fastmail / authentication_milter

Email Authentication by SPF/DKIM/DMARC etc.
Other
121 stars 21 forks source link

dmarc=fail from sender without dmarc policy #156

Closed patch-work closed 6 months ago

patch-work commented 6 months ago

A known sender wanted to be smart and adopted Microsoft as provider. As a result, their e-mails are now spam, because they fail DMARC validation.

What we know so far is that they did not write the DMARC policy, and authentication_milter decided to ignore this fact.

This is DMARC:

> doas /usr/local/bin/dmarc_lookup omitted.onmicrosoft.com
using /usr/local/libdata/perl5/site_perl/auto/share/dist/Mail-DMARC/public_suffix_list for public_suffix_list
Header From: omitted.onmicrosoft.com
Organizational Domain: onmicrosoft.com
no DMARC policy published for omitted.onmicrosoft.com

This is the authentication milter:

Authentication-Results: us.com;
    dkim=pass (1024-bit rsa key) header.d=omitted.onmicrosoft.com header.i=@omitted.onmicrosoft.com header.b=Df70dySi;
    dmarc=fail (p=none) header.from=localhost.localdomain;
    iprev=pass policy.iprev=40.107.22.103 (mail-am6eur05on2103.outbound.protection.outlook.com);
    senderid=permerror;
    spf=pass smtp.mailfrom=documents@omitted.com smtp.helo=EUR05-AM6-obe.outbound.protection.outlook.com;
    x-ptr=fail x-ptr-helo=EUR05-AM6-obe.outbound.protection.outlook.com x-ptr-lookup=mail-am6eur05on2103.outbound.protection.outlook.com;
    x-return-mx=pass type=smtp

There are three problems here:

  1. dmarc=fail when no dmarc rule is defined
  2. header.from=localhost.localdomain is a wild rabbit from the magician's hat
  3. the whiltelist is useless, because we cannot write exceptions for all microsoft IPs.

Is this a known problem?

For other senders without dmarc policy, the milter behaves as expected:

dmarc=none (p=none) header.from=omitted.com;
marcbradshaw commented 6 months ago

Please attach the headers so this can be reproduced.

patch-work commented 6 months ago
Return-Path: <documents@sender.com>
X-Original-To: info@recipient.com
Delivered-To: spam@us.com
X-Envelope-From: <documents@sender.com>
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 1.3.1 at us.com
Authentication-Results: us.com;
    dkim=pass (1024-bit rsa key) header.d=sender.onmicrosoft.com header.i=@sender.onmicrosoft.com header.b=jLsflEGg;
    dmarc=fail (p=none) header.from=localhost.localdomain;
    iprev=pass policy.iprev=40.107.22.101 (mail-am6eur05on2101.outbound.protection.outlook.com);
    senderid=permerror;
    spf=pass smtp.mailfrom=documents@sender.com smtp.helo=EUR05-AM6-obe.outbound.protection.outlook.com;
    x-ptr=fail x-ptr-helo=EUR05-AM6-obe.outbound.protection.outlook.com x-ptr-lookup=mail-am6eur05on2101.outbound.protection.outlook.com;
    x-return-mx=pass type=smtp
Received-SPF: pass
    (sender.com: Sender is authorized to use 'documents@sender.com' in 'mfrom' identity (mechanism 'include:spf.protection.outlook.com' matched))
    receiver=us.com;
    identity=mailfrom;
    envelope-from="documents@sender.com";
    helo=EUR05-AM6-obe.outbound.protection.outlook.com;
    client-ip=40.107.22.101
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2101.outbound.protection.outlook.com [40.107.22.101])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by us.com (unknown) with ESMTPS id C9CBF7EE4A
    for <info@recipient.com>; Mon, 13 May 2024 17:19:59 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=[omitted long string]
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=s6G4vJqEYg2u2edBs0qJLI8F3B3TDOrou/qyqxfNLcc=;
 b=[omitted long string]
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=sender.com; dmarc=pass action=none header.from=sender.com;
 dkim=pass header.d=sender.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sender.onmicrosoft.com; s=selector1-sender-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=s6G4vJqEYg2u2edBs0qJLI8F3B3TDOrou/qyqxfNLcc=;
 b=[omitted long string]
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=sender.com;
Received: from AS4PR05MB9545.eurprd05.prod.outlook.com (2603:10a6:20b:4f8::12)
 by DU2PR05MB8792.eurprd05.prod.outlook.com (2603:10a6:10:2d3::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.55; Mon, 13 May
 2024 15:19:47 +0000
Received: from AS4PR05MB9545.eurprd05.prod.outlook.com
 ([fe80::74c:9f9a:5353:7fb6]) by AS4PR05MB9545.eurprd05.prod.outlook.com
 ([fe80::74c:9f9a:5353:7fb6%4]) with mapi id 15.20.7544.052; Mon, 13 May 2024
 15:19:47 +0000
date: Mon, 13 May 2024 17:18:09 +0200
message-id: <FB11F721944AE4BC9C1858587D2E64180C7B6F3A@SENDER0ARX0001>
content-type: multipart/mixed; boundary="------------010209020204030708070901"
from: "Administrator" <documents@sender.com>
to: info@recipient.com
subject: Online documents
X-ClientProxiedBy: [outlook stuff]
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR05MB9545:EE_|DU2PR05MB8792:EE_
X-MS-Office365-Filtering-Correlation-Id: [omitted]
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: [omitted]
X-Microsoft-Antispam-Message-Info: [omitted]
X-Forefront-Antispam-Report: [omitted]
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: [omitted]
X-OriginatorOrg: sender.com
X-MS-Exchange-CrossTenant-Network-Message-Id: [omitted]
X-MS-Exchange-CrossTenant-AuthSource: AS4PR05MB9545.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 May 2024 15:19:47.4346 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: [omitted]
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: [omitted]
X-MS-Exchange-Transport-CrossTenantHeadersStamped: [omitted]

--------------010209020204030708070901
content-type: multipart/alternative; boundary="------------050306020606070207090409"

--------------050306020606070207090409
Content-Type: text/html; charset=us-ascii
content-transfer-encoding: quoted-printable
marcbradshaw commented 6 months ago

Hi, I could not reproduce the issue, please confirm the version of authentication milter you are using, the protocol used (milter or smtp), and if milter, the MTA used.

Additionally, were you able to capture any logs for this transaction?

patch-work commented 6 months ago

Hi, I could not reproduce the issue,

please confirm the version of authentication milter you are using,

https://mirror.ungleich.ch/pub/OpenBSD/7.5/packages/amd64/p5-Mail-Milter-Authentication-1.1.0p3.tgz

# p5-Mail-Milter-Authenticati...:p5-Email-Date-Format-1.008: ok
# p5-Mail-Milter-Authenticati...:p5-Scope-Guard-0.21p0: ok
# p5-Mail-Milter-Authenticati...:p5-File-Copy-Recursive-0.45p0: ok
# p5-Mail-Milter-Authenticati...:p5-Path-Tiny-0.144: ok
# p5-Mail-Milter-Authenticati...:p5-Test-File-ShareDir-1.001002p0: ok
# p5-Mail-Milter-Authenticati...:p5-Text-Unidecode-1.30p0: ok
# p5-Mail-Milter-Authenticati...:p5-Email-MIME-ContentType-1.028: ok
# p5-Mail-Milter-Authenticati...:p5-Email-Address-XS-1.05: ok
# p5-Mail-Milter-Authenticati...:p5-Email-MIME-Encodings-1.317: ok
# p5-Mail-Milter-Authenticati...:p5-MIME-Types-2.26: ok
# p5-Mail-Milter-Authenticati...:p5-Email-MessageID-1.408: ok
# p5-Mail-Milter-Authenticati...:p5-Email-Simple-2.216p0: ok
# p5-Mail-Milter-Authenticati...:p5-Email-MIME-1.953v0: ok
# p5-Mail-Milter-Authenticati...:p5-MooX-Types-MooseLike-0.29p0: ok
# p5-Mail-Milter-Authenticati...:p5-Module-Pluggable-5.2p0: ok
# p5-Mail-Milter-Authenticati...:p5-Email-Abstract-3.009: ok
# p5-Mail-Milter-Authenticati...:p5-Email-Sender-2.600: ok
# p5-Mail-Milter-Authenticati...:p5-Net-IP-1.26p1: ok
# p5-Mail-Milter-Authenticati...:p5-Regexp-Common-2017060201p0: ok
# p5-Mail-Milter-Authenticati...:p5-XML-SAX-Base-1.09p0: ok
# p5-Mail-Milter-Authenticati...:p5-XML-NamespaceSupport-1.12p1: ok
# p5-Mail-Milter-Authenticati...:p5-XML-SAX-1.02p0: ok
# p5-Mail-Milter-Authenticati...:p5-XML-LibXML-2.0210v0: ok
# p5-Mail-Milter-Authenticati...:p5-CGI-4.55: ok
# p5-Mail-Milter-Authenticati...:p5-DBD-SQLite-1.74v0: ok
# p5-Mail-Milter-Authenticati...:p5-DBIx-Simple-1.37p0: ok
# p5-Mail-Milter-Authenticati...:p5-Config-Tiny-2.14p0: ok
# p5-Mail-Milter-Authenticati...:p5-Net-Server-2.014p0: ok
# p5-Mail-Milter-Authenticati...:p5-Unicode-Stringprep-1.105p0: ok
# p5-Mail-Milter-Authenticati...:p5-Net-IDN-Nameprep-1.102p0: ok
# p5-Mail-Milter-Authenticati...:p5-Net-IDN-Encode-2.500p1: ok
# p5-Mail-Milter-Authenticati...:p5-Mail-DMARC-1.20230215: ok
# p5-Mail-Milter-Authenticati...:p5-Proc-ProcessTable-0.59: ok
# p5-Mail-Milter-Authenticati...:p5-Email-Address-1.913: ok
# p5-Mail-Milter-Authentication-1.1.0p3: ok
> sqlite3 --version
3.32.3 2020-06-18 14:00:33 7ebdfa80be8e8e73324b8d66b3460222eb74c7e9dfd655b48d6ca7e1933cc8fd

the protocol used (milter or smtp),

milter

and if milter, the MTA used.

postfix

Additionally, were you able to capture any logs for this transaction?

Tue May 14 15:18:09 2024 authentication_milter[53762]     x-return-mx=pass type=smtp
Tue May 14 15:20:07 2024 authentication_milter[54513] --: SPFCode: pass
Tue May 14 15:20:08 2024 authentication_milter[54513] 5F9B37EE4E: ERROR: SENDERID Error No Identity
Tue May 14 15:20:08 2024 authentication_milter[54513] 5F9B37EE4E: DKIMResult: pass
Tue May 14 15:20:09 2024 authentication_milter[54513] 5F9B37EE4E: DMARCCode: fail
Tue May 14 15:20:09 2024 authentication_milter[54513] 5F9B37EE4E: DMARCPolicy: none
Tue May 14 15:20:09 2024 authentication_milter[54513] 5F9B37EE4E: PreHeader: Received-SPF: pass
Tue May 14 15:20:09 2024 authentication_milter[54513]     (sender.com: Sender is authorized to use 'documents@sender.com' in 'mfrom' identity (mechanism 'include:spf.protection.outlook.com' matched))
Tue May 14 15:20:09 2024 authentication_milter[54513]     receiver=us.com;
Tue May 14 15:20:09 2024 authentication_milter[54513]     identity=mailfrom;
Tue May 14 15:20:09 2024 authentication_milter[54513]     envelope-from="documents@sender.com";
Tue May 14 15:20:09 2024 authentication_milter[54513]     helo=EUR01-HE1-obe.outbound.protection.outlook.com;
Tue May 14 15:20:09 2024 authentication_milter[54513]     client-ip=40.107.13.101
Tue May 14 15:20:09 2024 authentication_milter[54513] 5F9B37EE4E: PreHeader: Authentication-Results: us.com;
Tue May 14 15:20:09 2024 authentication_milter[54513]     dkim=pass (1024-bit rsa key) header.d=sender.onmicrosoft.com header.i=@sender.onmicrosoft.com header.b=Ll7wRNvu;
Tue May 14 15:20:09 2024 authentication_milter[54513]     dmarc=fail (p=none) header.from=localhost.localdomain;
Tue May 14 15:20:09 2024 authentication_milter[54513]     iprev=pass policy.iprev=40.107.13.101 (mail-he1eur01on2101.outbound.protection.outlook.com);
Tue May 14 15:20:09 2024 authentication_milter[54513]     senderid=permerror;
Tue May 14 15:20:09 2024 authentication_milter[54513]     spf=pass smtp.mailfrom=documents@sender.com smtp.helo=EUR01-HE1-obe.outbound.protection.outlook.com;
Tue May 14 15:20:09 2024 authentication_milter[54513]     x-ptr=fail x-ptr-helo=EUR01-HE1-obe.outbound.protection.outlook.com x-ptr-lookup=mail-he1eur01on2101.outbound.protection.outlook.com;
Tue May 14 15:20:09 2024 authentication_milter[54513]     x-return-mx=pass type=smtp
Tue May 14 15:33:04 2024 authentication_milter[44908] --: SPFCode: pass
marcbradshaw commented 6 months ago

Thanks, That version is was released in 2016, the bug was fixed in 2019. It doesn't look like there is a more recent version in that repo, however updating to the latest version will fix this.

patch-work commented 6 months ago

I am using the official and up-to-date version distributed by OpenBSD.

Installation of Mail::Milter::Authentication straight from CPAN leads to a failure, because the module includes a hard requirement of Mail::BIMI, whose installation fails.

Please remove this hard requirement, also because BIMI is an esoteric option.

patch-work commented 6 months ago

Mail::BIMI installation errors

> doas cpan -i Mail::BIMI
Reading '/root/.cpan/Metadata'
Database was generated on Thu, 16 May 2024 06:17:02 GMT
Running install for module 'Mail::BIMI'
CPAN: Digest::SHA loaded ok (v6.02)
CPAN: Compress::Zlib loaded ok (v2.106)
Checksum for /root/.cpan/sources/authors/id/M/MB/MBRADSHAW/Mail-BIMI-3.20240402.tar.gz ok
CPAN: YAML loaded ok (v1.31)
CPAN: CPAN::Meta::Requirements loaded ok (v2.143)
CPAN: Parse::CPAN::Meta loaded ok (v2.150010)
CPAN: CPAN::Meta loaded ok (v2.150010)
CPAN: Module::CoreList loaded ok (v5.20231129)
Configuring M/MB/MBRADSHAW/Mail-BIMI-3.20240402.tar.gz with Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Mail::BIMI
Writing MYMETA.yml and MYMETA.json
MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
/usr/bin/perl Makefile.PL -- OK
Running make for M/MB/MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
cp lib/Mail/BIMI/Trait/CacheSerial.pm blib/lib/Mail/BIMI/Trait/CacheSerial.pm
cp lib/Mail/BIMI/Prelude.pm blib/lib/Mail/BIMI/Prelude.pm
cp lib/Mail/BIMI/App/Command/checkrecord.pm blib/lib/Mail/BIMI/App/Command/checkrecord.pm
cp lib/Mail/BIMI/Record/Authority.pm blib/lib/Mail/BIMI/Record/Authority.pm
cp lib/Mail/BIMI/App/Command/checkdomain.pm blib/lib/Mail/BIMI/App/Command/checkdomain.pm
cp lib/Mail/BIMI/Error.pm blib/lib/Mail/BIMI/Error.pm
cp lib/Mail/BIMI/App.pm blib/lib/Mail/BIMI/App.pm
cp lib/Mail/BIMI/Role/Cacheable.pm blib/lib/Mail/BIMI/Role/Cacheable.pm
cp lib/Mail/BIMI/Trait/CacheKey.pm blib/lib/Mail/BIMI/Trait/CacheKey.pm
cp lib/Mail/BIMI/Result.pm blib/lib/Mail/BIMI/Result.pm
cp lib/Mail/BIMI/Role/CacheBackend.pm blib/lib/Mail/BIMI/Role/CacheBackend.pm
cp lib/Mail/BIMI/App/Command/checkvmc.pm blib/lib/Mail/BIMI/App/Command/checkvmc.pm
cp lib/Mail/BIMI/Data/CA.pem blib/lib/Mail/BIMI/Data/CA.pem
cp lib/Mail/BIMI/Base.pm blib/lib/Mail/BIMI/Base.pm
cp lib/Mail/BIMI/CacheBackend/File.pm blib/lib/Mail/BIMI/CacheBackend/File.pm
cp lib/Mail/BIMI/Data/asn1.txt blib/lib/Mail/BIMI/Data/asn1.txt
cp lib/Mail/BIMI/Indicator.pm blib/lib/Mail/BIMI/Indicator.pm
cp lib/Mail/BIMI/App/Command/checksvg.pm blib/lib/Mail/BIMI/App/Command/checksvg.pm
cp lib/Mail/BIMI/Data/Tiny-1.2.rng blib/lib/Mail/BIMI/Data/Tiny-1.2.rng
cp lib/Mail/BIMI/VMC.pm blib/lib/Mail/BIMI/VMC.pm
cp lib/Mail/BIMI/Data/SVG_1.2_BIMI.rng blib/lib/Mail/BIMI/Data/SVG_1.2_BIMI.rng
cp lib/Mail/BIMI/CacheBackend/FastMmap.pm blib/lib/Mail/BIMI/CacheBackend/FastMmap.pm
cp lib/Mail/BIMI/VMC/Chain.pm blib/lib/Mail/BIMI/VMC/Chain.pm
cp lib/Mail/BIMI/Trait/Cacheable.pm blib/lib/Mail/BIMI/Trait/Cacheable.pm
cp lib/Mail/BIMI/App/Command/svgfromvmc.pm blib/lib/Mail/BIMI/App/Command/svgfromvmc.pm
cp lib/Mail/BIMI/Data/SVG_1.2_PS.rng blib/lib/Mail/BIMI/Data/SVG_1.2_PS.rng
cp lib/Mail/BIMI/Role/Data.pm blib/lib/Mail/BIMI/Role/Data.pm
cp lib/Mail/BIMI/VMC/Cert.pm blib/lib/Mail/BIMI/VMC/Cert.pm
cp lib/Mail/BIMI/CacheBackend/Null.pm blib/lib/Mail/BIMI/CacheBackend/Null.pm
cp lib/Mail/BIMI.pm blib/lib/Mail/BIMI.pm
cp lib/Mail/BIMI/Role/HasError.pm blib/lib/Mail/BIMI/Role/HasError.pm
cp lib/Mail/BIMI/Constants.pm blib/lib/Mail/BIMI/Constants.pm
cp lib/Mail/BIMI/Options.pm blib/lib/Mail/BIMI/Options.pm
cp lib/Mail/BIMI/Record.pm blib/lib/Mail/BIMI/Record.pm
cp lib/Mail/BIMI/Role/HasHTTPClient.pm blib/lib/Mail/BIMI/Role/HasHTTPClient.pm
cp lib/Mail/BIMI/Record/Location.pm blib/lib/Mail/BIMI/Record/Location.pm
cp bin/mailbimi blib/script/mailbimi
"/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/mailbimi
Manifying 1 pod document
Manifying 31 pod documents
MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
/usr/bin/make -- OK
CPAN: CPAN::DistnameInfo loaded ok (v0.12)
Running make test for MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/00-load.t ....................... 1/? # Testing Mail::BIMI 3.20240402, Perl 5.036003, /usr/bin/perl
t/00-load.t ....................... ok
t/01-bimi.t ....................... ok
t/01-dns-lookup-cname.t ........... 1/?
#   Failed test 'Test record validates'
#   at t/01-dns-lookup-cname.t line 31.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'

#   Failed test 'Auth results correct'
#   at t/01-dns-lookup-cname.t line 50.
#          got: 'bimi=temperror (Could not fetch SVG)'
#     expected: 'bimi=pass header.d=dnslookupcname.com header.selector=selector'
# Looks like you failed 2 tests of 4.
t/01-dns-lookup-cname.t ........... Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/4 subtests
t/01-dns-lookup-fail.t ............ ok
t/01-dns-lookup-fallback-fail.t ... ok
t/01-dns-lookup-fallback-multi.t .. ok
t/01-dns-lookup-multi.t ........... ok
t/01-dns-lookup-no-record.t ....... ok
t/01-dns-lookup-spfall.t .......... Use of uninitialized value in pattern match (m//) at /usr/local/libdata/perl5/site_perl/Mail/SPF/Server.pm line 579.
t/01-dns-lookup-spfall.t .......... ok
t/01-dns-lookup-spfnall.t ......... Use of uninitialized value in pattern match (m//) at /usr/local/libdata/perl5/site_perl/Mail/SPF/Server.pm line 579.
t/01-dns-lookup-spfnall.t ......... 1/?
#   Failed test 'Auth results correcct'
#   at t/01-dns-lookup-spfnall.t line 49.
#          got: 'bimi=temperror (Could not fetch SVG)'
#     expected: 'bimi=pass header.d=dnslookupspfnall.com header.selector=default'

#   Failed test 'headers'
#   at t/01-dns-lookup-spfnall.t line 75.
#     Structures begin differing at:
#          $got->{BIMI-Location} = Does not exist
#     $expected->{BIMI-Location} = 'v=BIMI1;
#         l=https://fastmaildmarc.com/FM_BIMI.svg'
# Looks like you failed 2 tests of 2.
t/01-dns-lookup-spfnall.t ......... Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/2 subtests
t/01-dns-lookup.t ................. 1/?
#   Failed test 'Test record validates'
#   at t/01-dns-lookup.t line 31.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'

#   Failed test 'Auth results correct'
#   at t/01-dns-lookup.t line 50.
#          got: 'bimi=temperror (Could not fetch SVG)'
#     expected: 'bimi=pass header.d=dnslookup.com header.selector=selector'

#   Failed test 'headers'
#   at t/01-dns-lookup.t line 76.
#     Structures begin differing at:
#          $got->{BIMI-Indicator} = Does not exist
#     $expected->{BIMI-Indicator} = 'PHN2ZyB2ZXJzaW9uPSIxLjIiIGJhc2VQcm9maWxlPSJ0aW55LXBzIiB4bWxucz0iaHR0cD
#         ovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMDI0IiBoZWlnaHQ9IjEwMjQiIHZp
#         ZXdCb3g9IjAgMCAxMDI0IDEwMjQiPjx0aXRsZT5GTS1JY29uLVJHQjwvdGl0bGU+PGcgaW
#         Q9IkFydHdvcmsiPjxyZWN0IHdpZHRoPSIxMDI0IiBoZWlnaHQ9IjEwMjQiIGZpbGw9IiNG
#         RkZGRkYiLz48cGF0aCBkPSJNMTIwLjE2LDUxMmMwLTIxNi40LDE3NS40My0zOTEuODQsMz
#         kxLjg0LTM5MS44NCwxMzYsMCwyNTUuNzEsNjkuMzQsMzI2LDE3NC41M2w3Ny4xOSwxNS4y
#         MSw5LjU4LTczLjA2Yy04OS0xMzMuMTgtMjQwLjU2LTIyMS00MTIuNzQtMjIxQzIzOCwxNS
#         44NywxNS44NywyMzgsMTUuODcsNTEyQTQ5My43OCw0OTMuNzgsMCwwLDAsOTkuMTksNzg3
#         LjIxbDc0LjcyLDkuNjhMMTg2LDcyOS4zNUEzOTAsMzkwLDAsMCwxLDEyMC4xNiw1MTJaIi
#         BmaWxsPSIjMDA2N2I5Ii8+PHBhdGggZD0iTTkyNiwyMzguNjRjLS40MS0uNjEtLjgzLTEu
#         Mi0xLjI0LTEuOEw4MzgsMjk0LjY5Yy40MS42LjgzLDEuMTksMS4yMywxLjhBMzg5LjkxLD
#         M4OS45MSwwLDAsMSw5MDMuODMsNTEyYzAsMjE2LjQtMTc1LjQzLDM5MS44NC0zOTEuODMs
#         MzkxLjg0LTEzNS4yMSwwLTI1NC40Mi02OC40OS0zMjQuODQtMTcyLjY2LS40MS0uNi0uNz
#         ktMS4yMi0xLjE5LTEuODNMOTkuMTksNzg3LjIxYy40MS42Ljc4LDEuMjIsMS4xOSwxLjgz
#         QzE4OS41MSw5MjEuMiwzNDAuNiwxMDA4LjEzLDUxMiwxMDA4LjEzYzI3NCwwLDQ5Ni4xMy
#         0yMjIuMTMsNDk2LjEzLTQ5Ni4xM0E0OTMuNjgsNDkzLjY4LDAsMCwwLDkyNiwyMzguNjRa
#         IiBmaWxsPSIjNjliM2U3Ii8+PHBhdGggZD0iTTUxMiw1MTIsMjc2LjE1LDM1NC43NlY2Nj
#         kuMjNoMGwxNDguMi00NS44NloiIGZpbGw9IiNmZmMxMDciLz48cGF0aCBkPSJNMjc2LjE1
#         LDY2OS4yNEg3MzEuMjdhMTYuNTgsMTYuNTgsMCwwLDAsMTYuNTgtMTYuNTlWMzU0Ljc2Wi
#         IgZmlsbD0iIzMzM2U0OCIvPjwvZz48L3N2Zz4K'
# Looks like you failed 3 tests of 5.
t/01-dns-lookup.t ................. Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/5 subtests
t/01-missing-domain.t ............. ok
t/01-record-fallback.t ............ ok
t/01-record-validation.t .......... 1/12
#   Failed test 'Valid record'
#   at t/01-record-validation.t line 15.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'

#   Failed test 'Valid record with terminator'
#   at t/01-record-validation.t line 21.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'
t/01-record-validation.t .......... 3/12
#   Failed test 'Valid record with a'
#   at t/01-record-validation.t line 27.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'

#   Failed test 'Valid record with a and terminator'
#   at t/01-record-validation.t line 33.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'

#   Failed test 'Valid record with a and WSP'
#   at t/01-record-validation.t line 39.
#     Structures begin differing at:
#          $got->[0] = '0'
#     $expected->[0] = '1'
# Looks like you failed 5 tests of 12.
t/01-record-validation.t .......... Dubious, test returned 5 (wstat 1280, 0x500)
Failed 5/12 subtests
t/01-resolver.t ................... ok
t/01-results-nobimi.t ............. ok
t/01-results-nodmarc.t ............ ok
t/01-results.t .................... 1/?
#   Failed test 'Pass'
#   at t/01-results.t line 40.
#          got: 'bimi=temperror (Could not fetch SVG)'
#     expected: 'bimi=pass header.d=results.com header.selector=default'
# Looks like you failed 1 test of 9.
t/01-results.t .................... Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/9 subtests
t/02-authority.t .................. ok
t/02-base.t ....................... ok
t/02-indicator.t .................. ok
t/03-data.t ....................... ok
t/03-dmarc-input.t ................ ok
t/03-serialized_errors.t .......... ok
t/03-verbose-output.t ............. ok
t/04-cache-file-error-handling.t .. Error reading from cache: Sereal: Error: Bad Sereal header: Not a valid Sereal document. at offset 1 of input at srl_decoder.c line 619 at /root/.cpan/build/Mail-BIMI-3.20240402-8/blib/lib/Mail/BIMI/CacheBackend/File.pm line 19.
t/04-cache-file-error-handling.t .. 1/? Cache is invalid at /root/.cpan/build/Mail-BIMI-3.20240402-8/blib/lib/Mail/BIMI/Role/Cacheable.pm line 76.
t/04-cache-file-error-handling.t .. ok
t/04-cache-hash.t ................. ok
t/04-cache-notnull.t .............. ok
t/04-cache-null.t ................. ok
t/05-cmd.t ........................ Name "Mail::BIMI::TestSuite::Resolver" used only once: possible typo at t/05-cmd.t line 25.
t/05-cmd.t ........................ skipped: CMD Output tests skipped
t/author-pod-syntax.t ............. skipped: these tests are for testing by the author

Test Summary Report
-------------------
t/01-dns-lookup-cname.t         (Wstat: 512 (exited 2) Tests: 4 Failed: 2)
Failed tests:  1, 4
Non-zero exit status: 2
t/01-dns-lookup-spfnall.t       (Wstat: 512 (exited 2) Tests: 2 Failed: 2)
Failed tests:  1-2
Non-zero exit status: 2
t/01-dns-lookup.t               (Wstat: 768 (exited 3) Tests: 5 Failed: 3)
Failed tests:  1, 4-5
Non-zero exit status: 3
t/01-record-validation.t        (Wstat: 1280 (exited 5) Tests: 12 Failed: 5)
Failed tests:  1-5
Non-zero exit status: 5
t/01-results.t                  (Wstat: 256 (exited 1) Tests: 9 Failed: 1)
Failed test:  1
Non-zero exit status: 1
Files=31, Tests=132, 196 wallclock secs ( 0.56 usr  0.32 sys + 167.67 cusr 23.16 csys = 191.71 CPU)
Result: FAIL
Failed 5/31 test programs. 13/132 subtests failed.
*** Error 255 in /root/.cpan/build/Mail-BIMI-3.20240402-8 (Makefile:1106 'test_dynamic')
MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
/usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
reports MBRADSHAW/Mail-BIMI-3.20240402.tar.gz
patch-work commented 6 months ago

Forcing the installation:

doas cpan -f -i Mail::BIMI

patch-work commented 6 months ago

Mail::Milter::Authentication installation errors

doas cpan -i Mail::Milter::Authentication

mail_milter_authentication_log.txt

This explains why OpenBSD's package is stuck at 2016.

The OpenBSD package maintainer is Giovanni Bechis https://github.com/bigio?tab=repositories https://github.com/bigio/authentication_milter

His fork is 1073 commits behind: https://github.com/bigio/authentication_milter/compare/master...fastmail%3Aauthentication_milter%3Amaster

patch-work commented 6 months ago

https://github.com/fastmail/authentication_milter/issues/157

patch-work commented 6 months ago

https://github.com/fastmail/authentication_milter/issues/158