[opendmarc-dev] draft: patch to implement an override mechanism for MLMs
A. Schulze
sca at andreasschulze.de
Sun May 22 10:54:32 PDT 2016
>> - opendmarc crash if OverrideMLM is not set in opendmarc.conf
>
> I can't reproduce that here. At least it starts without a problem. Do you
> see the crash when a message arrives that would be rejected (or quarantined)?
crash just on start...
maybe you've fixed that already:
str = NULL;
(void) config_get(data, "OverrideMLM", &str, sizeof str);
{
if (!dmarcf_loadlist(str, &conf->conf_overridemlm))
should be
if (str != NULL && !dmarcf_loadlist...
otherwise I get "opendmarc: opendmarc.c:611: dmarcf_loadlist: Assertion `path != ((void *)0)' failed."
>> - Messages that don't pass dmarc but came from a host listed in OverrideMLM
>> trigger sending an failure report. Shouldn't that don't happen anymore?
>
> I thought about that, too:
> In my opinion it is ok to send a failure report because the message does
> fail the DMARC test - so send a failure report. But locally we decide to
> accept it anyway.
virtually nobody¹) send failure reports to external domain owners.
But I suggest to send failure reports to a local mailbox.
In in this use-case it's helpful to *not* receive failure messages because such
message are handled in some way.
>> - I suggest some logging
>> result = fail, overwritten by OverrideMLM: pass
or: result = fail, not rejected because $OverrideMLM
> Currently it logs something like:
>>> opendmarc[123]: A5CB71847: overriding policy for mail from lists.ntp.org because of MLM
also: not visible here. you have a newer patch version I guess.
Andreas
¹) grep -m 1 -h ^From $ruf_reports/* | sed -e 's/.*<//' -e 's/>//' -e 's/From: //' -e 's/.*@//' | sort | uniq
126.com
163.com
centrale-marseille.fr
dmarc.sapienti-sat.org
g3nius.net
jacobrideout.net
linkedin.com
maelenn.org
prime.gushi.org
qiye.163.com
yoan.us
More information about the opendmarc-dev
mailing list