[opendmarc-dev] draft: patch to implements verification of external report destinations

Juri Haberland juri at sapienti-sat.org
Fri Sep 30 08:15:43 PDT 2016 

Hello,

attached you will find a patch that implements the verification of 
external report destinations as mandated by the RFC. Additionally it 
adds overriding of URIs by the DMARC RR used to authenticate the 
external destination (see RFC 7489, section 7.1). And finally it sends 
an error report (see section 7.2.2) if the report cannot be sent to any 
URI due to size limitations given in the URI(s).

The patch is against 1.3.2-beta including (at least) patches from ticket 
#166 and ticket #188.

It is a large and intrusive patch that reworks the whole sending 
mechanism:
First it creates the report and converts it to base64 to get the size of 
it. Second it loops over every URI, does the verification, replacement 
and checks for the size.
After all URIs are analyzed we look at the result - if we have at least 
one URI left, we send the report to *all* URIs left in one step, if no 
URI is left (because the report is too big for all URIs), an error 
report is sent to all valid URIs.

As the description of the error report in section 7.2.2 is a bit vague, 
I would be interested in opinions!

Here is a sample error report:

> From: report at example.org
> To: rua at example.com
> Subject: DMARC Error Report Domain: example.com Submitter: example.org 
> Report-ID: example.com-1475193602 at example.org
> Date: Fri, 30 Sep 2016 02:00:10 +0200 (CEST)
> Message-ID: <example.com-1475193602 at example.org>
> MIME-Version: 1.0
> Content-Type: multipart/report;
>      report-type=delivery-status;
>      boundary="mailhost.example.org/1475193610"
> 
> This is a MIME-encapsulated message.
> 
> --mailhost.example.org/1475193610
> Content-Description: DMARC Notification
> Content-Type: text/plain
> 
> This is a DMARC error report from host mailhost.example.org.
> 
> I'm sorry to have to inform you that a DMARC aggregate report
> could not be delivered to any of your URIs mentioned in your DMARC
> DNS resource records because of size limitations.
> 
> --mailhost.example.org/1475193610
> Content-Description: DMARC Error Report
> Content-Type: text/plain
> 
> Report-Date: Fri, Sep 30 2016 02:00:10 +0200 (CEST)
> Report-Domain: example.com
> Report-ID: example.com-1475193602 at example.org
> Report-Size: 9490
> Submitter: example.org
> Submitting-URI: rua at example.com
> 
> --mailhost.example.org/1475193610--


I would love to hear your comments.

Cheers,
   Juri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reportDestVerificationV2.patch
Type: text/x-diff
Size: 13797 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-dev/attachments/20160930/fdb83b5a/attachment.patch>

More information about the opendmarc-dev mailing list