Commit graph

31 commits

Author SHA1 Message Date
manu
b87da4e084 Update mail/opendmarc to 1.4.1.1
Changes since 1.4.0 from the RELEASE_NOTES file
        NOTE: In response to CVE-2019-20790, opendmarc has changed
                how it evaluates headers added by previous
                SPF milters.  Users are encouraged to read the
                CVE-2019-20790 file in the "SECURITY" folder
                for more details. (#49, #158).  Originally reported by
                Jianjun Chen, feedback by Simon Wilson and
                David Bürgin <dbuergin@gluet.ch>.
        NOTE: OpenDMARC's internal SPF handling will be removed
                in a future version.  Users are encouraged to
                build linked against libspf2.  Many pre-built
                packages provided by OS packagers already do this.
                (See https://www.libspf2.org)
        Addition of defines for MUSL C Library. (#129/#133).  Patches by
                Marco Rebhan.
        Updated opendmarc.conf manpage and opendmarc.conf.sample to point to
                https://publicsuffix.org/list/.
        Added a CONTRIBUTING document.
        Fix two #ifdefs in arc functions for strlcpy. (#138).  Reported by
                Leo Bicknell.
        Fixes to MySQL Schema (#98/#99).  Patch by Bond Keevil.
        LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not
                having the ns_type definition in arpa/resolv.h.
                Added detection to configure script.  (#134)
        Reworked hcreate_r calls to use hcreate, to compile natively on
                OpenBSD and MacOS. (Part of #94)  Reported by Rupert
                Gallagher.
        Add compatibility with AutoConf 2.70. (#95)
        Documentation updates about SourceForge being deprecated.  (#101)
        Only accept results from Received-SPF fields that indicate clearly
                which identifier was being evaluated, since DMARC specifically
                only wants results based on MAIL FROM.
        Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81)
                Patches provided by Rupert Gallagher (ruga@protonmail.com)
        Added config option HoldQuarantinedMessages (default false), which
                controls if messages with p=quarantine will be passed on to
                the mail stream (if False) or placed in the MTA's "hold"
                queue (if True).  Issue #105.  Patch by Marcos Moraes, on
                the OpenDMARC mailing list.
        Remove "--with-wall" from "configure".  Suggested by Leo Bicknell.
        LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT.
                Problem reported by Jan Bouwhuis.
        LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code.
        LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code.
        LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through
                htonl() since it's already in network byte order.  This
                was causing SPF errors when the internal SPF
                implementation was in use.
        LIBOPENDMARC: Fix numerous problems with the internal SPF
                implementation.
2021-05-27 16:51:59 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
manu
fafa8c1c76 Add RequiredFrom option
If RequiredFrom is set, opendmarc will reject messages that lack
a From header from which a valid domain can be extracted. This
is a subset of the full RFC5322 requirements enforced by the
RequiredHeaders option.

While non RFC5322-compliant messages are too common to make
RequiredHeaders always usable, the check on the From header
remains especially valuable. It makes sure forged domain messages
cannot evade the filter by just omitting the From header and relying
on the MTA to fill it by a copy from the enveloppe header.

Submitted upstream as
https://github.com/trusteddomainproject/OpenDMARC/pull/147
2021-03-29 09:30:59 +00:00
manu
ea9560df83 Fix two null pointer reference 2021-02-17 01:49:12 +00:00
manu
a3d0d3eadd Updated mail/opendmarc to 1.4.0beta1
Change since 1.3.1 from RELEASE_NOTES

1.4.0           2018/06/??
        Add ARC support.  Extensive work contributed by ValiMail.
        Add "DomainWhitelist" and "DomainWhitelistFile" config options.
        Extract client IP address for ARC reports when provided via
                Authentication-Results.
        Update SQL schema to support new reporting functionality for DKIM
                selectors and ARC local policy overrides (refer to the example
                schema.mysql file).
        Add experimental support for reporting of ARC local policy overrides.
        Add support for recording and reporting of DKIM selectors.
        Override a DMARC "fail" if an ARC "pass" is recorded in conjunction with
                an ARC policy pass.
        Fix bug #137: Handle base64 inside AR tokens that are values.
                Problem reported by Joseph Coffland.
        LIBOPENDMARC: Fix bug #203: Reject DMARC records that have duplicate
                tags in them.  Reported by Dirk Stoecker.
        REPORTS: Feature request #146: Add option to pull input from a file.
        REPORTS: Fix bug #153: Suppress duplicate results from the same
                domain.  Patch from Tomki Camp.

1.3.2           2017/03/04
        Feature request #86: Change meaning of "RequiredHeaders" such that
                header validity is always checked, but messages are only
                rejected on that basis when the flag is set.  Based
                on a patch from Andreas Schulze.
        Feature request #127: Log SPF results when rejecting.  Requested
                by Patrick Wagner; patch from Andreas Schulze, follow-up
                patch from Juri Haberland.
        Feature request #138: Inculde policy and disposition information
                in an Authentication-Results comment.  Based on a patch
                from Juri Haberland.
        Feature request #139: Include the client host name if known
                in failure reports.  Suggested by Roland Turner;
                patch by Andreas Schulze.
        Fix bug #95: Assume IPv6 for SPF operations.  Patch from Juri Haberland.
        Fix bug #120: Fix control logic around the SPF result.
                Reported by Christophe Wolfhugel; patch from Andreas Schulze.
        Fix bug #122: Don't skip the HELO milter phase when SPF is enabled.
                Reported by Christophe Wolfhugel.
        Fix bug #157: Fix logging of implicit authserv-ids.  Reported
                by Andreas Schulze; patch from Juri Haberland.
        Fix bug #158: Log ignored connections.  Patch from Andreas Schulze.
        Fix bug #160: Fix "SyslogFacility" handling.  Patch from
                Juri Haberland.
        Fix bug #163: Use a larger buffer for the raw MAIL FROM value.
                Based on a patch from Andreas Schulze.
        Fix bug #174: Trim "!" suffixes from reporting addresses.  Problem
                noted by Juri Haberland.
        Fix bug #186: When reloading the configuration file, the public
                suffix list was read in with the wrong comment indicator.
                Patch from Federico Omoto.
        Fix bug #194: Fix inappropriate DMARC status when "p=none" is
                discovered.  Patch from Juri Haberland.
        Fix bug #195: When parsing Received-SPF, use the correct constants
                in the history file entries.  Patch from Juri Haberland.
        LIBOPENDMARC: Fix bug #115: Fix type mismatch.  Patch from
                Sebastian A. Siewior via Scott Kitterman.
        LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code.
                Patch from Christophe Wolfhugel.
        LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix.  Reported by
                Christophe Wolfhugel.
        LIBOPENDMARC: Fix bug #131: Fix alignment bug.  Patch from
                Andreas Schulze.
        LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from
                DMARC DNS records.  Based on a patch from Job Noorman.
        LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and
                applicable.  Patch from Petr Novak.
        LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic.
        LIBOPENDMARC: Fix bug #156: Fix variable name.  Patch by
                Andreas Schulze.
        LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF
                identifier was used.  Patches from Marco Favero and
                Juri Haberland.
        LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should
                return "none".  Patch from Marco Favero.
        REPORTS: Fix bug #134: Handle SMTP errors correctly.  Patch from
                Andreas Schulze.
        REPORTS: Fix bug #141: Set the HELO parameter correctly.
                Reported by Alan Smith; patch from Andreas Schulze.
        REPORTS: Fix bug #143: Fix logic in table truncation.
                Reported by Wayne Andersen; patch from Juri Haberland.
        REPORTS: Fix bug #162: Always report "sp" in aggregate reports.
                Patch from Juri Haberland.
        REPORTS: Fix bug #166: Fix report start/end time logic.
                Patch from Juri Haberland.
        REPORTS: Fix bug #188: Don't delete inputs too early in
                opendmarc-reports.  Patch from Juri Haberland.
        TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure"
                reports.  Patch from Andreas Schulze.
        TOOLS: Fix bug #164: Handle IPv6 test addresses.  Reported by
                Andreas Schulze; patch from Juri Haberland.
        DOCS: Patch #189: Replace the DMARC RFC with an HTML page
                referencing the relevant specs, since Debian doesn't
                consider RFCs to be "free".  Patch from Scott Kitterman
                via Juri Haberland.
2020-12-24 01:10:22 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
wiz
801f9ce893 opendmarc: add missing dependency
Reported by Richard Sass on pkgsrc-users.

Bump PKGREVISION.
2020-08-16 08:36:18 +00:00
oster
2e17c15b0f Bump pkgrevision. Thanks, Joerg. 2020-07-27 22:28:47 +00:00
oster
c6f7694c8a Fix resource leakage observed when using opendmarc on NetBSD.
Use res_ndestroy() instead of res_nclose() to properly cleanup resources
on NetBSD (and others that use __res_ndestroy() or res_ndestroy() instead
of res_nclose()).  Original patch by Roy Marples.
2020-07-27 20:41:09 +00:00
jperkin
982c63fe94 *: Remove obsolete BUILDLINK_API_DEPENDS.openssl. 2020-01-25 10:45:10 +00:00
jperkin
13943f3046 *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:10 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
rillig
17e39f419d Fix indentation in buildlink3.mk files.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
2018-01-07 13:03:53 +00:00
wiz
73716d23de Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. 2016-07-09 06:38:30 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
ddbf6ddecd Add SHA512 digests for distfiles for mail category
Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 23:27:00 +00:00
wiz
40bbad7ac6 Comment out dependencies of the style
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.

No effective change for the above reason.

Ok joerg
2015-07-12 18:56:06 +00:00
wiz
0982effce2 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:48:20 +00:00
pettai
0a86fe09bb 1.3.1 2015/02/23
Fix bug #97: Add ability to change envelope sender, client IP
                address, client hostname, and HELO value used in test
                mode, via environment variables.  This can be turned
                into something more formal in a later release.
        Fix bug #102: Don't lose SPF results and output the "-1" default.
        Fix bug #103: Fix IgnoreAuthenticatedClients by requesting the
                right macro value from the MTA.
        Fix bug #113: Remove "TemporaryDirectory" (unused).
        LIBOPENDMARC: Fix bug #104: Include <sys/param.h> and <resolv.h>
                in <opendmarc/dmarc.h> so that MAXPATHLEN and MAXNS get
                defined consistently.
        LIBOPENDMARC: Fix bug #105: Get the h_errno definition from
                <netdb.h> rather than declaring it.
        LIBOPENDMARC: Fix bug #106: Clean up issues with the types passed
                to opendmarc_policy_library_dns_hook().
        DOCS: Fix bug #99: Update list of constraints on
                opendmarc_policy_fetch_alignment().
        REPORTS: Fix bug #108: Handle malformed mailto URIs in DMARC
                records (e.g., just "mailto:").
        REPORTS: Fix bug #110: Support SQL backend selection in
                opendmarc-expire.
2015-03-15 22:26:34 +00:00
christos
2449f5f6ee detect NetBSD's res_ninit. 2014-12-05 16:00:23 +00:00
pettai
85668edd44 1.3.0 2014/07/31
Integrated SPF checking is now available through the new
                SPFSelfValidate and SPFIgnoreResults settings.
        Feature request #79: Optionally ignore clients that authenticated
                using SMTP AUTH.
        Fix bug #60, part II: Default AuthservID to the name provided by the
                MTA, not the local host name, which is consistent with what
                OpenDKIM does.
        Fix bug #72: Don't crash when From fields are absent.
        Fix bug #74: Change "Forensic" to "Failure" just about everywhere
                to match the language now being used in the base DMARC
                draft.  Note that this also changes some names in the
                configuration file.
        Fix bug #75: Correct typo in MIME of forensic reports.
        Fix bug #76: Repair damage with respect to Authentication-Results
                header field selection.
        Fix bug #77: Request quarantine from the MTA during option
                negotiation.
        Fix bug #78: Add missing newline in forensic report header.
        Fix bug #90: Make "--with-sql-backend" without any value do the
                right thing.
        Fix bug #93: Honor size limits in URIs.
        Make "smime" and "rrvs" legal Authentication-Results methods.
        Provide better logging when pclose() for a forensic report returns
                non-zero.
        Add configuration support for internal SPF checks.  Includes hooks in
                the milter to check that SPF is configured to do so.
                This can use a private SPF implementation or libspf2.
        Fix strlcat() and strlcpy() support for Debian.
        REPORTS: Feature request #80: Generate aggregate reports on UTC
                day boundaries.
        REPORTS: Feature request #84: Optionally expire old data from
                lower-growth tables.
        REPORTS: Fix bug #70: Fix date range generation in reports.
        REPORTS: Fix bug #82: Fix recording of report timestamp to avoid lost
                records.
        REPORTS: Fix bug #83: When expiring data, truncate the signatures table
                if all messages were expired..
        REPORTS: Fix bug #85: Report subdomain policy.
        LIBOPENDMARC: Fix bug #71: Fix "rua" extraction from DMARC records.
        LIBOPENDMARC: Added support for milter to perform own spf checks.
                Three new files: opendmarc_spf.c, opendmard_spf_dns.c and
                test/test_spf.cl, allow integrated SPF support.  Support for
                use of libspf2 is also provided.
2014-09-27 19:30:12 +00:00
jperkin
71fa94bf01 Support builtin libmilter. 2014-09-25 13:56:50 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
pettai
b13e1af86f 1.2.0 2014/03/14
Feature request #44: Allow override of the From: field on forensic
                reports.
        Feature request #45: Log the host portion of ignored
                Authentication-Results fields at "debug" level.
        Feature request #56: Add "RequiredHeaders" setting to enforce syntax
                checks against a message and reject those that don't comply.
        Feature request #65: Add "ForensicReportsBcc".
        Fix bug #46: Charitable tweak to a couple of log messages.
        Fix bug #55: The "SoftwareHeader" setting wasn't being set properly.
        Fix bug #58: The "smtp.mailfrom" part of an Authentication-Results
                field might contain only a domain name.
        Fix bug #60: Default AuthservID to the name provided by the MTA,
                not the local host name, which is consistent with what
                OpenDKIM does.
        Merge request #2: Validate external recipients before adding them to
                report recipient lists.
        Record all DKIM results to the history file, rather than only
                passing results.
        BUILD: Fix bug #50: Check libbsd for strlcat() and strlcpy() so we
                don't make our own when we don't need to.
        CONTRIB: Fix bug #52: Update path to draft RFC in contrib/spec.
        CONTRIB: Fix bug #59: Allow database name, userid and password to be
                specified on the command line rather than hard-coding them.
        DOCS: Fix bug #48: Add a libopendmarc use overview page.
        DOCS: Fix bug #53: Add man page for opendmarc-importstats.
        REPORTS: Fix bug #51: Check status after every phase of SMTP when
                sending reports.
        REPORTS: Fix DKIM status importing.
        LIBOPENDMARC: Fix bug #68: Fix strict/relaxed checking logic when
                a public suffix list is available.
        LIBOPENDMARC: Fixed a bug where in some instances the fetch of the
                orgainizational domain could wrongly return the from domain.
        LIBOPENDMARC: Fix call to missing function.
2014-04-02 21:33:41 +00:00
pettai
d060c114a1 Fix HOMEPAGE 2014-03-13 23:56:55 +00:00
wiedi
928a82a9d5 Add buildlink3.mk for opendmarc 2014-03-12 19:38:21 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
obache
9b57b4605a Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes.
Bump PKGREVISION for runtime dependency pattern changed packages.
2013-12-09 14:17:41 +00:00
pettai
2a21002d53 The OpenDMARC project is a community effort to develop and maintain an open
source package for providing DMARC report generation and policy enforcement
services.  It includes a library for handling DMARC record parsing,
a database schema and tools for aggregating and processing transaction
history to produce DMARC reports, and a filter that ties it all together
with an MTA using the milter protocol.
2013-12-05 16:00:19 +00:00