[opendmarc-users] trouble with endutec.de
A. Schulze
sca at andreasschulze.de
Mon Aug 14 12:27:54 PDT 2017
Am 14.08.2017 um 20:59 schrieb Juri Haberland:
> I just checked the sources and there is a check for
> "v=DMARC1" in various places, but unfortunately these checks are never
> anchored at the beginning of the string - they all pass if "v=DMARC1" is
> *somewhere* in the DNS answer.
found in libopendmarc/opendmarc_policy.c, line 609 and line 638
if (dns_reply == NETDB_SUCCESS && buf != NULL)
{
/* Must include DMARC version */
if (strncasecmp((char *)buf, "v=DMARC1", sizeof buf) == 0)
{
return DMARC_PARSE_OKAY;
}
}
this code try to fetch policy records to verify permissions to send reports to other domains
-> not relevant
and a third time in line 920
if (strcasecmp((char *)cp, "v") == 0)
{
/*
* Yes, this is required to be first, but why
* reject it if it is not first?
*/
if (strcasecmp((char *)vp, "DMARC1") != 0)
{
return DMARC_PARSE_ERROR_BAD_VERSION;
}
}
this code is expected to check
- the tagname is "v"
- the tagvalue is "DMARC1"
but it should not "see a tagname "off-v" ??
BTW:
to answer the question inside comment: https://tools.ietf.org/html/rfc7489#section-6.3
- It (v=) MUST have the value of "DMARC1"
- It (v=) MUST be the first tag in the list
> The only place where a more thorough check is used is in
> opendmarc_policy_parse_dmarc(), but again unfortunately it isn't checked
> whether something like "v=DMARC1" is found at all :(
>
> Will you open a bug report?
yes
Andreas
More information about the opendmarc-users
mailing list