diff options
-rw-r--r-- | src/src/acl.c | 3 | ||||
-rw-r--r-- | src/src/dmarc.c | 26 | ||||
-rw-r--r-- | src/src/dmarc.h | 2 | ||||
-rw-r--r-- | src/src/globals.c | 2 | ||||
-rw-r--r-- | src/src/globals.h | 2 | ||||
-rw-r--r-- | src/src/receive.c | 3 |
6 files changed, 17 insertions, 21 deletions
diff --git a/src/src/acl.c b/src/src/acl.c index eb2179610..1d5e0590d 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3328,8 +3328,9 @@ for (; cb != NULL; cb = cb->next) #ifdef EXPERIMENTAL_DMARC case ACLC_DMARC_STATUS: - if (dmarc_has_been_checked++ == 0) + if (!dmarc_has_been_checked) dmarc_process(); + dmarc_has_been_checked = TRUE; /* used long way of dmarc_exim_expand_query() in case we need more * view into the process in the future. */ rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS), diff --git a/src/src/dmarc.c b/src/src/dmarc.c index 85b6ec8fe..d0a827bb8 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -12,6 +12,11 @@ #include "exim.h" #ifdef EXPERIMENTAL_DMARC +#if !defined EXPERIMENTAL_SPF +#error SPF must also be enabled for DMARC +#elif defined DISABLE_DKIM +#error DKIM must also be enabled for DMARC +#else #include "functions.h" #include "dmarc.h" @@ -25,15 +30,12 @@ BOOL dmarc_abort = FALSE; uschar *dmarc_pass_fail = US"skipped"; extern pdkim_signature *dkim_signatures; header_line *from_header = NULL; -#ifdef EXPERIMENTAL_SPF extern SPF_response_t *spf_response; int dmarc_spf_result = 0; uschar *spf_sender_domain = NULL; uschar *spf_human_readable = NULL; -#endif u_char *header_from_sender = NULL; int history_file_status = DMARC_HIST_OK; -uschar *history_buffer = NULL; uschar *dkim_history_buffer= NULL; /* Accept an error_block struct, initialize if empty, parse to the @@ -64,7 +66,8 @@ add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) messages on the same SMTP connection (that come from the same host with the same HELO string) */ -int dmarc_init() { +int dmarc_init() +{ int *netmask = NULL; /* Ignored */ int is_ipv6 = 0; char *tld_file = (dmarc_tld_file == NULL) ? @@ -79,10 +82,8 @@ int dmarc_init() { dmarc_pass_fail = US"skipped"; dmarc_used_domain = US""; header_from_sender = NULL; -#ifdef EXPERIMENTAL_SPF spf_sender_domain = NULL; spf_human_readable = NULL; -#endif /* ACLs have "control=dmarc_disable_verify" */ if (dmarc_disable_verify == TRUE) @@ -190,7 +191,6 @@ int dmarc_process() { * instead do this in the ACLs. */ if (dmarc_abort == FALSE && sender_host_authenticated == NULL) { -#ifdef EXPERIMENTAL_SPF /* Use the envelope sender domain for this part of DMARC */ spf_sender_domain = expand_string(US"$sender_address_domain"); if ( spf_response == NULL ) @@ -250,7 +250,6 @@ int dmarc_process() { log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s", opendmarc_policy_status_to_str(libdm_status)); } -#endif /* EXPERIMENTAL_SPF */ /* Now we cycle through the dkim signature results and put into * the opendmarc context, further building the DMARC reply. */ @@ -402,6 +401,7 @@ int dmarc_write_history_file() ssize_t written_len; int tmp_ans; u_char **rua; /* aggregate report addressees */ + uschar *history_buffer = NULL; if (dmarc_history_file == NULL) return DMARC_HIST_DISABLED; @@ -423,12 +423,9 @@ int dmarc_write_history_file() history_buffer = string_sprintf("%smfrom %s\n", history_buffer, expand_string(US"$sender_address_domain")); -#ifdef EXPERIMENTAL_SPF if (spf_response != NULL) history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_result); -#else - history_buffer = string_sprintf("%sspf -1\n", history_buffer); -#endif /* EXPERIMENTAL_SPF */ + // history_buffer = string_sprintf("%sspf -1\n", history_buffer); history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer); history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain); @@ -581,7 +578,6 @@ uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) #if 0 /* I don't think this belongs here, but left it here commented out * because it was a lot of work to get working right. */ -#ifdef EXPERIMENTAL_SPF if (spf_response != NULL) { uschar *dmarc_ar_spf = US""; int sr = 0; @@ -597,7 +593,6 @@ uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) expand_string(US"$sender_address") ); } #endif -#endif hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail); if (header_from_sender) @@ -606,6 +601,7 @@ uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) return hdr_tmp; } -#endif +#endif /* EXPERIMENTAL_SPF */ +#endif /* EXPERIMENTAL_DMARC */ // vim:sw=2 expandtab diff --git a/src/src/dmarc.h b/src/src/dmarc.h index fa0365e55..8537a62ab 100644 --- a/src/src/dmarc.h +++ b/src/src/dmarc.h @@ -43,6 +43,6 @@ void dmarc_send_forensic_report(u_char **); #define DMARC_RESULT_QUARANTINE 4 -#endif +#endif /* EXPERIMENTAL_DMARC */ // vim:sw=2 expandtab diff --git a/src/src/globals.c b/src/src/globals.c index a491c2746..74b6edb01 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -591,7 +591,7 @@ BOOL dkim_collect_input = FALSE; BOOL dkim_disable_verify = FALSE; #endif #ifdef EXPERIMENTAL_DMARC -int dmarc_has_been_checked = 0; +BOOL dmarc_has_been_checked = FALSE; uschar *dmarc_ar_header = NULL; uschar *dmarc_forensic_sender = NULL; uschar *dmarc_history_file = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 73cfd0ea8..db436c06d 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -347,7 +347,7 @@ extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP i extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ #endif #ifdef EXPERIMENTAL_DMARC -extern int dmarc_has_been_checked; /* Global variable to check if test has been called yet */ +extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */ extern uschar *dmarc_ar_header; /* Expansion variable, suggested header for dmarc auth results */ extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */ extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */ diff --git a/src/src/receive.c b/src/src/receive.c index 372747360..1b4656cfc 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3250,6 +3250,7 @@ else } } } +#endif /* DISABLE_DKIM */ #ifdef WITH_CONTENT_SCAN if (recipients_count > 0 && @@ -3426,8 +3427,6 @@ else } } -#endif /* DISABLE_DKIM */ - /* The applicable ACLs have been run */ if (deliver_freeze) frozen_by = US"ACL"; /* for later logging */ |