Change since 1.3.1 from RELEASE_NOTES
1.4.0 2018/06/??
Add ARC support. Extensive work contributed by ValiMail.
Add "DomainWhitelist" and "DomainWhitelistFile" config options.
Extract client IP address for ARC reports when provided via
Authentication-Results.
Update SQL schema to support new reporting functionality for DKIM
selectors and ARC local policy overrides (refer to the example
schema.mysql file).
Add experimental support for reporting of ARC local policy overrides.
Add support for recording and reporting of DKIM selectors.
Override a DMARC "fail" if an ARC "pass" is recorded in conjunction with
an ARC policy pass.
Fix bug #137: Handle base64 inside AR tokens that are values.
Problem reported by Joseph Coffland.
LIBOPENDMARC: Fix bug #203: Reject DMARC records that have duplicate
tags in them. Reported by Dirk Stoecker.
REPORTS: Feature request #146: Add option to pull input from a file.
REPORTS: Fix bug #153: Suppress duplicate results from the same
domain. Patch from Tomki Camp.
1.3.2 2017/03/04
Feature request #86: Change meaning of "RequiredHeaders" such that
header validity is always checked, but messages are only
rejected on that basis when the flag is set. Based
on a patch from Andreas Schulze.
Feature request #127: Log SPF results when rejecting. Requested
by Patrick Wagner; patch from Andreas Schulze, follow-up
patch from Juri Haberland.
Feature request #138: Inculde policy and disposition information
in an Authentication-Results comment. Based on a patch
from Juri Haberland.
Feature request #139: Include the client host name if known
in failure reports. Suggested by Roland Turner;
patch by Andreas Schulze.
Fix bug #95: Assume IPv6 for SPF operations. Patch from Juri Haberland.
Fix bug #120: Fix control logic around the SPF result.
Reported by Christophe Wolfhugel; patch from Andreas Schulze.
Fix bug #122: Don't skip the HELO milter phase when SPF is enabled.
Reported by Christophe Wolfhugel.
Fix bug #157: Fix logging of implicit authserv-ids. Reported
by Andreas Schulze; patch from Juri Haberland.
Fix bug #158: Log ignored connections. Patch from Andreas Schulze.
Fix bug #160: Fix "SyslogFacility" handling. Patch from
Juri Haberland.
Fix bug #163: Use a larger buffer for the raw MAIL FROM value.
Based on a patch from Andreas Schulze.
Fix bug #174: Trim "!" suffixes from reporting addresses. Problem
noted by Juri Haberland.
Fix bug #186: When reloading the configuration file, the public
suffix list was read in with the wrong comment indicator.
Patch from Federico Omoto.
Fix bug #194: Fix inappropriate DMARC status when "p=none" is
discovered. Patch from Juri Haberland.
Fix bug #195: When parsing Received-SPF, use the correct constants
in the history file entries. Patch from Juri Haberland.
LIBOPENDMARC: Fix bug #115: Fix type mismatch. Patch from
Sebastian A. Siewior via Scott Kitterman.
LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code.
Patch from Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix. Reported by
Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #131: Fix alignment bug. Patch from
Andreas Schulze.
LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from
DMARC DNS records. Based on a patch from Job Noorman.
LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and
applicable. Patch from Petr Novak.
LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic.
LIBOPENDMARC: Fix bug #156: Fix variable name. Patch by
Andreas Schulze.
LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF
identifier was used. Patches from Marco Favero and
Juri Haberland.
LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should
return "none". Patch from Marco Favero.
REPORTS: Fix bug #134: Handle SMTP errors correctly. Patch from
Andreas Schulze.
REPORTS: Fix bug #141: Set the HELO parameter correctly.
Reported by Alan Smith; patch from Andreas Schulze.
REPORTS: Fix bug #143: Fix logic in table truncation.
Reported by Wayne Andersen; patch from Juri Haberland.
REPORTS: Fix bug #162: Always report "sp" in aggregate reports.
Patch from Juri Haberland.
REPORTS: Fix bug #166: Fix report start/end time logic.
Patch from Juri Haberland.
REPORTS: Fix bug #188: Don't delete inputs too early in
opendmarc-reports. Patch from Juri Haberland.
TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure"
reports. Patch from Andreas Schulze.
TOOLS: Fix bug #164: Handle IPv6 test addresses. Reported by
Andreas Schulze; patch from Juri Haberland.
DOCS: Patch #189: Replace the DMARC RFC with an HTML page
referencing the relevant specs, since Debian doesn't
consider RFCs to be "free". Patch from Scott Kitterman
via Juri Haberland.
Fix bug #97: Add ability to change envelope sender, client IP
address, client hostname, and HELO value used in test
mode, via environment variables. This can be turned
into something more formal in a later release.
Fix bug #102: Don't lose SPF results and output the "-1" default.
Fix bug #103: Fix IgnoreAuthenticatedClients by requesting the
right macro value from the MTA.
Fix bug #113: Remove "TemporaryDirectory" (unused).
LIBOPENDMARC: Fix bug #104: Include <sys/param.h> and <resolv.h>
in <opendmarc/dmarc.h> so that MAXPATHLEN and MAXNS get
defined consistently.
LIBOPENDMARC: Fix bug #105: Get the h_errno definition from
<netdb.h> rather than declaring it.
LIBOPENDMARC: Fix bug #106: Clean up issues with the types passed
to opendmarc_policy_library_dns_hook().
DOCS: Fix bug #99: Update list of constraints on
opendmarc_policy_fetch_alignment().
REPORTS: Fix bug #108: Handle malformed mailto URIs in DMARC
records (e.g., just "mailto:").
REPORTS: Fix bug #110: Support SQL backend selection in
opendmarc-expire.
Integrated SPF checking is now available through the new
SPFSelfValidate and SPFIgnoreResults settings.
Feature request #79: Optionally ignore clients that authenticated
using SMTP AUTH.
Fix bug #60, part II: Default AuthservID to the name provided by the
MTA, not the local host name, which is consistent with what
OpenDKIM does.
Fix bug #72: Don't crash when From fields are absent.
Fix bug #74: Change "Forensic" to "Failure" just about everywhere
to match the language now being used in the base DMARC
draft. Note that this also changes some names in the
configuration file.
Fix bug #75: Correct typo in MIME of forensic reports.
Fix bug #76: Repair damage with respect to Authentication-Results
header field selection.
Fix bug #77: Request quarantine from the MTA during option
negotiation.
Fix bug #78: Add missing newline in forensic report header.
Fix bug #90: Make "--with-sql-backend" without any value do the
right thing.
Fix bug #93: Honor size limits in URIs.
Make "smime" and "rrvs" legal Authentication-Results methods.
Provide better logging when pclose() for a forensic report returns
non-zero.
Add configuration support for internal SPF checks. Includes hooks in
the milter to check that SPF is configured to do so.
This can use a private SPF implementation or libspf2.
Fix strlcat() and strlcpy() support for Debian.
REPORTS: Feature request #80: Generate aggregate reports on UTC
day boundaries.
REPORTS: Feature request #84: Optionally expire old data from
lower-growth tables.
REPORTS: Fix bug #70: Fix date range generation in reports.
REPORTS: Fix bug #82: Fix recording of report timestamp to avoid lost
records.
REPORTS: Fix bug #83: When expiring data, truncate the signatures table
if all messages were expired..
REPORTS: Fix bug #85: Report subdomain policy.
LIBOPENDMARC: Fix bug #71: Fix "rua" extraction from DMARC records.
LIBOPENDMARC: Added support for milter to perform own spf checks.
Three new files: opendmarc_spf.c, opendmard_spf_dns.c and
test/test_spf.cl, allow integrated SPF support. Support for
use of libspf2 is also provided.
Feature request #44: Allow override of the From: field on forensic
reports.
Feature request #45: Log the host portion of ignored
Authentication-Results fields at "debug" level.
Feature request #56: Add "RequiredHeaders" setting to enforce syntax
checks against a message and reject those that don't comply.
Feature request #65: Add "ForensicReportsBcc".
Fix bug #46: Charitable tweak to a couple of log messages.
Fix bug #55: The "SoftwareHeader" setting wasn't being set properly.
Fix bug #58: The "smtp.mailfrom" part of an Authentication-Results
field might contain only a domain name.
Fix bug #60: Default AuthservID to the name provided by the MTA,
not the local host name, which is consistent with what
OpenDKIM does.
Merge request #2: Validate external recipients before adding them to
report recipient lists.
Record all DKIM results to the history file, rather than only
passing results.
BUILD: Fix bug #50: Check libbsd for strlcat() and strlcpy() so we
don't make our own when we don't need to.
CONTRIB: Fix bug #52: Update path to draft RFC in contrib/spec.
CONTRIB: Fix bug #59: Allow database name, userid and password to be
specified on the command line rather than hard-coding them.
DOCS: Fix bug #48: Add a libopendmarc use overview page.
DOCS: Fix bug #53: Add man page for opendmarc-importstats.
REPORTS: Fix bug #51: Check status after every phase of SMTP when
sending reports.
REPORTS: Fix DKIM status importing.
LIBOPENDMARC: Fix bug #68: Fix strict/relaxed checking logic when
a public suffix list is available.
LIBOPENDMARC: Fixed a bug where in some instances the fetch of the
orgainizational domain could wrongly return the from domain.
LIBOPENDMARC: Fix call to missing function.
source package for providing DMARC report generation and policy enforcement
services. It includes a library for handling DMARC record parsing,
a database schema and tools for aggregating and processing transaction
history to produce DMARC reports, and a filter that ties it all together
with an MTA using the milter protocol.
