[opendmarc-dev] draft: patch to implement an override mechanism for MLMs

A. Schulze sca at andreasschulze.de
Sun May 22 10:54:32 PDT 2016


>> - opendmarc crash if OverrideMLM is not set in opendmarc.conf
>
> I can't reproduce that here. At least it starts without a problem. Do you
> see the crash when a message arrives that would be rejected (or quarantined)?

crash just on start...
maybe you've fixed that already:

       str = NULL;
       (void) config_get(data, "OverrideMLM", &str, sizeof str);
       {
           if (!dmarcf_loadlist(str, &conf->conf_overridemlm))

should be
           if (str != NULL && !dmarcf_loadlist...

otherwise I get "opendmarc: opendmarc.c:611: dmarcf_loadlist: Assertion `path != ((void *)0)' failed."


>> - Messages that don't pass dmarc but came from a host listed in OverrideMLM
>>    trigger sending an failure report. Shouldn't that don't happen anymore?
>
> I thought about that, too:
> In my opinion it is ok to send a failure report because the message does
> fail the DMARC test - so send a failure report. But locally we decide to
> accept it anyway.
virtually nobody¹) send failure reports to external domain owners.
But I suggest to send failure reports to a local mailbox.

In in this use-case it's helpful to *not* receive failure messages because such
message are handled in some way.

>> - I suggest some logging
>>    result = fail, overwritten by OverrideMLM: pass
or: result = fail, not rejected because $OverrideMLM

> Currently it logs something like:
>>> opendmarc[123]: A5CB71847: overriding policy for mail from lists.ntp.org because of MLM
also: not visible here. you have a newer patch version I guess.


Andreas

¹) grep -m 1 -h ^From $ruf_reports/* | sed -e 's/.*<//' -e 's/>//' -e 's/From: //' -e 's/.*@//' | sort | uniq
126.com
163.com
centrale-marseille.fr
dmarc.sapienti-sat.org
g3nius.net
jacobrideout.net
linkedin.com
maelenn.org
prime.gushi.org
qiye.163.com
yoan.us



More information about the opendmarc-dev mailing list