Jeremy Harris via Exim-users wrote on 20.08.2023 16:41:
> On 19/06/2023 11:52, Victor Ustugov via Exim-users wrote:
>> This patch might be helpful:
>>
>> https://mta.org.ua/exim-4.94-conf/patches/exim-4.96-fix-opemdmarc-1.4.x-history_file/patch-src__exim-4.96-fix-opemdmarc-1.4.x-history_file.patch
>>
>
> I've pulled this into the Eim sourcebase, at f9c35778a660.
>
> There remains the question over ARC result lines in the
> dmarc history file. Does anyone have insight into the
> values expected for "arc" and "arc_policy" by
> libopendmarc 1.4.x ?
I found two examples on the page
https://github.com/trusteddomainproject/OpenDMARC/issues/189 :
arc 7
arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"" }]
arc 7
arc_policy 2 json:[]
But in the file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/README
the values 0 and 2 are specified for the "arc" parameter :
arc ARC evaluation (0 = pass, 2 = fail)
arc_policy ARC local policy evaluation (evaluation -- same as ARC, ARC seal
data - JSON-encoded array of governing arc seal fields: instance,
domain, selector)
The file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c
has this comment:
** arc_policy 1 json:[
** { i=2, d = d2.example, s = s2, ip = addr2 },
** { i=1, d = d1.example, s = s1, ip = addr1 }
** ]
He's weird too. Because the value 1 is not found anywhere except in this
comment.
Based on the contents of the file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c,
it can be seen that:
"arc" can be equal to ARES_RESULT_FAIL (7) or ARES_RESULT_PASS (0).
"arc_policy" can be equal to DMARC_ARC_POLICY_RESULT_FAIL (2)
DMARC_ARC_POLICY_RESULT_PASS (0)
After 0 or 2, the line beginning with "arc_policy" must be followed by a
policy in JSON format.
If the verification of the ARC signature was successful, then the lines
for the history file should look something like this::
arc 0
arc_policy 0 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"11.22.33.44" }]
If the ARC signature check fails, then the lines for the history file
should look something like this:
arc 7
arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"11.22.33.44" }]
I do not know what values should be specified if the email does not
contains an ARC signature.
> I could guess that "-" might be viable, by analogy with
> the "rua" line coding, but that's not really sufficient.
> The RFC standard for DMARC doesn't mention ARC. Is there
> one somewhere?
"rua" is a text field. "arc" and "arc_policy" are integers. And
"arc_policy" has an additional field with ARC policy in JSON.
> [ And how in hell did libopendmarc not break
> *everybody* with these changes?
> ]
--
Best wishes Victor Ustugov
mailto:victor@corvax.kiev.ua
public GnuPG/PGP key:
https://victor.corvax.kiev.ua/corvax.asc
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
