|
SA Bugzilla – Full Text Bug Listing |
Summary: | DMARC Plugin Specification / Discussion | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | Kevin A. McGrail <kmcgrail> |
Component: | Plugins | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | apache, davej, giovanni, kmcgrail, me, rwmaillists |
Priority: | P2 | ||
Version: | 3.4 SVN branch | ||
Target Milestone: | 4.0.0 | ||
Hardware: | PC | ||
OS: | Windows 7 | ||
Whiteboard: | |||
Bug Depends on: | 6918 | ||
Bug Blocks: |
Description
Kevin A. McGrail
2015-05-05 22:08:51 UTC
Anyone out there willing to take a stab at a DMARC plugin? Even just a draft patch to get this ball rolling? This is really important and should be included in SA like SPF and DKIM is. There's an intermediate possibility between 1 and 2 where all of the trusted authentication headers are examined and a pass from any one overrides any fail. IMO this is the optimum solution for almost everyone. Where forwarding or pop/imap retrieval is involved, upstream headers can be much more reliable. If you are running a mail server I would think you would want dmarc reports and rejects handled before the mail reaches SA, in which case a header might just as well be added. The most significant case where it wont work is when a service provider adds the header out of order and it can't be trusted, but this need only break dmarc based whitelisting, a dmarc fail should be fine. GSoC 2018 project? (In reply to Dave Jones from comment #3) > GSoC 2018 project? Definitely. I'm making a list as we speak. https://github.com/msimerson/mail-dmarc imho this is the active repo for it, i like to make the AR header parsing another sa plugin if needed, this perl module here is more native to dmarc testing in sa On https://github.com/bigio/spamassassin-dmarc there is a working Dmarc plugin, atm it does queries and can be configured to store reports using Mail::Dmarc. Arm it does not read authentication headers. (In reply to Giovanni Bechis from comment #7) > On https://github.com/bigio/spamassassin-dmarc there is a working Dmarc > plugin, > atm it does queries and can be configured to store reports using Mail::Dmarc. > Arm it does not read authentication headers. Atleast it shouldn't use uri_to_domain. Mail::DMARC does it's own correct processing with Public Suffix List. dont forget ARC, thats why i say AuthRes needs more love, mail-dkim nearly have all that is needed for dkim, arc, and authres, and end in dmarc, dmarc must validate arc chains, just using spf, dkim, is a fail for dmarc (In reply to Henrik Krohns from comment #8) > (In reply to Giovanni Bechis from comment #7) > > On https://github.com/bigio/spamassassin-dmarc there is a working Dmarc > > plugin, > > atm it does queries and can be configured to store reports using Mail::Dmarc. > > Arm it does not read authentication headers. > > Atleast it shouldn't use uri_to_domain. Mail::DMARC does it's own correct > processing with Public Suffix List. I have uncommitted code that get rid of uri_to_domain calls. It's already committed, dunno if there's anything to discuss here. My only gripe is that it's named "Dmarc" as the protocol is clearly "DMARC", but I guess it'll have to do.. FYI.. sorry but the name irritated me, so I renamed Dmarc.pm -> DMARC.pm. Loadplugin has backwards compatibility for old name. Cleaned up the code a lot. Sending trunk/MANIFEST Sending trunk/UPGRADE Sending trunk/lib/Mail/SpamAssassin/Conf.pm Adding trunk/lib/Mail/SpamAssassin/Plugin/DMARC.pm Deleting trunk/lib/Mail/SpamAssassin/Plugin/Dmarc.pm Sending trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm Sending trunk/rules/v400.pre Sending trunk/t/all_modules.t Sending trunk/t/debug.t Sending trunk/t/dmarc.t Transmitting file data .........done Committing transaction... Committed revision 1900161. Can someone please check if 25_dmarc.cf looks proper for stock rules. I have very little knowledge right now about DMARC and all the policies. Sending trunk/lib/Mail/SpamAssassin/Plugin/DMARC.pm Adding trunk/rules/25_dmarc.cf Sending trunk/t/dmarc.t Transmitting file data ...done Committing transaction... Committed revision 1900272. |