[opendmarc-users] DKIM align question

Todd Lyons tlyons at ivenue.com
Thu Apr 11 06:58:04 PDT 2013 

Updating answer for ML archive completeness:

On Tue, Apr 9, 2013 at 7:18 AM, Todd Lyons <tlyons at ivenue.com> wrote:

> My code is doing something wrong when assigning those numbers for the
> result field (which you call "pass" in the signatures table).  I'm
> My code is doing this:
>
>       dkim_result = ( vs == PDKIM_VERIFY_PASS ) ?
> DMARC_POLICY_DKIM_OUTCOME_PASS :
>                   ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
>                   ( vs == PDKIM_VERIFY_INVALID ) ?
> DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
>                       DMARC_POLICY_DKIM_OUTCOME_NONE;
>
> which is far fewer values than your script is expecting.

So it turns out the value logged in the statistics file needs to be
the ARES_RESULT_* values, not the DMARC_POLICY_{DKIM/SPF}_OUTCOME_*
values.  My modified code does:

        dkim_result = ( vs == PDKIM_VERIFY_PASS ) ?
DMARC_POLICY_DKIM_OUTCOME_PASS :
                      ( vs == PDKIM_VERIFY_FAIL ) ?
DMARC_POLICY_DKIM_OUTCOME_FAIL :
                      ( vs == PDKIM_VERIFY_INVALID ) ?
DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
                      DMARC_POLICY_DKIM_OUTCOME_NONE;
        libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar
*)sig->domain,
                                               dkim_result, US"");

and

        dkim_ares_result = ( vs == PDKIM_VERIFY_PASS )    ? ARES_RESULT_PASS :
                            ( vs == PDKIM_VERIFY_FAIL )    ? ARES_RESULT_FAIL :
                            ( vs == PDKIM_VERIFY_NONE )    ? ARES_RESULT_NONE :
                            ( vs == PDKIM_VERIFY_INVALID ) ?
                             ( ves ==
PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR
                               ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE
       ? ARES_RESULT_PERMERROR
                               ves ==
PDKIM_VERIFY_INVALID_PUBKEY_PARSING     ? ARES_RESULT_PERMERROR
                               ARES_RESULT_UNKNOWN ) :
                            ARES_RESULT_UNKNOWN;
        /* Exim specific string handling function */
        dkim_history_buffer = string_sprintf("%sdkim %s %d\n",
dkim_history_buffer,

sig->domain, dkim_ares_result);

The code is ever evolving, it might end up adjusted further, but I
just wanted to document what I was doing wrong.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
 If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

More information about the opendmarc-users mailing list