#149 subdomain policy is not respected
I already posted this at the opendmarc mailing list (http://www.trusteddomain.org/pipermail/opendmarc-users/2016-January/000591.html). I guess its a bug so I am posting it here as well.
I have a problem with opendmarc not respecting subdomain "none" policy
(sp=none).Here is an example.
DMARC record: (v=DMARC1; p=reject; sp=none; fo=1;
rua=mailto:admin at prnk.cz; ruf=mailto:admin at prnk.cz)[root at prnk opendmarc]# opendmarc-check prnk.cz
DMARC record for prnk.cz:
Sample percentage: 100
DKIM alignment: relaxed
SPF alignment: relaxed
Domain policy: reject
Subdomain policy: none
Aggregate report URIs:
mailto:admin at prnk.cz
Forensic report URIs:
mailto:admin at prnk.czI have created this simple mail to test the behaviour:
[root at prnk opendmarc]# cat 3
Received-SPF: fail (prnk.cz: domain of prnk at prnk.cz does not designate
46.30.238.4 as permitted sender) client-ip=46.30.238.4;
To: undisclosed-recipients:;
From: prnk at something.prnk.cz
Message-Id: <20160125113532.84CD810B55B5 at prnk.prnk.cz>
Date: Mon, 25 Jan 2016 12:35:24 +0100 (CET)tets
test
.
Now when I send the mail to opendmarc it gets rejected even when
subdomain policy is "none" and domain in "From:" header is
"something.prnk.cz".[root at prnk opendmarc]# opendmarc -c /root/opendmarc/opendmarc.conf -t 3 -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: mlfi_helo() returned SMFIS_CONTINUE
opendmarc: 3: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: 3: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 3: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: 3: line 5: mlfi_header() returned SMFIS_CONTINUESETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC
policy for prnk.cz'
INSHEADER: idx=1 hname='DMARC-Filter' hvalue='OpenDMARC Filter
v1.3.1 DEBUG-j DEBUG-i'
opendmarc: 3: mlfi_eom() returned SMFIS_REJECT
opendmarc: mlfi_close() returned SMFIS_CONTINUEHistory file:
job DEBUG-i
reporter DEBUG-j
received 1453728517
ipaddr 127.0.0.1
from something.prnk.cz
mfrom prnk.cz
spf 2
pdomain prnk.cz
policy 16
rua mailto:admin at prnk.cz
pct 100
adkim 114
aspf 114
p 114
sp 110
align_dkim 5
align_spf 5
action 0I think such mail should be accepted, because the subdomain policy is
set to "none" or am I wrong?When I try sending the same mail to my email @gmail.com It doesnt get
rejected for the subdomain.
I think I found the problem in libopendmarc/opendmarc_policy.c
In function "opendmarc_get_policy_to_enforce" there is never any check if subdomain policy should be used instead of domain policy.
I created a patch and it looks like its working fine now.
If anyone can check that I didnt make any mistake that would be awesome :).
Patch applied for 1.3.2.
v1.3.2 released.