Open kpeeters opened 1 year ago
I've tested dmarcf_mail_parse()
and dmarcf_mail_parse_multi()
by patching opendmarc-parse-test-patch.txt against opendmarc/parse.c, and compiled with
cc -DMAILPARSE_TEST -DMAILPARSE_MULTI_TEST -O0 -g -o mailparse_multi
cc -DMAILPARSE_TEST -O0 -g -o mailparse parse.c`
then got:
$ ./mailparse 'From: "Someone <someone@junk.com>"@mydomain.com'
user: '"Someone <someone@junk.com>"'
domain: 'mydomain.com'
$ ./mailparse_multi 'From: "Someone <someone@junk.com>"@mydomain.com'
user: '"Someone <someone@junk.com>"'
domain: 'mydomain.com'
Also, SPF is not applied to From: header but smtp.from. So I don't think that this is not a problem on header parsing, and if there is some problem about it, it is on handling of smtp.from.
What is smtp.from is the case ?
An email with the following "From:" header was accepted by my mail server:
The server a.b.c.d from which this email was sent to my port 25 is a valid (according to SPF) server for "junk.com", but not for "mydomain.com". The domain "mydomain.com" is hosted on my server.
I would have expected this to fail, as a.b.c.d is not a permitted sender for "mydomain.com" according to SPF records. But OpenDMARC probably looked at the "@junk.com" part and decided this was allowed.
A test without the pointy brackets shows that, in that case, the message gets rejected correctly.
This has been confirmed by at least one other person, see https://github.com/mail-in-a-box/mailinabox/issues/2273.