Commit | Line | Data |
---|---|---|
420a0d19 CE |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | /* Experimental DMARC support. | |
5 | Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014 | |
6 | License: GPL */ | |
7 | ||
8 | /* Portions Copyright (c) 2012, 2013, The Trusted Domain Project; | |
9 | All rights reserved, licensed for use per LICENSE.opendmarc. */ | |
10 | ||
11 | /* Code for calling dmarc checks via libopendmarc. Called from acl.c. */ | |
12 | ||
13 | #include "exim.h" | |
14 | #ifdef EXPERIMENTAL_DMARC | |
15 | # if !defined EXPERIMENTAL_SPF | |
16 | # error SPF must also be enabled for DMARC | |
17 | # elif defined DISABLE_DKIM | |
18 | # error DKIM must also be enabled for DMARC | |
19 | # else | |
20 | ||
21 | # include "functions.h" | |
22 | # include "dmarc.h" | |
23 | # include "pdkim/pdkim.h" | |
24 | ||
25 | OPENDMARC_LIB_T dmarc_ctx; | |
26 | DMARC_POLICY_T *dmarc_pctx = NULL; | |
27 | OPENDMARC_STATUS_T libdm_status, action, dmarc_policy; | |
28 | OPENDMARC_STATUS_T da, sa, action; | |
29 | BOOL dmarc_abort = FALSE; | |
30 | uschar *dmarc_pass_fail = US"skipped"; | |
31 | extern pdkim_signature *dkim_signatures; | |
32 | header_line *from_header = NULL; | |
33 | extern SPF_response_t *spf_response; | |
34 | int dmarc_spf_ares_result = 0; | |
35 | uschar *spf_sender_domain = NULL; | |
36 | uschar *spf_human_readable = NULL; | |
37 | u_char *header_from_sender = NULL; | |
38 | int history_file_status = DMARC_HIST_OK; | |
39 | uschar *dkim_history_buffer= NULL; | |
40 | ||
41 | typedef struct dmarc_exim_p { | |
42 | uschar *name; | |
43 | int value; | |
44 | } dmarc_exim_p; | |
45 | ||
46 | static dmarc_exim_p dmarc_policy_description[] = { | |
47 | { US"", DMARC_RECORD_P_UNSPECIFIED }, | |
48 | { US"none", DMARC_RECORD_P_NONE }, | |
49 | { US"quarantine", DMARC_RECORD_P_QUARANTINE }, | |
50 | { US"reject", DMARC_RECORD_P_REJECT }, | |
51 | { NULL, 0 } | |
52 | }; | |
53 | /* Accept an error_block struct, initialize if empty, parse to the | |
54 | * end, and append the two strings passed to it. Used for adding | |
55 | * variable amounts of value:pair data to the forensic emails. */ | |
56 | ||
57 | static error_block * | |
58 | add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) | |
59 | { | |
2813c06e | 60 | error_block *eb = store_malloc(sizeof(error_block)); |
420a0d19 CE |
61 | if (eblock == NULL) |
62 | eblock = eb; | |
63 | else | |
64 | { | |
65 | /* Find the end of the eblock struct and point it at eb */ | |
66 | error_block *tmp = eblock; | |
67 | while(tmp->next != NULL) | |
68 | tmp = tmp->next; | |
69 | tmp->next = eb; | |
70 | } | |
71 | eb->text1 = t1; | |
72 | eb->text2 = t2; | |
73 | eb->next = NULL; | |
74 | return eblock; | |
75 | } | |
76 | ||
77 | /* dmarc_init sets up a context that can be re-used for several | |
78 | messages on the same SMTP connection (that come from the | |
79 | same host with the same HELO string) */ | |
80 | ||
81 | int dmarc_init() | |
82 | { | |
83 | int *netmask = NULL; /* Ignored */ | |
84 | int is_ipv6 = 0; | |
85 | char *tld_file = (dmarc_tld_file == NULL) ? | |
86 | "/etc/exim/opendmarc.tlds" : | |
87 | (char *)dmarc_tld_file; | |
88 | ||
89 | /* Set some sane defaults. Also clears previous results when | |
90 | * multiple messages in one connection. */ | |
91 | dmarc_pctx = NULL; | |
92 | dmarc_status = US"none"; | |
93 | dmarc_abort = FALSE; | |
94 | dmarc_pass_fail = US"skipped"; | |
95 | dmarc_used_domain = US""; | |
96 | dmarc_ar_header = NULL; | |
97 | dmarc_has_been_checked = FALSE; | |
98 | header_from_sender = NULL; | |
99 | spf_sender_domain = NULL; | |
100 | spf_human_readable = NULL; | |
101 | ||
102 | /* ACLs have "control=dmarc_disable_verify" */ | |
103 | if (dmarc_disable_verify == TRUE) | |
104 | return OK; | |
105 | ||
106 | (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx); | |
107 | dmarc_ctx.nscount = 0; | |
108 | libdm_status = opendmarc_policy_library_init(&dmarc_ctx); | |
109 | if (libdm_status != DMARC_PARSE_OKAY) | |
110 | { | |
111 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s", | |
112 | opendmarc_policy_status_to_str(libdm_status)); | |
113 | dmarc_abort = TRUE; | |
114 | } | |
115 | if (dmarc_tld_file == NULL) | |
116 | dmarc_abort = TRUE; | |
117 | else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL)) | |
118 | { | |
119 | log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", | |
120 | tld_file, errno); | |
121 | dmarc_abort = TRUE; | |
122 | } | |
123 | if (sender_host_address == NULL) | |
124 | dmarc_abort = TRUE; | |
125 | /* This catches locally originated email and startup errors above. */ | |
126 | if (!dmarc_abort) | |
127 | { | |
128 | is_ipv6 = string_is_ip_address(sender_host_address, netmask) == 6; | |
129 | dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6); | |
130 | if (dmarc_pctx == NULL) | |
131 | { | |
132 | log_write(0, LOG_MAIN|LOG_PANIC, | |
133 | "DMARC failure creating policy context: ip=%s", sender_host_address); | |
134 | dmarc_abort = TRUE; | |
135 | } | |
136 | } | |
137 | ||
138 | return OK; | |
139 | } | |
140 | ||
141 | ||
142 | /* dmarc_store_data stores the header data so that subsequent | |
143 | * dmarc_process can access the data */ | |
144 | ||
145 | int dmarc_store_data(header_line *hdr) { | |
146 | /* No debug output because would change every test debug output */ | |
147 | if (dmarc_disable_verify != TRUE) | |
148 | from_header = hdr; | |
149 | return OK; | |
150 | } | |
151 | ||
152 | ||
2813c06e CE |
153 | static void |
154 | dmarc_send_forensic_report(u_char **ruf) | |
155 | { | |
156 | int c; | |
157 | uschar *recipient, *save_sender; | |
158 | BOOL send_status = FALSE; | |
159 | error_block *eblock = NULL; | |
160 | FILE *message_file = NULL; | |
161 | ||
162 | /* Earlier ACL does not have *required* control=dmarc_enable_forensic */ | |
163 | if (!dmarc_enable_forensic) | |
164 | return; | |
165 | ||
166 | if ( dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT | |
167 | || dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE | |
168 | || dmarc_policy == DMARC_POLICY_NONE && action == DMARC_RESULT_REJECT | |
169 | || dmarc_policy == DMARC_POLICY_NONE && action == DMARC_RESULT_QUARANTINE | |
170 | ) | |
171 | if (ruf) | |
172 | { | |
173 | eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); | |
174 | eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); | |
175 | eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); | |
176 | eblock = add_to_eblock(eblock, US"SPF Alignment", | |
177 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); | |
178 | eblock = add_to_eblock(eblock, US"DKIM Alignment", | |
179 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); | |
180 | eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); | |
181 | /* Set a sane default envelope sender */ | |
182 | dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : | |
183 | dsn_from ? dsn_from : | |
184 | string_sprintf("do-not-reply@%s",primary_hostname); | |
185 | for (c = 0; ruf[c]; c++) | |
186 | { | |
187 | recipient = string_copylc(ruf[c]); | |
188 | if (Ustrncmp(recipient, "mailto:",7)) | |
189 | continue; | |
190 | /* Move to first character past the colon */ | |
191 | recipient += 7; | |
192 | DEBUG(D_receive) | |
193 | debug_printf("DMARC forensic report to %s%s\n", recipient, | |
194 | (host_checking || running_in_test_harness) ? " (not really)" : ""); | |
195 | if (host_checking || running_in_test_harness) | |
196 | continue; | |
197 | ||
198 | save_sender = sender_address; | |
199 | sender_address = recipient; | |
200 | send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, | |
201 | header_list, message_file, FALSE); | |
202 | sender_address = save_sender; | |
203 | if (!send_status) | |
204 | log_write(0, LOG_MAIN|LOG_PANIC, | |
205 | "failure to send DMARC forensic report to %s", recipient); | |
206 | } | |
207 | } | |
208 | } | |
209 | ||
420a0d19 CE |
210 | /* dmarc_process adds the envelope sender address to the existing |
211 | context (if any), retrieves the result, sets up expansion | |
212 | strings and evaluates the condition outcome. */ | |
213 | ||
214 | int | |
215 | dmarc_process() | |
216 | { | |
217 | int sr, origin; /* used in SPF section */ | |
218 | int dmarc_spf_result = 0; /* stores spf into dmarc conn ctx */ | |
219 | int tmp_ans, c; | |
220 | pdkim_signature *sig = NULL; | |
221 | BOOL has_dmarc_record = TRUE; | |
222 | u_char **ruf; /* forensic report addressees, if called for */ | |
223 | ||
224 | /* ACLs have "control=dmarc_disable_verify" */ | |
225 | if (dmarc_disable_verify) | |
226 | { | |
227 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); | |
228 | return OK; | |
229 | } | |
230 | ||
231 | /* Store the header From: sender domain for this part of DMARC. | |
232 | * If there is no from_header struct, then it's likely this message | |
233 | * is locally generated and relying on fixups to add it. Just skip | |
234 | * the entire DMARC system if we can't find a From: header....or if | |
235 | * there was a previous error. | |
236 | */ | |
237 | if (!from_header || dmarc_abort) | |
238 | dmarc_abort = TRUE; | |
239 | else | |
240 | { | |
241 | uschar * errormsg; | |
242 | int dummy, domain; | |
243 | uschar * p; | |
244 | uschar saveend; | |
245 | ||
246 | parse_allow_group = TRUE; | |
247 | p = parse_find_address_end(from_header->text, FALSE); | |
248 | saveend = *p; *p = '\0'; | |
249 | if ((header_from_sender = parse_extract_address(from_header->text, &errormsg, | |
250 | &dummy, &dummy, &domain, FALSE))) | |
251 | header_from_sender += domain; | |
252 | *p = saveend; | |
253 | ||
254 | /* The opendmarc library extracts the domain from the email address, but | |
255 | * only try to store it if it's not empty. Otherwise, skip out of DMARC. */ | |
256 | if (!header_from_sender || (strcmp( CCS header_from_sender, "") == 0)) | |
257 | dmarc_abort = TRUE; | |
258 | libdm_status = dmarc_abort ? | |
259 | DMARC_PARSE_OKAY : | |
260 | opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender); | |
261 | if (libdm_status != DMARC_PARSE_OKAY) | |
262 | { | |
263 | log_write(0, LOG_MAIN|LOG_PANIC, | |
264 | "failure to store header From: in DMARC: %s, header was '%s'", | |
265 | opendmarc_policy_status_to_str(libdm_status), from_header->text); | |
266 | dmarc_abort = TRUE; | |
267 | } | |
268 | } | |
269 | ||
270 | /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should | |
271 | * instead do this in the ACLs. */ | |
272 | if (!dmarc_abort && !sender_host_authenticated) | |
273 | { | |
274 | /* Use the envelope sender domain for this part of DMARC */ | |
275 | spf_sender_domain = expand_string(US"$sender_address_domain"); | |
276 | if (!spf_response) | |
277 | { | |
278 | /* No spf data means null envelope sender so generate a domain name | |
279 | * from the sender_helo_name */ | |
280 | if (!spf_sender_domain) | |
281 | { | |
282 | spf_sender_domain = sender_helo_name; | |
283 | log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", | |
284 | spf_sender_domain); | |
285 | DEBUG(D_receive) | |
286 | debug_printf("DMARC using synthesized SPF sender domain = %s\n", | |
287 | spf_sender_domain); | |
288 | } | |
289 | dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE; | |
290 | dmarc_spf_ares_result = ARES_RESULT_UNKNOWN; | |
291 | origin = DMARC_POLICY_SPF_ORIGIN_HELO; | |
292 | spf_human_readable = US""; | |
293 | } | |
294 | else | |
295 | { | |
296 | sr = spf_response->result; | |
297 | dmarc_spf_result = sr == SPF_RESULT_NEUTRAL ? DMARC_POLICY_SPF_OUTCOME_NONE : | |
298 | sr == SPF_RESULT_PASS ? DMARC_POLICY_SPF_OUTCOME_PASS : | |
299 | sr == SPF_RESULT_FAIL ? DMARC_POLICY_SPF_OUTCOME_FAIL : | |
300 | sr == SPF_RESULT_SOFTFAIL ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL : | |
301 | DMARC_POLICY_SPF_OUTCOME_NONE; | |
302 | dmarc_spf_ares_result = sr == SPF_RESULT_NEUTRAL ? ARES_RESULT_NEUTRAL : | |
303 | sr == SPF_RESULT_PASS ? ARES_RESULT_PASS : | |
304 | sr == SPF_RESULT_FAIL ? ARES_RESULT_FAIL : | |
305 | sr == SPF_RESULT_SOFTFAIL ? ARES_RESULT_SOFTFAIL : | |
306 | sr == SPF_RESULT_NONE ? ARES_RESULT_NONE : | |
307 | sr == SPF_RESULT_TEMPERROR ? ARES_RESULT_TEMPERROR : | |
308 | sr == SPF_RESULT_PERMERROR ? ARES_RESULT_PERMERROR : | |
309 | ARES_RESULT_UNKNOWN; | |
310 | origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM; | |
311 | spf_human_readable = (uschar *)spf_response->header_comment; | |
312 | DEBUG(D_receive) | |
313 | debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain); | |
314 | } | |
315 | if (strcmp( CCS spf_sender_domain, "") == 0) | |
316 | dmarc_abort = TRUE; | |
317 | if (!dmarc_abort) | |
318 | { | |
319 | libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain, | |
320 | dmarc_spf_result, origin, spf_human_readable); | |
321 | if (libdm_status != DMARC_PARSE_OKAY) | |
322 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s", | |
323 | opendmarc_policy_status_to_str(libdm_status)); | |
324 | } | |
325 | ||
326 | /* Now we cycle through the dkim signature results and put into | |
327 | * the opendmarc context, further building the DMARC reply. */ | |
328 | sig = dkim_signatures; | |
329 | dkim_history_buffer = US""; | |
330 | while (sig) | |
331 | { | |
332 | int dkim_result, dkim_ares_result, vs, ves; | |
333 | vs = sig->verify_status; | |
334 | ves = sig->verify_ext_status; | |
335 | dkim_result = vs == PDKIM_VERIFY_PASS ? DMARC_POLICY_DKIM_OUTCOME_PASS : | |
336 | vs == PDKIM_VERIFY_FAIL ? DMARC_POLICY_DKIM_OUTCOME_FAIL : | |
337 | vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : | |
338 | DMARC_POLICY_DKIM_OUTCOME_NONE; | |
339 | libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain, | |
340 | dkim_result, US""); | |
341 | DEBUG(D_receive) | |
342 | debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); | |
343 | if (libdm_status != DMARC_PARSE_OKAY) | |
344 | log_write(0, LOG_MAIN|LOG_PANIC, | |
345 | "failure to store dkim (%s) for DMARC: %s", | |
346 | sig->domain, opendmarc_policy_status_to_str(libdm_status)); | |
347 | ||
348 | dkim_ares_result = | |
349 | vs == PDKIM_VERIFY_PASS ? ARES_RESULT_PASS : | |
350 | vs == PDKIM_VERIFY_FAIL ? ARES_RESULT_FAIL : | |
351 | vs == PDKIM_VERIFY_NONE ? ARES_RESULT_NONE : | |
352 | vs == PDKIM_VERIFY_INVALID ? | |
353 | ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR : | |
354 | ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR : | |
2813c06e CE |
355 | ves == PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD ? ARES_RESULT_PERMERROR : |
356 | ves == PDKIM_VERIFY_INVALID_PUBKEY_IMPORT ? ARES_RESULT_PERMERROR : | |
420a0d19 CE |
357 | ARES_RESULT_UNKNOWN : |
358 | ARES_RESULT_UNKNOWN; | |
359 | dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer, | |
360 | sig->domain, dkim_ares_result); | |
361 | sig = sig->next; | |
362 | } | |
363 | libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US""); | |
364 | switch (libdm_status) | |
365 | { | |
366 | case DMARC_DNS_ERROR_NXDOMAIN: | |
367 | case DMARC_DNS_ERROR_NO_RECORD: | |
368 | DEBUG(D_receive) | |
369 | debug_printf("DMARC no record found for %s\n", header_from_sender); | |
370 | has_dmarc_record = FALSE; | |
371 | break; | |
372 | case DMARC_PARSE_OKAY: | |
373 | DEBUG(D_receive) | |
374 | debug_printf("DMARC record found for %s\n", header_from_sender); | |
375 | break; | |
376 | case DMARC_PARSE_ERROR_BAD_VALUE: | |
377 | DEBUG(D_receive) | |
378 | debug_printf("DMARC record parse error for %s\n", header_from_sender); | |
379 | has_dmarc_record = FALSE; | |
380 | break; | |
381 | default: | |
382 | /* everything else, skip dmarc */ | |
383 | DEBUG(D_receive) | |
384 | debug_printf("DMARC skipping (%d), unsure what to do with %s", | |
385 | libdm_status, from_header->text); | |
386 | has_dmarc_record = FALSE; | |
387 | break; | |
388 | } | |
389 | ||
390 | /* Store the policy string in an expandable variable. */ | |
391 | ||
392 | libdm_status = opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans); | |
393 | for (c = 0; dmarc_policy_description[c].name; c++) | |
394 | if (tmp_ans == dmarc_policy_description[c].value) | |
395 | { | |
396 | dmarc_domain_policy = string_sprintf("%s",dmarc_policy_description[c].name); | |
397 | break; | |
398 | } | |
399 | ||
400 | /* Can't use exim's string manipulation functions so allocate memory | |
401 | * for libopendmarc using its max hostname length definition. */ | |
402 | ||
403 | uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar)); | |
404 | libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, | |
405 | dmarc_domain, DMARC_MAXHOSTNAMELEN-1); | |
406 | dmarc_used_domain = string_copy(dmarc_domain); | |
407 | free(dmarc_domain); | |
408 | ||
409 | if (libdm_status != DMARC_PARSE_OKAY) | |
410 | log_write(0, LOG_MAIN|LOG_PANIC, | |
411 | "failure to read domainname used for DMARC lookup: %s", | |
412 | opendmarc_policy_status_to_str(libdm_status)); | |
413 | ||
414 | libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx); | |
415 | dmarc_policy = libdm_status; | |
416 | switch(libdm_status) | |
417 | { | |
418 | case DMARC_POLICY_ABSENT: /* No DMARC record found */ | |
419 | dmarc_status = US"norecord"; | |
420 | dmarc_pass_fail = US"none"; | |
421 | dmarc_status_text = US"No DMARC record"; | |
422 | action = DMARC_RESULT_ACCEPT; | |
423 | break; | |
424 | case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */ | |
425 | dmarc_status = US"nofrom"; | |
426 | dmarc_pass_fail = US"temperror"; | |
427 | dmarc_status_text = US"No From: domain found"; | |
428 | action = DMARC_RESULT_ACCEPT; | |
429 | break; | |
430 | case DMARC_POLICY_NONE: /* Accept and report */ | |
431 | dmarc_status = US"none"; | |
432 | dmarc_pass_fail = US"none"; | |
433 | dmarc_status_text = US"None, Accept"; | |
434 | action = DMARC_RESULT_ACCEPT; | |
435 | break; | |
436 | case DMARC_POLICY_PASS: /* Explicit accept */ | |
437 | dmarc_status = US"accept"; | |
438 | dmarc_pass_fail = US"pass"; | |
439 | dmarc_status_text = US"Accept"; | |
440 | action = DMARC_RESULT_ACCEPT; | |
441 | break; | |
442 | case DMARC_POLICY_REJECT: /* Explicit reject */ | |
443 | dmarc_status = US"reject"; | |
444 | dmarc_pass_fail = US"fail"; | |
445 | dmarc_status_text = US"Reject"; | |
446 | action = DMARC_RESULT_REJECT; | |
447 | break; | |
448 | case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ | |
449 | dmarc_status = US"quarantine"; | |
450 | dmarc_pass_fail = US"fail"; | |
451 | dmarc_status_text = US"Quarantine"; | |
452 | action = DMARC_RESULT_QUARANTINE; | |
453 | break; | |
454 | default: | |
455 | dmarc_status = US"temperror"; | |
456 | dmarc_pass_fail = US"temperror"; | |
457 | dmarc_status_text = US"Internal Policy Error"; | |
458 | action = DMARC_RESULT_TEMPFAIL; | |
459 | break; | |
460 | } | |
461 | ||
462 | libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa); | |
463 | if (libdm_status != DMARC_PARSE_OKAY) | |
464 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s", | |
465 | opendmarc_policy_status_to_str(libdm_status)); | |
466 | ||
467 | if (has_dmarc_record == TRUE) | |
468 | { | |
469 | log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s " | |
470 | "spf_align=%s dkim_align=%s enforcement='%s'", | |
471 | spf_sender_domain, dmarc_used_domain, | |
472 | (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no", | |
473 | (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no", | |
474 | dmarc_status_text); | |
475 | history_file_status = dmarc_write_history_file(); | |
476 | /* Now get the forensic reporting addresses, if any */ | |
477 | ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1); | |
478 | dmarc_send_forensic_report(ruf); | |
479 | } | |
480 | } | |
481 | ||
482 | /* set some global variables here */ | |
483 | dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); | |
484 | ||
485 | /* shut down libopendmarc */ | |
486 | if ( dmarc_pctx != NULL ) | |
487 | (void) opendmarc_policy_connect_shutdown(dmarc_pctx); | |
488 | if ( dmarc_disable_verify == FALSE ) | |
489 | (void) opendmarc_policy_library_shutdown(&dmarc_ctx); | |
490 | ||
491 | return OK; | |
492 | } | |
493 | ||
494 | int | |
495 | dmarc_write_history_file() | |
496 | { | |
497 | int history_file_fd; | |
498 | ssize_t written_len; | |
499 | int tmp_ans; | |
500 | u_char **rua; /* aggregate report addressees */ | |
501 | uschar *history_buffer = NULL; | |
502 | ||
503 | if (!dmarc_history_file) | |
504 | return DMARC_HIST_DISABLED; | |
505 | history_file_fd = log_create(dmarc_history_file); | |
506 | ||
507 | if (history_file_fd < 0) | |
508 | { | |
509 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s", | |
510 | dmarc_history_file); | |
511 | return DMARC_HIST_FILE_ERR; | |
512 | } | |
513 | ||
514 | /* Generate the contents of the history file */ | |
515 | history_buffer = string_sprintf( | |
516 | "job %s\nreporter %s\nreceived %ld\nipaddr %s\nfrom %s\nmfrom %s\n", | |
517 | message_id, primary_hostname, time(NULL), sender_host_address, | |
518 | header_from_sender, expand_string(US"$sender_address_domain")); | |
519 | ||
520 | if (spf_response) | |
521 | history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_ares_result); | |
522 | /* history_buffer = string_sprintf("%sspf -1\n", history_buffer); */ | |
523 | ||
524 | history_buffer = string_sprintf( | |
525 | "%s%spdomain %s\npolicy %d\n", | |
526 | history_buffer, dkim_history_buffer, dmarc_used_domain, dmarc_policy); | |
527 | ||
528 | if ((rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1))) | |
529 | for (tmp_ans = 0; rua[tmp_ans]; tmp_ans++) | |
530 | history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]); | |
531 | else | |
532 | history_buffer = string_sprintf("%srua -\n", history_buffer); | |
533 | ||
534 | opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans); | |
535 | history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans); | |
536 | ||
537 | opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans); | |
538 | history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans); | |
539 | ||
540 | opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans); | |
541 | history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans); | |
542 | ||
543 | opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans); | |
544 | history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans); | |
545 | ||
546 | opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans); | |
547 | history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans); | |
548 | ||
549 | history_buffer = string_sprintf( | |
550 | "%salign_dkim %d\nalign_spf %d\naction %d\n", | |
551 | history_buffer, da, sa, action); | |
552 | ||
553 | /* Write the contents to the history file */ | |
554 | DEBUG(D_receive) | |
555 | debug_printf("DMARC logging history data for opendmarc reporting%s\n", | |
556 | (host_checking || running_in_test_harness) ? " (not really)" : ""); | |
557 | if (host_checking || running_in_test_harness) | |
558 | { | |
559 | DEBUG(D_receive) | |
560 | debug_printf("DMARC history data for debugging:\n%s", history_buffer); | |
561 | } | |
562 | else | |
563 | { | |
564 | written_len = write_to_fd_buf(history_file_fd, | |
565 | history_buffer, | |
566 | Ustrlen(history_buffer)); | |
567 | if (written_len == 0) | |
568 | { | |
569 | log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s", | |
570 | dmarc_history_file); | |
571 | return DMARC_HIST_WRITE_ERR; | |
572 | } | |
573 | (void)close(history_file_fd); | |
574 | } | |
575 | return DMARC_HIST_OK; | |
576 | } | |
577 | ||
420a0d19 CE |
578 | uschar * |
579 | dmarc_exim_expand_query(int what) | |
580 | { | |
581 | if (dmarc_disable_verify || !dmarc_pctx) | |
582 | return dmarc_exim_expand_defaults(what); | |
583 | ||
584 | switch(what) | |
585 | { | |
586 | case DMARC_VERIFY_STATUS: | |
587 | return(dmarc_status); | |
588 | default: | |
589 | return US""; | |
590 | } | |
591 | } | |
592 | ||
593 | uschar * | |
594 | dmarc_exim_expand_defaults(int what) | |
595 | { | |
596 | switch(what) | |
597 | { | |
598 | case DMARC_VERIFY_STATUS: | |
599 | return dmarc_disable_verify ? US"off" : US"none"; | |
600 | default: | |
601 | return US""; | |
602 | } | |
603 | } | |
604 | ||
605 | uschar * | |
606 | dmarc_auth_results_header(header_line *from_header, uschar *hostname) | |
607 | { | |
608 | uschar *hdr_tmp = US""; | |
609 | ||
610 | /* Allow a server hostname to be passed to this function, but is | |
611 | * currently unused */ | |
612 | if (!hostname) | |
613 | hostname = primary_hostname; | |
614 | hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname); | |
615 | ||
616 | #if 0 | |
617 | /* I don't think this belongs here, but left it here commented out | |
618 | * because it was a lot of work to get working right. */ | |
619 | if (spf_response != NULL) { | |
620 | uschar *dmarc_ar_spf = US""; | |
621 | int sr = 0; | |
622 | sr = spf_response->result; | |
623 | dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" : | |
624 | (sr == SPF_RESULT_PASS) ? US"pass" : | |
625 | (sr == SPF_RESULT_FAIL) ? US"fail" : | |
626 | (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" : | |
627 | US"none"; | |
628 | hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;", | |
629 | hdr_tmp, dmarc_ar_spf_result, | |
630 | spf_response->header_comment, | |
631 | expand_string(US"$sender_address") ); | |
632 | } | |
633 | #endif | |
634 | ||
635 | hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail); | |
636 | if (header_from_sender) | |
637 | hdr_tmp = string_sprintf("%s header.from=%s", | |
638 | hdr_tmp, header_from_sender); | |
639 | return hdr_tmp; | |
640 | } | |
641 | ||
642 | # endif /* EXPERIMENTAL_SPF */ | |
643 | #endif /* EXPERIMENTAL_DMARC */ | |
644 | /* vi: aw ai sw=2 | |
645 | */ |