[exim] Re: dmarc_history_file - incomplete data logged for s…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Mackenzie Taiaroa
Dátum:  
Címzett: Mackenzie via Exim-users
Tárgy: [exim] Re: dmarc_history_file - incomplete data logged for spf and dkim
Good day Victor,


*Building exim with ARC support does not solve the "arc" and
"arc_policy"fields problem.*

Good to know.



*patch-src__exim-4.96-fix-opemdmarc-1.4.x-history_file.patch just outputsa
DKIM selector to the file to fix problems with the
dmarc_history_fileformat.*

Maybe this continues to be a problem here, I've applied the patch but
there's no DKIM selector in the history file:

reporter server.hostname.com.au
received 1692234968
ipaddr 209.85.215.171
from gmail.com
mfrom gmail.com
spf 0
dkim gmail.com 0
pdomain gmail.com
policy 15
rua mailto:mailauth-reports@google.com
pct 100
adkim 114
aspf 114
p 110
sp 113
align_dkim 4
align_spf 4
action 2

The below error occurs when opendmarc-import tries importing the dkim
values into the database:

-- Unit dmarc-report.service has begun starting up.
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843936]: Moving
opendmarc.dat for import...
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843936]: New
opendmarc.dat initialized, reporting...
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: started at Sat Aug 19 12:11:16 2023
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: connected to database
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]: Use of
uninitialized value $dkim_result in string eq at /usr/sbin/opendmarc-import
line 637, <STDIN> line 8.
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: updating at line 20
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: failed to insert DKIM data: Column 'pass' cannot be null
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]: Use of
uninitialized value $dkim_result in string eq at /usr/sbin/opendmarc-import
line 637, <STDIN> line 27.
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: updating at line 39
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: failed to insert DKIM data: Column 'pass' cannot be null
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]: Use of
uninitialized value $dkim_result in string eq at /usr/sbin/opendmarc-import
line 637, <STDIN> line 46.
Aug 19 12:11:16 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: updating at line 58
Aug 19 12:11:17 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: failed to insert DKIM data: Column 'pass' cannot be null
Aug 19 12:11:17 server.hostname.com.au dmarc-report.sh[2843939]: Use of
uninitialized value $dkim_result in string eq at /usr/sbin/opendmarc-import
line 637, <STDIN> line 65.
Aug 19 12:11:17 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: updating at line 76
Aug 19 12:11:17 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: failed to insert DKIM data: Column 'pass' cannot be null
Aug 19 12:11:17 server.hostname.com.au dmarc-report.sh[2843939]:
opendmarc-import: terminating at Sat Aug 19 12:11:17 2023
Aug 19 12:11:18 server.hostname.com.au dmarc-report.sh[2843941]:
opendmarc-reports: started at Sat Aug 19 12:11:17 2023
Aug 19 12:11:18 server.hostname.com.au dmarc-report.sh[2843941]:
opendmarc-reports: selected 9 domain(s)
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843941]:
opendmarc-reports: terminating at Sat Aug 19 12:11:19 2023
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: started at Sat Aug 19 12:11:19 2023
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: connected to database
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: expiring messages older than 180 day(s)
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: expiring signatures on expired messages (id < 1)
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: expiring arcauthresults on expired messages (id < 1)
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: expiring arcseals on expired messages (id < 1)
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: expiring request data older than 180 days
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: terminating at Sat Aug 19 12:11:19 2023
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843943]:
opendmarc-expire: no rows deleted
Aug 19 12:11:19 server.hostname.com.au dmarc-report.sh[2843936]: DMARC
reporting finished.
Aug 19 12:11:19 server.hostname.com.au systemd[1]: dmarc-report.service:
Succeeded.

*Line 637 of /usr/sbin/opendmarc-import is the 6th line below:*

          case "dkim"           {
                                        my @dkim_entry;
                                        push(@dkim_entry, $value);
                                        push(@dkim_entry, $dkim_selector);
                                        push(@dkim_entry, $dkim_result);
                                        if ($dkim_result eq "4" ||
                                            $dkim_result eq "5")
                                        {
                                                push(@dkim_entry, 1);
                                        }
                                        else
                                        {
                                                push(@dkim_entry, 0);
                                        }
                                        push(@dkim_data, [ @dkim_entry ]);


                                        $sigcount++;
                                }


I successfully generated a report once, which was sent to Microsoft (
live.co.uk) - unfortunately I don't have a copy of this, however the
live.co.uk email received was not signed by DKIM so opendmarc-import
succeeded and a report was generated. All other attempts to generate/send
reports fail (without error), I suspect because the data set is incomplete
for the domains where the import has failed so the data doesn't qualify for
a report to be sent.

Initially I considered I could have made an error when applying the patch,
however I can see the patch is applied successfully when reviewing the mock
build results log:

Patch #10 (exim-4.96-fix-opemdmarc-1.4.x-history_file.patch):
patching file src/dmarc.c
Hunk #1 succeeded at 479 (offset 1 line).
+ echo 'Patch #8 (exim-4.96-CVE-2022-3620.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix .CVE-2022-3620
--fuzz=0
+ echo 'Patch #9 (exim-4.96-malformed-address-exit-fix.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix
.malformed-address-exit-fix --fuzz=0
+ echo 'Patch #10 (exim-4.96-fix-opemdmarc-1.4.x-history_file.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix
.exim-4.96-fix-opemdmarc-1.4.x-history_file --fuzz=0

Thanks in advance for your help.

All the best,
Mackenzie

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/