[opendmarc-dev] multiple from issues
Murray S. Kucherawy
msk at blackops.org
Wed Jul 31 00:23:29 PDT 2013
On Tue, 16 Jul 2013, Andreas Schulze wrote:
> Today I sent messages with a strange but valid RFC5322.From:
> From: <user at paypal.com>, <user at web.de>
>
> To honor RFC5322 I added a "Sender: <user at web.de>"
>
> paypal has a dmarc-record p=reject, web.de don't know spf/dkim/dmarc at all.
>
> The mail is forged and expected to not pass dmarc. And my opendmarc really
> found a forged message:
> Jul 16 14:36:30 ergeht opendmarc[2402]: 3bvh1T4cFYz52Hn: paypal.com fail
>
> I set "RejectFailures yes" in opendmarc.conf so the message was rejected.
> But the reject reason mention the second domain (web.de):
> Jul 16 14:36:30 ergeht postfix/cleanup[2610]: ... 5.7.1 rejected by DMARC
> policy for web.de; ...
It's almost 100% likely that the function used to parse a header field
(which I think came from the very-old-by-now dkim-filter code) only
extracts a single answer. This is a bug, though I wouldn't give it much
priority given how exceedingly rare this syntax is.
> Looks like opendmarc could be "optimized" when parsing RFC5322.From and
> handle RFC5322, Section 3.6.2 correct.
Right.
> I also changed the From line to "From: <user at web.de>, <user at paypal.com>"
> The message was no longer blocked although it don't pass dmarc.
That's interesting, because it should select paypal.com which clearly has
"p=reject". Please open a bug and attach your sample message.
-MSK
More information about the opendmarc-dev
mailing list