search

trusteddomainproject / OpenDMARC

This is the Trusted Domain Project's impementation of the DMARC protocol libary and mail filter, called OpenDMARC. A "milter" connects to unix-based mailers (originally, sendmail, but now many) and provides a standard filtering API.
Other
101 stars 53 forks source link

DMARC result wrong when local part exceeds 45 characters #206

Open pacellig opened 2 years ago

pacellig commented 2 years ago

Hello, there is apparently an issue with OpenDMARC when validating Received-SPF results header, with and envelope-from local part exceeding 45 characters.

Example that FAILS: Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251

# OPENDMARC_TEST_HELOHOST=o5.emails.livestorminvites.com OPENDMARC_TEST_CLIENTIP=168.245.94.251 OPENDMARC_TEST_ENVFROM=bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com /opt/OSAGpfix2/sbin/opendmarc -t /shared/tmp/1592396-114516-trim.eml -c /shared/tmp/opendmarc.conf -vv .... INSHEADER: idx=1 hname='Authentication-Results' hvalue='xxxxxx; dmarc=fail (p=reject dis=none) header.from=livestorminvites.com'

Example that PASSES: Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251

# OPENDMARC_TEST_HELOHOST=o5.emails.livestorminvites.com OPENDMARC_TEST_CLIENTIP=168.245.94.251 OPENDMARC_TEST_ENVFROM=bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com /opt/OSAGpfix2/sbin/opendmarc -t /shared/tmp/1592396-114516-trim.eml -c /shared/tmp/opendmarc.conf -vv .... INSHEADER: idx=1 hname='Authentication-Results' hvalue='xxxxxxxx'; dmarc=pass (p=reject dis=none) header.from=livestorminvites.com'

(in the examples the real env-from local part has been modified in order not to disclose private information, but that does not affect the possibility to reproduce the bug)

Expected: dmarc passes when local part conforms to RFC limits

Version: opendmarc: OpenDMARC Filter v1.4.2 SMFI_VERSION 0x1000001 libmilter version 1.0.1 Active code options: WITH_SPF WITH_SPF2

Configuration file: Socket inet:12340@localhost AutoRestart true AutoRestartRate 10/1m UserID postfix Syslog true IgnoreHosts /etc/opendmarc/whitelist PublicSuffixList /etc/opendmarc/public_suffix_list.dat AuthservID HOSTNAME RejectFailures false TrustedAuthservIDs HOSTNAME SPFIgnoreResults false SPFSelfValidate true HistoryFile /etc/opendmarc/history.dat

endoflevelboss commented 2 years ago

Possibly related to #221 ?