[opendmarc-users] probably bug in OpenDMARCs AR-header parser

A. Schulze sca at andreasschulze.de
Mon Jun 15 12:12:25 PDT 2015 

Hello,

today I stumbled upon a message from amazon.de
see http://lists.dmarc.org/pipermail/dmarc-discuss/2015-June/003155.html

I striped down the message to a bare minimum:

/tmp/msg
       Authentication-Results: mail.example.org;
           dkim=pass header.d=amazon.de;
           dkim=pass header.d=amazonses.com
       From: "foo" <foo at marketplace.amazon.de>

       body

/tmp/opendkim.conf
       AuthservID              mail.example.org
       PublicSuffixList        /tmp/public_suffix_list.dat

# cd /tmp && wget https://publicsuffix.org/list/public_suffix_list.dat

# opendmarc -V
opendmarc: OpenDMARC Filter v1.3.1
          SMFI_VERSION 0x1000001
          libmilter version 1.0.1

# opendmarc -vv -c /tmp/config -t /tmp/msg
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: line 4: mlfi_header() returned SMFIS_CONTINUE
### INSHEADER: idx=1 hname='Authentication-Results'  
hvalue='mail.example.org; dmarc=fail header.from=marketplace.amazon.de'
opendmarc: /tmp/msg: mlfi_eom() returned SMFIS_CONTINUE
opendmarc: mlfi_close() returned SMFIS_CONTINUE

If I now change the second dkim=pass to foo=pass it looks different:
# opendmarc -vv -c /tmp/config -t /tmp/msg
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: /tmp/msg: line 4: mlfi_header() returned SMFIS_CONTINUE
### INSHEADER: idx=1 hname='Authentication-Results'  
hvalue='mail.example.org; dmarc=pass header.from=marketplace.amazon.de'
opendmarc: /tmp/msg: mlfi_eom() returned SMFIS_ACCEPT
opendmarc: mlfi_close() returned SMFIS_CONTINUE

It looks like the OpenDMARCs AR-header parser fail to recognise the  
AR-header generated by OpenDKIM.
As long there is only one "dkim=pass header.d=amazon.de" anything is fine.
But there is also a second signature from amazonses.com the trigger  
the trouble.

If confirmed I could open a Bugticket...

Andreas

More information about the opendmarc-users mailing list