search

trusteddomainproject / OpenDMARC

This is the Trusted Domain Project's impementation of the DMARC protocol libary and mail filter, called OpenDMARC. A "milter" connects to unix-based mailers (originally, sendmail, but now many) and provides a standard filtering API.
Other
98 stars 52 forks source link

I have some question. If you don't mind, please reply my question. #216

Open tersver opened 2 years ago

tersver commented 2 years ago

I am implementing DMARC, and I have some troubles follows:

  1. Our system provides selectable intervals between 1 to 48 hours reagrdless of ri. so the interval(The difference between start and end) can be 3,600 to 172,800 and in reports, date_range is like this:

    <date_range>
<begin>1650160862</begin>
<end>1650247262</end>
</date_range>
※1day(86400 interval)

<date_range>
<begin>1650243662</begin>
<end>1650247262</end>
</date_range>
※1hour(3600 interval)

<date_range>
<begin>1650074462</begin>
<end>1650247262</end>
</date_range>
※2day(172800 interval)

    Is it correct date_range? and the contents should be included that range, not [end-86400]? for example, if ri=3600, the contents should be included 1650243662(2022-04-18 10:01:02) and 1650247262(2022-04-18 11:01:02), not 1650160862(2022-04-17 11:01:02) and 1650247262(2022-04-18 11:01:02)?

if the period is 1 hour, should the content of report is between now and 1 hour ago? or between now and 1 day ago? In the other words, if the period is 36 hours, should the content of report is between now and 36 hours ago? or between now and 1 day ago? In our report, the content seems it doesn't matter about period. 1 day fixed.

  1. Our system generates dkim_status with dkim_result_code.

    here is the code which get dkim status.

    static int __get_dkim_status(int dkim_result_code) {
 switch(dkim_result_code) {
     case 0: // None
         return DMARC_POLICY_DKIM_OUTCOME_NONE;
     case 1: // Pass
         return DMARC_POLICY_DKIM_OUTCOME_PASS;
     case 2: // Fail
         return DMARC_POLICY_DKIM_OUTCOME_FAIL;
     default:
         return DMARC_POLICY_DKIM_OUTCOME_NONE;
 }
}

    and in opendmarc, dmarc.h defines follows:

    # define DMARC_POLICY_DKIM_OUTCOME_NONE     (0)
# define DMARC_POLICY_DKIM_OUTCOME_PASS     (1)
# define DMARC_POLICY_DKIM_OUTCOME_FAIL     (2)
# define DMARC_POLICY_DKIM_OUTCOME_TMPFAIL  (3)
# define DMARC_POLICY_DKIM_ALIGNMENT_PASS   (4)
# define DMARC_POLICY_DKIM_ALIGNMENT_FAIL   (5)

    dkim_result_code may have 3 or more, but dmarc.h doesn't define dkim's permerror,nxdomain or so on..? sorry for few information.

  2. In opendmarc-reports, it defines dkim result as follows:

     switch ($dkimresult)
 {
     case 0  { $dkimresultstr = "pass"; }
     case 2  { $dkimresultstr = "softfail"; }
     case 3  { $dkimresultstr = "neutral"; }
     case 4  { $dkimresultstr = "temperror"; }
     case 5  { $dkimresultstr = "permerror"; }
     case 6  { $dkimresultstr = "none"; }
     case 7  { $dkimresultstr = "fail"; }
     case 8  { $dkimresultstr = "policy"; }
     case 9  { $dkimresultstr = "nxdomain"; }
     case 10 { $dkimresultstr = "signed"; }
     case 12 { $dkimresultstr = "discard"; }
     else    { $dkimresultstr = "unknown"; }
 }

    and our result is 0(none)/1(pass)/2(fail)、so the dkimresultstr differs what we assumed. should we correct opendmarc-reports? or our system's result? example of correcting opendmarc-reports : case 0 → fail、 case 1 → pass、 case 2 → none example of correcting our system : case 0 → return 6, case 1 → return 0, case 2 → return 7

  3. In opendmarc-reports, the count seems fixed 1, but real rua report, the count can be more than 1. What is correct, and how can I change the count?

in source code:

        print $tmpout "    <record>\n";
        print $tmpout "        <row>\n";
        print $tmpout "            <source_ip>$ipaddr</source_ip>\n";
        print $tmpout "            <count>1</count>\n";
        print $tmpout "            <policy_evaluated>\n";
        print $tmpout "                <disposition>$dispstr</disposition>\n";
        print $tmpout "                <dkim>$align_dkimstr</dkim>\n";
        print $tmpout "                <spf>$align_spfstr</spf>\n";
        print $tmpout "                <reason>\n";
        print $tmpout "                    <type>local_policy</type>\n";
        print $tmpout "                    <comment>$arc_policy_output</comment>\n";
        print $tmpout "                </reason>\n";
        print $tmpout "            </policy_evaluated>\n";
        print $tmpout "        </row>\n";

sample of other rua report 1:

    <row>
      <source_ip>210.158.71.72</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>

sample of other rua report 2:

  <row>
   <source_ip>217.196.149.56</source_ip>
   <count>1</count>
   <policy_evaluated>
    <disposition>none</disposition>
    <dkim>pass</dkim>
    <spf>fail</spf>
   </policy_evaluated>
  </row>

I apology lack of explanation. and I hope you can answer my question.