This is the Trusted Domain Project's impementation of the DMARC protocol libary and mail filter, called OpenDMARC. A "milter" connects to unix-based mailers (originally, sendmail, but now many) and provides a standard filtering API.
Other
101
stars
53
forks
source link
DMARC result wrong when local part exceeds 45 characters #206
Hello,
there is apparently an issue with OpenDMARC when validating Received-SPF results header, with and envelope-from local part exceeding 45 characters.
Example that FAILS:Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251
Example that PASSES:Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251
(in the examples the real env-from local part has been modified in order not to disclose private information, but that does not affect the possibility to reproduce the bug)
Expected: dmarc passes when local part conforms to RFC limits
Version:
opendmarc: OpenDMARC Filter v1.4.2
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Active code options:
WITH_SPF
WITH_SPF2
Hello, there is apparently an issue with OpenDMARC when validating Received-SPF results header, with and envelope-from local part exceeding 45 characters.
Example that FAILS:
Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251
# OPENDMARC_TEST_HELOHOST=o5.emails.livestorminvites.com OPENDMARC_TEST_CLIENTIP=168.245.94.251 OPENDMARC_TEST_ENVFROM=bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com /opt/OSAGpfix2/sbin/opendmarc -t /shared/tmp/1592396-114516-trim.eml -c /shared/tmp/opendmarc.conf -vv .... INSHEADER: idx=1 hname='Authentication-Results' hvalue='xxxxxx; dmarc=fail (p=reject dis=none) header.from=livestorminvites.com'
Example that PASSES:
Received-SPF: pass (emails.livestorminvites.com: 168.245.94.251 is authorized to use 'bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com' in 'mfrom' identity (mechanism 'ip4:168.245.94.251' matched)) receiver=mail2.open.com; identity=mailfrom; envelope-from="bounces+2309175-1e1a-antonioxh.morge=open.com@emails.livestorminvites.com"; helo=o5.emails.livestorminvites.com; client-ip=168.245.94.251
# OPENDMARC_TEST_HELOHOST=o5.emails.livestorminvites.com OPENDMARC_TEST_CLIENTIP=168.245.94.251 OPENDMARC_TEST_ENVFROM=bounces+2309175-1e1a-antonioxh.morgents=open.com@emails.livestorminvites.com /opt/OSAGpfix2/sbin/opendmarc -t /shared/tmp/1592396-114516-trim.eml -c /shared/tmp/opendmarc.conf -vv .... INSHEADER: idx=1 hname='Authentication-Results' hvalue='xxxxxxxx'; dmarc=pass (p=reject dis=none) header.from=livestorminvites.com'
(in the examples the real env-from local part has been modified in order not to disclose private information, but that does not affect the possibility to reproduce the bug)
Expected: dmarc passes when local part conforms to RFC limits
Version: opendmarc: OpenDMARC Filter v1.4.2 SMFI_VERSION 0x1000001 libmilter version 1.0.1 Active code options: WITH_SPF WITH_SPF2
Configuration file: Socket inet:12340@localhost AutoRestart true AutoRestartRate 10/1m UserID postfix Syslog true IgnoreHosts /etc/opendmarc/whitelist PublicSuffixList /etc/opendmarc/public_suffix_list.dat AuthservID HOSTNAME RejectFailures false TrustedAuthservIDs HOSTNAME SPFIgnoreResults false SPFSelfValidate true HistoryFile /etc/opendmarc/history.dat