[exim] Re: dmarc_history_file - incomplete data logged for s…

Inizio della pagina
Delete this message
Reply to this message
Autore: Victor Ustugov
Data:  
To: Jeremy Harris via Exim-users
Oggetto: [exim] Re: dmarc_history_file - incomplete data logged for spf and dkim
Jeremy Harris via Exim-users wrote on 20.08.2023 16:41:
> On 19/06/2023 11:52, Victor Ustugov via Exim-users wrote:
>> This patch might be helpful:
>>
>> https://mta.org.ua/exim-4.94-conf/patches/exim-4.96-fix-opemdmarc-1.4.x-history_file/patch-src__exim-4.96-fix-opemdmarc-1.4.x-history_file.patch
>>
>
> I've pulled this into the Eim sourcebase, at f9c35778a660.
>
> There remains the question over ARC result lines in the
> dmarc history file.  Does anyone have insight into the
> values expected for "arc" and "arc_policy" by
> libopendmarc 1.4.x ?



I found two examples on the page
https://github.com/trusteddomainproject/OpenDMARC/issues/189 :


arc 7
arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"" }]


arc 7
arc_policy 2 json:[]



But in the file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/README
the values 0 and 2 are specified for the "arc" parameter :

    arc        ARC evaluation (0 = pass, 2 = fail)

    arc_policy    ARC local policy evaluation (evaluation -- same as ARC, ARC seal
            data - JSON-encoded array of governing arc seal fields: instance,
            domain, selector)



The file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c
has this comment:

    **   arc_policy 1 json:[
    **                         { i=2, d = d2.example, s = s2, ip = addr2 },
    **                         { i=1, d = d1.example, s = s1, ip = addr1 }
    **                     ]


He's weird too. Because the value 1 is not found anywhere except in this
comment.

Based on the contents of the file
https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c,
it can be seen that:

"arc" can be equal to ARES_RESULT_FAIL (7) or ARES_RESULT_PASS (0).

"arc_policy" can be equal to DMARC_ARC_POLICY_RESULT_FAIL (2)
DMARC_ARC_POLICY_RESULT_PASS (0)

After 0 or 2, the line beginning with "arc_policy" must be followed by a
policy in JSON format.


If the verification of the ARC signature was successful, then the lines
for the history file should look something like this::


arc 0
arc_policy 0 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"11.22.33.44" }]


If the ARC signature check fails, then the lines for the history file
should look something like this:


arc 7
arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1",
"ip":"11.22.33.44" }]


I do not know what values should be specified if the email does not
contains an ARC signature.


> I could guess that "-" might be viable, by analogy with
> the "rua" line coding, but that's not really sufficient.
> The RFC standard for DMARC doesn't mention ARC.  Is there
> one somewhere?


"rua" is a text field. "arc" and "arc_policy" are integers. And
"arc_policy" has an additional field with ARC policy in JSON.


> [ And how in hell did libopendmarc not break
>   *everybody* with these changes?
> ]



--
Best wishes Victor Ustugov
mailto:victor@corvax.kiev.ua
public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/