On Fri, Sep 28, 2012 at 3:39 PM, Todd Lyons <[email protected]> wrote: > > For the longer term, I have begun this work. I put together the start > of DMARC support built in to exim, protected by feature name > EXPERIMENTAL_DMARC. It is not yet in a modular format like DKIM is > implemented in separate dkim.{h,c} files. For ease of testing > purposes, I'm doing it all inline in src/receive.c.
Well, it's working, how about that! > What I have so far is visible in my staging area at > http://git.exim.org/users/tlyons/exim.git/shortlog/refs/heads/master_opendmarc. > A comprehensive diff can be obtained with: > git diff c41c0f1a1c^..HEAD It's progressed quite a bit since last week. I welcome code reviews to make sure I'm not doing anything dangerous. Look at the whole diff because there are some unsafe things midstream, but it should be fixed up by the final commit. > Recap: It's not modular, there are no global knobs yet, there are no > ACL control functions, and there is no ACL or router/transport > feedback variables. > With positive results, I'll see about modularizing it and adding knobs > and controls and feedback variables. I'm ready to do this part, but I need help with it. Is there any documentation about how to design these code segments to implement the desired feature? (modeled very heavily after dkim functionality) 1. I need to add a new control, such as: control = dmarc_disable_verify 2. I need to add a modifier, such as: dmarc_status = * where the possible values for * are accept, none, reject, quarantine, error (others?) 3. I need to add a few string variables that will return status of a check, such as: dmarc_verify_status, dmarc_verify_reason, dmarc_domain, dmarc_authentication_record I think I can handle #3 with no issues, but I'm not confident in my ability to do #1 or #2 yet. With the current inline code, this is an example segment of logs for messages that have DMARC records (in most cases) 2012-10-04 19:33:31 1TJrAm-00046a-7j DMARC results: spf_domain=sellernotifications.amazon.com dmarc_domain=amazon.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:33:32 1TJrAo-00046z-Gk DMARC results: spf_domain=postmaster.twitter.com dmarc_domain=postmaster.twitter.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:37:10 1TJrEK-0004bM-DN DMARC results: spf_domain=bounce.secureserver.net dmarc_domain=me.com spf_align=no dkim_align=no enforcement='None, Accept' 2012-10-04 19:37:58 1TJrF6-0004iO-Pn failure to store spf for DMARC: Function called with nothing to parse 2012-10-04 19:38:02 1TJrFB-0004ix-Ee failure to store spf for DMARC: Function called with nothing to parse 2012-10-04 19:38:34 1TJrFh-0004nz-4u DMARC results: spf_domain=bounce.linkedin.com dmarc_domain=linkedin.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:38:39 1TJrFi-0004o5-HS DMARC results: spf_domain=news.retailtrafficmag.com dmarc_domain=news.retailtrafficmag.com spf_align=no dkim_align=no enforcement='No DMARC record' 2012-10-04 19:40:41 1TJrHj-00054x-Ee DMARC results: spf_domain=alerts.Chase.com dmarc_domain=alerts.Chase.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:40:41 1TJrHj-00054z-F2 DMARC results: spf_domain=alerts.Chase.com dmarc_domain=alerts.Chase.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:43:35 1TJrKY-0005Nz-2t DMARC results: spf_domain=bounce.linkedin.com dmarc_domain=linkedin.com spf_align=yes dkim_align=yes enforcement='Accept' 2012-10-04 19:44:09 1TJrL3-0005V5-Jv DMARC results: spf_domain=adp.com dmarc_domain=adp.com spf_align=yes dkim_align=no enforcement='Accept' ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
