbose verbose output\n"; - print STDERR "\t--version print version and exit\n"; -@@ -337,6 +341,7 @@ my $opt_retval = &Getopt::Long::GetOptions ('dbhost=s' => \$dbhost, - 'dbpasswd=s' => \$dbpasswd, - 'dbport=s' => \$dbport, - 'dbuser=s' => \$dbuser, -+ 'input=s' => \$inputfile, - 'help!' => \$helponly, - 'verbose!' => \$verbose, - 'version!' => \$showversion, -@@ -428,6 +433,24 @@ if ($verbose) - print STDERR "$progname: started at " . localtime() . "\n"; - } - -+ -+if (!defined($inputfile)) -+{ -+ $inputfh = $def_inputfh; -+} -+else -+{ -+ open($inputfh, "<", $inputfile) or die "$progname: unable to open $inputfile: $!\n"; -+ if ($verbose) -+ { -+ print STDERR "$progname: opened file $inputfile\n" -+ } -+} -+if (!flock($inputfh, LOCK_SH)) -+{ -+ print STDERR "$progname: warning: unable to establish read lock\n"; -+} -+ - my $dbi_dsn = "DBI:" . $dbscheme . ":database=" . $dbname . - ";host=" . $dbhost . ";port=" . $dbport; - -@@ -447,13 +470,10 @@ if ($verbose) - # Read history file from stdin. - # - -+ - $lineno = 0; --if (!flock(STDIN, LOCK_SH)) --{ -- print STDERR "$progname: warning: unable to establish read lock\n"; --} - --while () -+while (<$inputfh>) - { - $lineno++; - -@@ -592,6 +612,10 @@ if (defined($jobid)) - update_db(); - } - -+if (defined($inputfile)) -+{ -+ close($inputfh); -+} - # - # all done! - # diff --git a/network/opendmarc/patches/ticket153.patch b/network/opendmarc/patches/ticket153.patch deleted file mode 100644 index 1193409cb7d6..000000000000 --- a/network/opendmarc/patches/ticket153.patch +++ /dev/null @@ -1,35 +0,0 @@ -Description: do not report same dkim result multiple times - in the same record object -URL: https://sf.net/p/opendmarc/tickets/153/ -Author: Tomki ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: opendmarc-1.3.2/reports/opendmarc-reports.in -=================================================================== ---- opendmarc-1.3.2.orig/reports/opendmarc-reports.in 2017-03-13 19:01:56.496961757 -0400 -+++ opendmarc-1.3.2/reports/opendmarc-reports.in 2017-03-13 19:01:56.492961756 -0400 -@@ -703,6 +703,7 @@ - exit(1); - } - -+ my %dkim_domain_result_cache = (); - while ($dbi_a = $dbi_d->fetchrow_arrayref()) - { - undef $dkimdomain; -@@ -716,11 +717,15 @@ - $dkimresult = $dbi_a->[1]; - } - -- - if (!defined($dkimdomain)) - { - next; - } -+ if (defined($dkim_domain_result_cache{$dkimdomain}{$dkimresult})) -+ { -+ next; # no duplicate per-record auth_result dkim sections -+ } -+ $dkim_domain_result_cache{$dkimdomain}{$dkimresult}++; - - switch ($dkimresult) - { diff --git a/network/opendmarc/patches/ticket180.patch b/network/opendmarc/patches/ticket180.patch deleted file mode 100644 index cd38c39c383b..000000000000 --- a/network/opendmarc/patches/ticket180.patch +++ /dev/null @@ -1,280 +0,0 @@ -diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h -index 7ba394b..28f605e 100644 ---- a/opendmarc/opendmarc-config.h -+++ b/opendmarc/opendmarc-config.h -@@ -36,6 +36,7 @@ struct configdef dmarcf_config[] = - { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, - { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, - { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, -+ { "OverrideMLM", CONFIG_TYPE_STRING, FALSE }, - { "PidFile", CONFIG_TYPE_STRING, FALSE }, - { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, - { "RecordAllMessages", CONFIG_TYPE_BOOLEAN, FALSE }, -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index ba04312..07e089d 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -168,6 +168,7 @@ struct dmarcf_config - char * conf_ignorelist; - char ** conf_trustedauthservids; - char ** conf_ignoredomains; -+ struct list * conf_overridemlm; - }; - - /* LIST -- basic linked list of strings */ -@@ -1221,6 +1222,18 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, - if (str != NULL) - dmarcf_mkarray(str, &conf->conf_ignoredomains); - -+ str = NULL; -+ (void) config_get(data, "OverrideMLM", &str, sizeof str); -+ if (str != NULL) -+ { -+ if (!dmarcf_loadlist(str, &conf->conf_overridemlm)) -+ { -+ fprintf(stderr, -+ "%s: can't load override MLM list from %s: %s\n", -+ progname, str, strerror(errno)); -+ } -+ } -+ - (void) config_get(data, "AuthservIDWithJobID", - &conf->conf_authservidwithjobid, - sizeof conf->conf_authservidwithjobid); -@@ -2982,30 +2995,45 @@ mlfi_eom(SMFICTX *ctx) - case DMARC_POLICY_REJECT: /* Explicit reject */ - aresult = "fail"; - -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_overridemlm != NULL && -+ (dmarcf_checkhost(cc->cctx_host, conf->conf_overridemlm) || -+ (dmarcf_checkip((struct sockaddr *)&cc->cctx_ip, conf->conf_overridemlm)))) - { -- snprintf(replybuf, sizeof replybuf, -- "rejected by DMARC policy for %s", pdomain); -- -- status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, -- DMARC_REJECT_ESC, replybuf); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_dolog) - { -- syslog(LOG_ERR, "%s: smfi_setreply() failed", -- dfc->mctx_jobid); -+ syslog(LOG_INFO, "%s: overriding policy for mail from %s: MLM", -+ dfc->mctx_jobid, dfc->mctx_fromdomain); - } -- -- ret = SMFIS_REJECT; -- result = DMARC_RESULT_REJECT; -+ ret = SMFIS_ACCEPT; -+ result = DMARC_RESULT_OVRD_MAILING_LIST; - } -- -- if (conf->conf_copyfailsto != NULL) -+ else - { -- status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_rejectfail && random() % 100 < pct) -+ { -+ snprintf(replybuf, sizeof replybuf, -+ "rejected by DMARC policy for %s", pdomain); -+ -+ status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, -+ DMARC_REJECT_ESC, replybuf); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_setreply() failed", -+ dfc->mctx_jobid); -+ } -+ -+ ret = SMFIS_REJECT; -+ result = DMARC_RESULT_REJECT; -+ } -+ -+ if (conf->conf_copyfailsto != NULL) - { -- syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -- dfc->mctx_jobid); -+ status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -+ dfc->mctx_jobid); -+ } - } - } - -@@ -3014,30 +3042,45 @@ mlfi_eom(SMFICTX *ctx) - case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ - aresult = "fail"; - -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_overridemlm != NULL && -+ (dmarcf_checkhost(cc->cctx_host, conf->conf_overridemlm) || -+ (dmarcf_checkip((struct sockaddr *)&cc->cctx_ip, conf->conf_overridemlm)))) - { -- snprintf(replybuf, sizeof replybuf, -- "quarantined by DMARC policy for %s", -- pdomain); -- -- status = smfi_quarantine(ctx, replybuf); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_dolog) - { -- syslog(LOG_ERR, "%s: smfi_quarantine() failed", -- dfc->mctx_jobid); -+ syslog(LOG_INFO, "%s: overriding policy for mail from %s: MLM", -+ dfc->mctx_jobid, dfc->mctx_fromdomain); - } -- - ret = SMFIS_ACCEPT; -- result = DMARC_RESULT_QUARANTINE; -+ result = DMARC_RESULT_OVRD_MAILING_LIST; - } -- -- if (conf->conf_copyfailsto != NULL) -+ else - { -- status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -- if (status != MI_SUCCESS && conf->conf_dolog) -+ if (conf->conf_rejectfail && random() % 100 < pct) -+ { -+ snprintf(replybuf, sizeof replybuf, -+ "quarantined by DMARC policy for %s", -+ pdomain); -+ -+ status = smfi_quarantine(ctx, replybuf); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_quarantine() failed", -+ dfc->mctx_jobid); -+ } -+ -+ ret = SMFIS_ACCEPT; -+ result = DMARC_RESULT_QUARANTINE; -+ } -+ -+ if (conf->conf_copyfailsto != NULL) - { -- syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -- dfc->mctx_jobid); -+ status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto); -+ if (status != MI_SUCCESS && conf->conf_dolog) -+ { -+ syslog(LOG_ERR, "%s: smfi_addrcpt() failed", -+ dfc->mctx_jobid); -+ } - } - } - -diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in -index bdf2550..9ee16ae 100644 ---- a/opendmarc/opendmarc.conf.5.in -+++ b/opendmarc/opendmarc.conf.5.in -@@ -190,6 +190,14 @@ Sets the debug level to be requested from the milter library. The - default is 0. - - .TP -+.I OverrideMLM (string) -+Specifies the path to a file that contains a list of hostnames, IP -+addresses, and/or CIDR expressions identifying hosts that run -+mailing lists. Mails from these systems will be accepted even if -+all DMARC tests fail. Such cases will be reported as "override/ -+reason: MLM" -+ -+.TP - .I PidFile (string) - Specifies the path to a file that should be created at process start - containing the process ID. -diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample -index 97b210f..fbfa49d 100644 ---- a/opendmarc/opendmarc.conf.sample -+++ b/opendmarc/opendmarc.conf.sample -@@ -212,6 +212,17 @@ - # - # MilterDebug 0 - -+## OverrideMLM (path) -+## default (none) -+## -+## Specifies the path to a file that contains a list of hostnames, IP -+## addresses, and/or CIDR expressions identifying hosts that run -+## mailing lists. Mails from these systems will be accepted even if -+## all DMARC tests fail. Such cases will be reported as "override/ -+## reason: MLM" -+# -+# OverrideMLM /usr/local/etc/opendmarc/overrideMLM.conf -+ - ## PidFile path - ## default (none) - ## -diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h -index c1d6593..f9b1e0b 100644 ---- a/opendmarc/opendmarc.h -+++ b/opendmarc/opendmarc.h -@@ -52,6 +52,12 @@ - #define DMARC_RESULT_ACCEPT 2 - #define DMARC_RESULT_TEMPFAIL 3 - #define DMARC_RESULT_QUARANTINE 4 -+#define DMARC_RESULT_OVRD_FORWARDED 5 -+#define DMARC_RESULT_OVRD_SAMPLED_OUT 6 -+#define DMARC_RESULT_OVRD_TRUSTED_FORWARDER 7 -+#define DMARC_RESULT_OVRD_MAILING_LIST 8 -+#define DMARC_RESULT_OVRD_LOCAL_POLICY 9 -+#define DMARC_RESULT_OVRD_OTHER 10 - - /* prototypes, etc., exported for test.c */ - extern char *progname; -diff --git a/reports/opendmarc-reports.in b/reports/opendmarc-reports.in -index 2da1c31..a489c95 100755 ---- a/reports/opendmarc-reports.in -+++ b/reports/opendmarc-reports.in -@@ -91,6 +91,8 @@ my $ipaddr; - my $fromdomain; - my $envdomain; - my $dkimdomain; -+my $reason; -+my $comment; - - my $repdest; - -@@ -609,6 +611,8 @@ foreach (@$domainset) - while ($dbi_a = $dbi_s->fetchrow_arrayref()) - { - undef $msgid; -+ undef $reason; -+ undef $comment; - - if (defined($dbi_a->[0])) - { -@@ -656,6 +660,12 @@ foreach (@$domainset) - case 1 { $dispstr = "reject"; } - case 2 { $dispstr = "none"; } - case 4 { $dispstr = "quarantine"; } -+ case 5 { $dispstr = "none"; $reason = "forwarded"; } -+ case 6 { $dispstr = "none"; $reason = "sampled_out"; } -+ case 7 { $dispstr = "none"; $reason = "trusted_forwarder"; } -+ case 8 { $dispstr = "none"; $reason = "mailing_list"; } -+ case 9 { $dispstr = "none"; $reason = "local_policy"; $comment = ""; } -+ case 10 { $dispstr = "none"; $reason = "other"; $comment = ""; } - else { $dispstr = "unknown"; } - } - -@@ -697,6 +707,16 @@ foreach (@$domainset) - print $tmpout " $dispstr\n"; - print $tmpout " $align_dkimstr\n"; - print $tmpout " $align_spfstr\n"; -+ if (defined($reason)) -+ { -+ print $tmpout " \n"; -+ print $tmpout " $reason\n"; -+ if (defined($comment)) -+ { -+ print $tmpout " $comment\n"; -+ } -+ print $tmpout " \n"; -+ } - print $tmpout " \n"; - print $tmpout " \n"; - print $tmpout " \n"; diff --git a/network/opendmarc/patches/ticket193-fixed.patch b/network/opendmarc/patches/ticket193-fixed.patch new file mode 100644 index 000000000000..7ccb1424c5b0 --- /dev/null +++ b/network/opendmarc/patches/ticket193-fixed.patch @@ -0,0 +1,177 @@ +Index: opendmarc/db/Makefile.am +=================================================================== +--- opendmarc.orig/db/Makefile.am 2018-12-17 01:41:11.326335516 -0500 ++++ opendmarc/db/Makefile.am 2018-12-17 01:41:11.318335516 -0500 +@@ -1,3 +1,3 @@ + # Copyright (c) 2012, The Trusted Domain Project. All rights reserved. + +-dist_doc_DATA = README.schema schema.mysql ++dist_doc_DATA = README.schema schema.mysql README.update-db-schema.mysql update-db-schema.mysql +Index: opendmarc/db/README.update-db-schema.mysql +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ opendmarc/db/README.update-db-schema.mysql 2018-12-17 01:41:11.318335516 -0500 +@@ -0,0 +1,8 @@ ++ ++To update your database to the current state use this script like this: ++ ++ mysql -u -p --force < update-db-schema.mysql ++ ++You might receive up to four errors about duplicate keys - this is expected if your database ++already has these keys (because you used the MySQL schema in the db sub-direcory instead of ++the obsolete schema in the reports sub-dirctory). +Index: opendmarc/db/schema.mysql +=================================================================== +--- opendmarc.orig/db/schema.mysql 2018-12-17 01:41:11.326335516 -0500 ++++ opendmarc/db/schema.mysql 2018-12-17 01:41:11.318335516 -0500 +@@ -5,6 +5,7 @@ + + CREATE DATABASE IF NOT EXISTS opendmarc; + USE opendmarc; ++SET TIME_ZONE='+00:00'; + + -- A table for mapping domain names and their DMARC policies to IDs + CREATE TABLE IF NOT EXISTS domains ( +Index: opendmarc/db/update-db-schema.mysql +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ opendmarc/db/update-db-schema.mysql 2018-12-17 01:41:11.318335516 -0500 +@@ -0,0 +1,12 @@ ++use opendmarc; ++SET TIME_ZONE="+00:00"; ++ALTER TABLE ipaddr MODIFY COLUMN addr VARCHAR(64) NOT NULL; ++DELETE FROM ipaddr WHERE addr = NULL; ++ALTER TABLE messages MODIFY COLUMN spf TINYINT NOT NULL; ++ALTER TABLE requests ALTER COLUMN locked SET DEFAULT '0'; ++ALTER TABLE requests ALTER COLUMN lastsent SET DEFAULT '1970-01-01 00:00:01'; ++ALTER TABLE requests ADD UNIQUE KEY domain (domain); ++ALTER TABLE requests ADD KEY lastsent (lastsent); ++ALTER TABLE messages ADD KEY date (date); ++ALTER TABLE signatures ADD KEY message (message); ++ +Index: opendmarc/reports/opendmarc-expire.in +=================================================================== +--- opendmarc.orig/reports/opendmarc-expire.in 2018-12-17 01:41:11.326335516 -0500 ++++ opendmarc/reports/opendmarc-expire.in 2018-12-17 01:41:11.318335516 -0500 +@@ -210,6 +210,17 @@ + print STDERR "$progname: connected to database\n"; + } + ++# switch to UTC to have a defined date behaviour ++$dbi_s = $dbi_h->prepare("SET TIME_ZONE='+00:00'"); ++ ++if (!$dbi_s->execute()) ++{ ++ print STDERR "$progname: failed to change to UTC: " . $dbi_h->errstr . "\n"; ++ $dbi_s->finish; ++ $dbi_h->disconnect; ++ exit(1); ++} ++ + # + # Expire messages + # +@@ -340,7 +351,7 @@ + print STDERR "$progname: expiring request data older than $maxage days\n"; + } + +-$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent = '0000-00-00 00:00:00'"); ++$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent <= '1970-01-01 00:00:01'"); + $rows = $dbi_s->execute($maxage); + if (!$rows) + { +Index: opendmarc/reports/opendmarc-import.in +=================================================================== +--- opendmarc.orig/reports/opendmarc-import.in 2018-12-17 01:41:11.326335516 -0500 ++++ opendmarc/reports/opendmarc-import.in 2018-12-17 01:41:11.322335516 -0500 +@@ -207,14 +207,12 @@ + $envfrom_id = get_table_id($envdomain, "domains"); + $pdomain_id = get_table_id($pdomain, "domains"); + $ipaddr_id = get_table_id($ipaddr, "ipaddr", "addr"); +- $request_id = get_table_id($from_id, "requests", "domain"); + + if (!defined($rep_id) || + !defined($from_id) || + !defined($envfrom_id) || + !defined($pdomain_id) || +- !defined($ipaddr_id) || +- !defined($request_id)) ++ !defined($ipaddr_id)) + { + return; + } + +@@ -278,41 +276,51 @@ + } + $dbi_s->finish; + +- if (get_value("requests", "locked", $request_id) != 1) ++ $dbi_t = $dbi_h->prepare("SELECT id FROM requests WHERE domain = ?"); ++ if (!$dbi_t->execute($from_id)) + { +- if (scalar @rua > 0) ++ print STDERR "$progname: failed to retrieve table ID: " . $dbi_h->errstr . "\n"; ++ return undef; ++ } ++ ++ undef $request_id; ++ while ($dbi_a = $dbi_t->fetchrow_arrayref()) ++ { ++ if (defined($dbi_a->[0])) + { +- $repuri = join(",", @rua); +- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = ? WHERE id = ?"); ++ $request_id = $dbi_a->[0]; ++ } ++ } + +- if (!$dbi_s->execute($repuri, $request_id)) +- { +- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; +- $dbi_s->finish; +- return; +- } ++ $dbi_t->finish; + +- $dbi_s->finish; +- } +- else ++ $repuri = join(",", @rua); ++ ++ if (defined($request_id)) ++ { ++ if (get_value("requests", "locked", $request_id) != 1) + { +- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = NULL WHERE id = ?"); ++ $dbi_s = $dbi_h->prepare("UPDATE requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); + +- if (!$dbi_s->execute($request_id)) ++ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct, $request_id)) + { +- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; ++ print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; + $dbi_s->finish; + return; + } +- +- $dbi_s->finish; + } ++ else ++ { ++ print STDERR "$progname: policy data for $fdomain not updated, because they are locked\n"; ++ } ++ } ++ else ++ { ++ $dbi_s = $dbi_h->prepare("insert requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ?"); + +- $dbi_s = $dbi_h->prepare("UPDATE requests SET adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); +- +- if (!$dbi_s->execute($adkim, $aspf, $p, $sp, $pct, $request_id)) ++ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct)) + { +- print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; ++ print STDERR "$progname: failed to insert policy data for $fdomain: " . $dbi_h->errstr . "\n"; + $dbi_s->finish; + return; + } diff --git a/network/opendmarc/patches/ticket193.patch b/network/opendmarc/patches/ticket193.patch deleted file mode 100644 index 1ee1911174e9..000000000000 --- a/network/opendmarc/patches/ticket193.patch +++ /dev/null @@ -1,193 +0,0 @@ -Index: opendmarc/db/Makefile.am -=================================================================== ---- opendmarc.orig/db/Makefile.am 2018-12-17 01:41:11.326335516 -0500 -+++ opendmarc/db/Makefile.am 2018-12-17 01:41:11.318335516 -0500 -@@ -1,3 +1,3 @@ - # Copyright (c) 2012, The Trusted Domain Project. All rights reserved. - --dist_doc_DATA = README.schema schema.mysql -+dist_doc_DATA = README.schema schema.mysql README.update-db-schema.mysql update-db-schema.mysql -Index: opendmarc/db/README.update-db-schema.mysql -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ opendmarc/db/README.update-db-schema.mysql 2018-12-17 01:41:11.318335516 -0500 -@@ -0,0 +1,8 @@ -+ -+To update your database to the current state use this script like this: -+ -+ mysql -u -p --force < update-db-schema.mysql -+ -+You might receive up to four errors about duplicate keys - this is expected if your database -+already has these keys (because you used the MySQL schema in the db sub-direcory instead of -+the obsolete schema in the reports sub-dirctory). -Index: opendmarc/db/schema.mysql -=================================================================== ---- opendmarc.orig/db/schema.mysql 2018-12-17 01:41:11.326335516 -0500 -+++ opendmarc/db/schema.mysql 2018-12-17 01:41:11.318335516 -0500 -@@ -5,6 +5,7 @@ - - CREATE DATABASE IF NOT EXISTS opendmarc; - USE opendmarc; -+SET TIME_ZONE='+00:00'; - - -- A table for mapping domain names and their DMARC policies to IDs - CREATE TABLE IF NOT EXISTS domains ( -@@ -28,7 +29,7 @@ - pct TINYINT NOT NULL, - locked TINYINT NOT NULL DEFAULT '0', - firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, -- lastsent TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', -+ lastsent TIMESTAMP NOT NULL DEFAULT '1970-01-01 00:00:01', - - PRIMARY KEY(id), - KEY(lastsent), -Index: opendmarc/db/update-db-schema.mysql -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ opendmarc/db/update-db-schema.mysql 2018-12-17 01:41:11.318335516 -0500 -@@ -0,0 +1,12 @@ -+use opendmarc; -+SET TIME_ZONE="+00:00"; -+ALTER TABLE ipaddr MODIFY COLUMN addr VARCHAR(64) NOT NULL; -+DELETE FROM ipaddr WHERE addr = NULL; -+ALTER TABLE messages MODIFY COLUMN spf TINYINT NOT NULL; -+ALTER TABLE requests ALTER COLUMN locked SET DEFAULT '0'; -+ALTER TABLE requests ALTER COLUMN lastsent SET DEFAULT '1970-01-01 00:00:01'; -+ALTER TABLE requests ADD UNIQUE KEY domain (domain); -+ALTER TABLE requests ADD KEY lastsent (lastsent); -+ALTER TABLE messages ADD KEY date (date); -+ALTER TABLE signatures ADD KEY message (message); -+ -Index: opendmarc/reports/opendmarc-expire.in -=================================================================== ---- opendmarc.orig/reports/opendmarc-expire.in 2018-12-17 01:41:11.326335516 -0500 -+++ opendmarc/reports/opendmarc-expire.in 2018-12-17 01:41:11.318335516 -0500 -@@ -210,6 +210,17 @@ - print STDERR "$progname: connected to database\n"; - } - -+# switch to UTC to have a defined date behaviour -+$dbi_s = $dbi_h->prepare("SET TIME_ZONE='+00:00'"); -+ -+if (!$dbi_s->execute()) -+{ -+ print STDERR "$progname: failed to change to UTC: " . $dbi_h->errstr . "\n"; -+ $dbi_s->finish; -+ $dbi_h->disconnect; -+ exit(1); -+} -+ - # - # Expire messages - # -@@ -340,7 +351,7 @@ - print STDERR "$progname: expiring request data older than $maxage days\n"; - } - --$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent = '0000-00-00 00:00:00'"); -+$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent <= '1970-01-01 00:00:01'"); - $rows = $dbi_s->execute($maxage); - if (!$rows) - { -Index: opendmarc/reports/opendmarc-import.in -=================================================================== ---- opendmarc.orig/reports/opendmarc-import.in 2018-12-17 01:41:11.326335516 -0500 -+++ opendmarc/reports/opendmarc-import.in 2018-12-17 01:41:11.322335516 -0500 -@@ -207,20 +207,18 @@ - $envfrom_id = get_table_id($envdomain, "domains"); - $pdomain_id = get_table_id($pdomain, "domains"); - $ipaddr_id = get_table_id($ipaddr, "ipaddr", "addr"); -- $request_id = get_table_id($from_id, "requests", "domain"); - - if (!defined($rep_id) || - !defined($from_id) || - !defined($envfrom_id) || - !defined($pdomain_id) || -- !defined($ipaddr_id) || -- !defined($request_id)) -+ !defined($ipaddr_id)) - { - return; - } - -- $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); -- if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $spf, $align_spf, $align_dkim, $sigcount)) -+ $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, policy_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); -+ if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $pdomain_id, $spf, $align_spf, $align_dkim, $sigcount)) - { - print STDERR "$progname: failed to insert message: " . $dbi_h->errstr . "\n"; - return; -@@ -278,41 +276,51 @@ - } - $dbi_s->finish; - -- if (get_value("requests", "locked", $request_id) != 1) -+ $dbi_t = $dbi_h->prepare("SELECT id FROM requests WHERE domain = ?"); -+ if (!$dbi_t->execute($from_id)) - { -- if (scalar @rua > 0) -+ print STDERR "$progname: failed to retrieve table ID: " . $dbi_h->errstr . "\n"; -+ return undef; -+ } -+ -+ undef $request_id; -+ while ($dbi_a = $dbi_t->fetchrow_arrayref()) -+ { -+ if (defined($dbi_a->[0])) - { -- $repuri = join(",", @rua); -- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = ? WHERE id = ?"); -+ $request_id = $dbi_a->[0]; -+ } -+ } - -- if (!$dbi_s->execute($repuri, $request_id)) -- { -- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; -- $dbi_s->finish; -- return; -- } -+ $dbi_t->finish; - -- $dbi_s->finish; -- } -- else -+ $repuri = join(",", @rua); -+ -+ if (defined($request_id)) -+ { -+ if (get_value("requests", "locked", $request_id) != 1) - { -- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = NULL WHERE id = ?"); -+ $dbi_s = $dbi_h->prepare("UPDATE requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); - -- if (!$dbi_s->execute($request_id)) -+ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct, $request_id)) - { -- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; -+ print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; - $dbi_s->finish; - return; - } -- -- $dbi_s->finish; - } -+ else -+ { -+ print STDERR "$progname: policy data for $fdomain not updated, because they are locked\n"; -+ } -+ } -+ else -+ { -+ $dbi_s = $dbi_h->prepare("insert requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ?"); - -- $dbi_s = $dbi_h->prepare("UPDATE requests SET adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); -- -- if (!$dbi_s->execute($adkim, $aspf, $p, $sp, $pct, $request_id)) -+ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct)) - { -- print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; -+ print STDERR "$progname: failed to insert policy data for $fdomain: " . $dbi_h->errstr . "\n"; - $dbi_s->finish; - return; - } diff --git a/network/opendmarc/patches/ticket203.patch b/network/opendmarc/patches/ticket203.patch deleted file mode 100644 index 8aa5113176dc..000000000000 --- a/network/opendmarc/patches/ticket203.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c -index 862c449..8048ec3 100644 ---- a/libopendmarc/opendmarc_policy.c -+++ b/libopendmarc/opendmarc_policy.c -@@ -1087,6 +1087,10 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - /* - * A possibly comma delimited list of URI of where to send reports. - */ -+ -+ if (pctx->rua_list != NULL) -+ return DMARC_PARSE_ERROR_BAD_VALUE; -+ - for (xp = vp; *xp != '\0'; ) - { - u_char xbuf[256]; -@@ -1115,6 +1119,10 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - * A possibly comma delimited list of URI of where to send - * MARF reports. - */ -+ -+ if (pctx->ruf_list != NULL) -+ return DMARC_PARSE_ERROR_BAD_VALUE; -+ - for (xp = vp; *xp != '\0'; ) - { - u_char xbuf[256]; diff --git a/network/opendmarc/patches/ticket207-fixed.patch b/network/opendmarc/patches/ticket207-fixed.patch new file mode 100644 index 000000000000..149a676c76ed --- /dev/null +++ b/network/opendmarc/patches/ticket207-fixed.patch @@ -0,0 +1,49 @@ +Index: opendmarc/reports/opendmarc-reports.in +=================================================================== +--- opendmarc.orig/reports/opendmarc-reports.in 2018-12-17 01:41:49.094337107 -0500 ++++ opendmarc/reports/opendmarc-reports.in 2018-12-17 01:41:49.090337107 -0500 +@@ -65,6 +65,7 @@ + my $forcedomain; + my @skipdomains; + ++my $poldomain; + my $policy; + my $spolicy; + my $policystr; +@@ -441,7 +442,7 @@ + next; + } + +- $dbi_s = $dbi_h->prepare("SELECT repuri, adkim, aspf, policy, spolicy, pct, UNIX_TIMESTAMP(lastsent) FROM requests WHERE domain = ?"); ++ $dbi_s = $dbi_h->prepare("SELECT repuri, adkim, aspf, requests.policy, spolicy, pct, UNIX_TIMESTAMP(lastsent), domains.name FROM requests JOIN messages ON messages.from_domain=requests.domain LEFT JOIN domains ON messages.policy_domain = domains.id WHERE domain = ? GROUP BY policy_domain"); + if (!$dbi_s->execute($domainid)) + { + print STDERR "$progname: can't get reporting URI for domain $domain: " . $dbi_h->errstr . "\n"; +@@ -451,6 +452,7 @@ + } + + undef $repuri; ++ $poldomain=$domain; + + while ($dbi_a = $dbi_s->fetchrow_arrayref()) + { +@@ -482,6 +484,10 @@ + { + $lastsent = $dbi_a->[6]; + } ++ if (defined($dbi_a->[7])) ++ { ++ $poldomain = $dbi_a->[7]; ++ } + } + + $dbi_s->finish; +@@ -564,7 +570,7 @@ + print $tmpout " \n"; + + print $tmpout " \n"; +- print $tmpout " $domain\n"; ++ print $tmpout " $poldomain\n"; + print $tmpout " $adkimstr\n"; + print $tmpout " $aspfstr\n"; + print $tmpout "

$policystr

\n"; diff --git a/network/opendmarc/patches/ticket207.patch b/network/opendmarc/patches/ticket207.patch deleted file mode 100644 index e86b8c770466..000000000000 --- a/network/opendmarc/patches/ticket207.patch +++ /dev/null @@ -1,49 +0,0 @@ -Index: opendmarc/reports/opendmarc-reports.in -=================================================================== ---- opendmarc.orig/reports/opendmarc-reports.in 2018-12-17 01:41:49.094337107 -0500 -+++ opendmarc/reports/opendmarc-reports.in 2018-12-17 01:41:49.090337107 -0500 -@@ -65,6 +65,7 @@ - my $forcedomain; - my @skipdomains; - -+my $poldomain; - my $policy; - my $spolicy; - my $policystr; -@@ -441,7 +442,7 @@ - next; - } - -- $dbi_s = $dbi_h->prepare("SELECT repuri, adkim, aspf, policy, spolicy, pct, UNIX_TIMESTAMP(lastsent) FROM requests WHERE domain = ?"); -+ $dbi_s = $dbi_h->prepare("SELECT repuri, adkim, aspf, requests.policy, spolicy, pct, UNIX_TIMESTAMP(lastsent), domains.name FROM requests JOIN messages ON messages.from_domain=requests.domain LEFT JOIN domains ON messages.policy_domain = domains.id WHERE domain = ? GROUP BY policy_domain"); - if (!$dbi_s->execute($domainid)) - { - print STDERR "$progname: can't get reporting URI for domain $domain: " . $dbi_h->errstr . "\n"; -@@ -451,6 +452,7 @@ - } - - undef $repuri; -+ $poldomain=$domain; - - while ($dbi_a = $dbi_s->fetchrow_arrayref()) - { -@@ -482,6 +484,10 @@ - { - $lastsent = $dbi_a->[6]; - } -+ if (defined($dbi_a->[7])) -+ { -+ $poldomain = $dbi_a->[7]; -+ } - } - - $dbi_s->finish; -@@ -564,7 +570,7 @@ - print $tmpout " \n"; - - print $tmpout " \n"; -- print $tmpout " $domain\n"; -+ print $tmpout " $poldomain\n"; - print $tmpout " $adkimstr\n"; - print $tmpout " $aspfstr\n"; - print $tmpout "

$policystr

\n"; diff --git a/network/opendmarc/patches/ticket208-fixed.patch b/network/opendmarc/patches/ticket208-fixed.patch new file mode 100644 index 000000000000..e44589e47113 --- /dev/null +++ b/network/opendmarc/patches/ticket208-fixed.patch @@ -0,0 +1,115 @@ +diff -ur opendmarc-1.3.2/opendmarc/opendmarc.c opendmarc-1.3.2_fix/opendmarc/opendmarc.c +--- opendmarc-1.3.2/opendmarc/opendmarc.c 2017-03-04 14:28:39.000000000 +0100 ++++ opendmarc-1.3.2_fix/opendmarc/opendmarc.c 2017-03-27 18:11:14.977304726 +0200 +@@ -168,6 +168,7 @@ + char * conf_ignorelist; + char ** conf_trustedauthservids; + char ** conf_ignoredomains; ++ char ** conf_ignorereceivers; + struct list * conf_domainwhitelist; + unsigned int conf_domainwhitelisthashcount; + }; +@@ -1226,6 +1227,11 @@ + if (str != NULL) + dmarcf_mkarray(str, ",", &conf->conf_ignoredomains); + ++ str = NULL; ++ (void) config_get(data, "IgnoreMailTo", &str, sizeof str); ++ if (str != NULL) ++ dmarcf_mkarray(str, ",", &conf->conf_ignorereceivers); ++ + (void) config_get(data, "AuthservIDWithJobID", + &conf->conf_authservidwithjobid, + sizeof conf->conf_authservidwithjobid); +@@ -2015,6 +2021,7 @@ + mlfi_eom(SMFICTX *ctx) + { + _Bool wspf = FALSE; ++ int skiphistory; + int c; + int pc; + int policy; +@@ -3147,7 +3154,34 @@ + ** Record activity in the history file. + */ + +- if (conf->conf_historyfile != NULL && ++ skiphistory = 0; ++ if (conf->conf_ignorereceivers != NULL) ++ { ++ struct dmarcf_header *to = dmarcf_findheader(dfc, "To", 0); ++ if (to != NULL) ++ { ++ char *val = to->hdr_value; ++ while (*val && !skiphistory) ++ { ++ memset(addrbuf, '\0', sizeof addrbuf); ++ strncpy(addrbuf, val, sizeof addrbuf - 1); ++ status = dmarcf_mail_parse(addrbuf, &user, &domain); ++ if (status == 0 && user != NULL && domain != NULL) ++ { ++ snprintf(replybuf, sizeof replybuf - 1, "%s@%s", user, domain); ++ if(dmarcf_match(replybuf, conf->conf_ignorereceivers, TRUE)) ++ { ++ skiphistory = 1; ++ } ++ } ++ while(*val && *val != ',' && *val != ';') ++ ++val; ++ if(*val) ++ ++val; ++ } ++ } ++ } ++ if (!skiphistory && conf->conf_historyfile != NULL && + (conf->conf_recordall || ostatus != DMARC_DNS_ERROR_NO_RECORD)) + { + FILE *f; +diff -ur opendmarc-1.3.2/opendmarc/opendmarc.conf.5.in opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.5.in +--- opendmarc-1.3.2/opendmarc/opendmarc.conf.5.in 2016-12-18 08:50:34.000000000 +0100 ++++ opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.5.in 2017-03-27 17:00:14.424955664 +0200 +@@ -185,6 +185,13 @@ + no mail is ignored. + + .TP ++.I IgnoreMailTo (string) ++Gives a list of mail addresses which aren't entered into the history file. ++This is useful to prevent exchanging single message reports. The ++list should be comma-separated. Matching against this list is ++case-insensitive. The default is an empty list, meaning no mail is ignored. ++ ++.TP + .I MilterDebug (integer) + Sets the debug level to be requested from the milter library. The + default is 0. +diff -ur opendmarc-1.3.2/opendmarc/opendmarc-config.h opendmarc-1.3.2_fix/opendmarc/opendmarc-config.h +--- opendmarc-1.3.2/opendmarc/opendmarc-config.h 2016-12-18 08:50:34.000000000 +0100 ++++ opendmarc-1.3.2_fix/opendmarc/opendmarc-config.h 2017-03-27 17:39:01.727649907 +0200 +@@ -35,6 +35,7 @@ + { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, + { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, + { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, ++ { "IgnoreMailTo", CONFIG_TYPE_STRING, FALSE }, + { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, + { "PidFile", CONFIG_TYPE_STRING, FALSE }, + { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, +diff -ur opendmarc-1.3.2/opendmarc/opendmarc.conf.sample opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.sample +--- opendmarc-1.3.2/opendmarc/opendmarc.conf.sample 2017-03-04 14:28:39.000000000 +0100 ++++ opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.sample 2017-03-27 17:39:32.594647158 +0200 +@@ -205,6 +205,16 @@ + # + # IgnoreMailFrom example.com + ++## IgnoreMailTo email[,...] ++## default (none) ++## ++## Gives a list of mail addresses which aren't entered into the history file. ++## This is useful to prevent exchanging mutual message reports. The ++## list should be comma-separated. Matching against this list is ++## case-insensitive. The default is an empty list, meaning no mail is ignored. ++# ++# IgnoreMailTo dmarc-ruf@example.com ++ + ## MilterDebug (integer) + ## default 0 + ## diff --git a/network/opendmarc/patches/ticket208.patch b/network/opendmarc/patches/ticket208.patch deleted file mode 100644 index fc8c6455d82f..000000000000 --- a/network/opendmarc/patches/ticket208.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff -ur opendmarc-1.3.2/opendmarc/opendmarc.c opendmarc-1.3.2_fix/opendmarc/opendmarc.c ---- opendmarc-1.3.2/opendmarc/opendmarc.c 2017-03-04 14:28:39.000000000 +0100 -+++ opendmarc-1.3.2_fix/opendmarc/opendmarc.c 2017-03-27 18:11:14.977304726 +0200 -@@ -168,7 +168,8 @@ - char * conf_ignorelist; - char ** conf_trustedauthservids; - char ** conf_ignoredomains; - struct list * conf_overridemlm; -+ char ** conf_ignorereceivers; - }; - - /* LIST -- basic linked list of strings */ -@@ -1226,6 +1227,11 @@ - if (str != NULL) - dmarcf_mkarray(str, &conf->conf_ignoredomains); - -+ str = NULL; -+ (void) config_get(data, "IgnoreMailTo", &str, sizeof str); -+ if (str != NULL) -+ dmarcf_mkarray(str, &conf->conf_ignorereceivers); -+ - (void) config_get(data, "AuthservIDWithJobID", - &conf->conf_authservidwithjobid, - sizeof conf->conf_authservidwithjobid); -@@ -2015,6 +2021,7 @@ - mlfi_eom(SMFICTX *ctx) - { - _Bool wspf = FALSE; -+ int skiphistory; - int c; - int pc; - int policy; -@@ -3147,7 +3154,34 @@ - ** Record activity in the history file. - */ - -- if (conf->conf_historyfile != NULL && -+ skiphistory = 0; -+ if (conf->conf_ignorereceivers != NULL) -+ { -+ struct dmarcf_header *to = dmarcf_findheader(dfc, "To", 0); -+ if (to != NULL) -+ { -+ char *val = to->hdr_value; -+ while (*val && !skiphistory) -+ { -+ memset(addrbuf, '\0', sizeof addrbuf); -+ strncpy(addrbuf, val, sizeof addrbuf - 1); -+ status = dmarcf_mail_parse(addrbuf, &user, &domain); -+ if (status == 0 && user != NULL && domain != NULL) -+ { -+ snprintf(replybuf, sizeof replybuf - 1, "%s@%s", user, domain); -+ if(dmarcf_match(replybuf, conf->conf_ignorereceivers, TRUE)) -+ { -+ skiphistory = 1; -+ } -+ } -+ while(*val && *val != ',' && *val != ';') -+ ++val; -+ if(*val) -+ ++val; -+ } -+ } -+ } -+ if (!skiphistory && conf->conf_historyfile != NULL && - (conf->conf_recordall || ostatus != DMARC_DNS_ERROR_NO_RECORD)) - { - FILE *f; -diff -ur opendmarc-1.3.2/opendmarc/opendmarc.conf.5.in opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.5.in ---- opendmarc-1.3.2/opendmarc/opendmarc.conf.5.in 2016-12-18 08:50:34.000000000 +0100 -+++ opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.5.in 2017-03-27 17:00:14.424955664 +0200 -@@ -185,6 +185,13 @@ - no mail is ignored. - - .TP -+.I IgnoreMailTo (string) -+Gives a list of mail addresses which aren't entered into the history file. -+This is useful to prevent exchanging single message reports. The -+list should be comma-separated. Matching against this list is -+case-insensitive. The default is an empty list, meaning no mail is ignored. -+ -+.TP - .I MilterDebug (integer) - Sets the debug level to be requested from the milter library. The - default is 0. -diff -ur opendmarc-1.3.2/opendmarc/opendmarc-config.h opendmarc-1.3.2_fix/opendmarc/opendmarc-config.h ---- opendmarc-1.3.2/opendmarc/opendmarc-config.h 2016-12-18 08:50:34.000000000 +0100 -+++ opendmarc-1.3.2_fix/opendmarc/opendmarc-config.h 2017-03-27 17:39:01.727649907 +0200 -@@ -35,6 +35,7 @@ - { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, - { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, - { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, -+ { "IgnoreMailTo", CONFIG_TYPE_STRING, FALSE }, - { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, - { "PidFile", CONFIG_TYPE_STRING, FALSE }, - { "PublicSuffixList", CONFIG_TYPE_STRING, FALSE }, -diff -ur opendmarc-1.3.2/opendmarc/opendmarc.conf.sample opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.sample ---- opendmarc-1.3.2/opendmarc/opendmarc.conf.sample 2017-03-04 14:28:39.000000000 +0100 -+++ opendmarc-1.3.2_fix/opendmarc/opendmarc.conf.sample 2017-03-27 17:39:32.594647158 +0200 -@@ -205,6 +205,16 @@ - # - # IgnoreMailFrom example.com - -+## IgnoreMailTo email[,...] -+## default (none) -+## -+## Gives a list of mail addresses which aren't entered into the history file. -+## This is useful to prevent exchanging mutual message reports. The -+## list should be comma-separated. Matching against this list is -+## case-insensitive. The default is an empty list, meaning no mail is ignored. -+# -+# IgnoreMailTo dmarc-ruf@example.com -+ - ## MilterDebug (integer) - ## default 0 - ## diff --git a/network/opendmarc/patches/ticket227.patch b/network/opendmarc/patches/ticket227.patch deleted file mode 100644 index b2786aef6155..000000000000 --- a/network/opendmarc/patches/ticket227.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c -index 36412e4..f151fda 100644 ---- a/libopendmarc/opendmarc_policy.c -+++ b/libopendmarc/opendmarc_policy.c -@@ -1058,7 +1058,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - /* - * Be generous. Accept, for example, "rf=a, aspf=afrf or any -@@ -1100,7 +1100,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - pctx->rua_list = opendmarc_util_pushargv(xp, pctx->rua_list, - &(pctx->rua_cnt)); -@@ -1132,7 +1132,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - pctx->ruf_list = opendmarc_util_pushargv(xp, pctx->ruf_list, - &(pctx->ruf_cnt)); -@@ -1159,7 +1159,7 @@ opendmarc_policy_parse_dmarc(DMARC_POLICY_T *pctx, u_char *domain, u_char *recor - *yp = '\0'; - - xp = opendmarc_util_cleanup(xp, xbuf, sizeof xbuf); -- if (xp != NULL || strlen((char *)xp) > 0) -+ if (xp != NULL && strlen((char *)xp) > 0) - { - switch ((int)*xp) - { diff --git a/network/opendmarc/patches/z00_ticket138_v3.patch b/network/opendmarc/patches/z00_ticket138_v3.patch deleted file mode 100644 index 4bcd4f92b4b4..000000000000 --- a/network/opendmarc/patches/z00_ticket138_v3.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h -index 28f605e..ff4983d 100644 ---- a/opendmarc/opendmarc-config.h -+++ b/opendmarc/opendmarc-config.h -@@ -32,6 +32,7 @@ struct configdef dmarcf_config[] = - { "FailureReportsOnNone", CONFIG_TYPE_BOOLEAN, FALSE }, - { "FailureReportsSentBy", CONFIG_TYPE_STRING, FALSE }, - { "HistoryFile", CONFIG_TYPE_STRING, FALSE }, -+ { "HoldQuarantinedMessages", CONFIG_TYPE_BOOLEAN, FALSE }, - { "IgnoreAuthenticatedClients", CONFIG_TYPE_BOOLEAN, FALSE }, - { "IgnoreHosts", CONFIG_TYPE_STRING, FALSE }, - { "IgnoreMailFrom", CONFIG_TYPE_STRING, FALSE }, -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index 0179f4d..5aade55 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -155,6 +155,7 @@ struct dmarcf_config - _Bool conf_spfselfvalidate; - #endif /* WITH_SPF */ - _Bool conf_ignoreauthclients; -+ _Bool conf_holdquarantinedmessages; - unsigned int conf_refcnt; - unsigned int conf_dnstimeout; - struct config * conf_data; -@@ -1297,6 +1298,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf, - &conf->conf_recordall, - sizeof conf->conf_recordall); - -+ (void) config_get(data, "HoldQuarantinedMessages", -+ &conf->conf_holdquarantinedmessages, -+ sizeof conf->conf_holdquarantinedmessages); -+ - (void) config_get(data, "IgnoreAuthenticatedClients", - &conf->conf_ignoreauthclients, - sizeof conf->conf_ignoreauthclients); -@@ -3064,7 +3069,8 @@ mlfi_eom(SMFICTX *ctx) - } - else - { -- if (conf->conf_rejectfail && random() % 100 < pct) -+ if (conf->conf_rejectfail && random() % 100 < pct && -+ conf->conf_holdquarantinedmessages) - { - snprintf(replybuf, sizeof replybuf, - "quarantined by DMARC policy for %s", -diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in -index 9ee16ae..565e992 100644 ---- a/opendmarc/opendmarc.conf.5.in -+++ b/opendmarc/opendmarc.conf.5.in -@@ -167,6 +167,13 @@ rather periodically imported into a relational database from which the - aggregate reports can be extracted. - - .TP -+.I HoldQuarantinedMessages (Boolean) -+If set to true, causes mail that fails the DMARC tests to get hold -+by the MTA if the purported sender of the message has a policy of -+"quarantine". Does nothing if the policy is either "none" or "reject". -+The default is "true". -+ -+.TP - .I IgnoreAuthenticatedClients (Boolean) - If set, causes mail from authenticated clients (i.e., those that used - SMTP AUTH) to be ignored by the filter. The default is "false". -diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample -index fbfa49d..a2e1da3 100644 ---- a/opendmarc/opendmarc.conf.sample -+++ b/opendmarc/opendmarc.conf.sample -@@ -177,6 +177,15 @@ - # - # HistoryFile /var/run/opendmarc.dat - -+## HoldQuarantinedMessages { true | false } -+## default "true" -+## -+## If set to true, causes mail that fails the DMARC tests to get hold -+## by the MTA if the purported sender of the message has a policy of -+## "quarantine". Does nothing if the policy is either "none" or "reject". -+# -+# HoldQuarantinedMessages true -+ - ## IgnoreAuthenticatedClients { true | false } - ## default "false" - ## diff --git a/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch b/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch deleted file mode 100644 index 3a702fe8c055..000000000000 --- a/network/opendmarc/patches/z06_use_envdomain_SPF_logging.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index f5c30f9..29f3f93 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -2542,7 +2542,7 @@ mlfi_eom(SMFICTX *ctx) - &used_mfrom); - if (used_mfrom == TRUE) - { -- use_domain = dfc->mctx_envfrom; -+ use_domain = dfc->mctx_envdomain; - spf_mode = DMARC_POLICY_SPF_ORIGIN_MAILFROM; - } - else -- cgit v1.2.3