Jeremy Harris via Exim-users wrote on 20.08.2023 16:41: > On 19/06/2023 11:52, Victor Ustugov via Exim-users wrote: >> This patch might be helpful: >> >> https://mta.org.ua/exim-4.94-conf/patches/exim-4.96-fix-opemdmarc-1.4.x-history_file/patch-src__exim-4.96-fix-opemdmarc-1.4.x-history_file.patch >> > > I've pulled this into the Eim sourcebase, at f9c35778a660. > > There remains the question over ARC result lines in the > dmarc history file. Does anyone have insight into the > values expected for "arc" and "arc_policy" by > libopendmarc 1.4.x ?
I found two examples on the page https://github.com/trusteddomainproject/OpenDMARC/issues/189 : arc 7 arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1", "ip":"" }] arc 7 arc_policy 2 json:[] But in the file https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/README the values 0 and 2 are specified for the "arc" parameter : arc ARC evaluation (0 = pass, 2 = fail) arc_policy ARC local policy evaluation (evaluation -- same as ARC, ARC seal data - JSON-encoded array of governing arc seal fields: instance, domain, selector) The file https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c has this comment: ** arc_policy 1 json:[ ** { i=2, d = d2.example, s = s2, ip = addr2 }, ** { i=1, d = d1.example, s = s1, ip = addr1 } ** ] He's weird too. Because the value 1 is not found anywhere except in this comment. Based on the contents of the file https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c, it can be seen that: "arc" can be equal to ARES_RESULT_FAIL (7) or ARES_RESULT_PASS (0). "arc_policy" can be equal to DMARC_ARC_POLICY_RESULT_FAIL (2) DMARC_ARC_POLICY_RESULT_PASS (0) After 0 or 2, the line beginning with "arc_policy" must be followed by a policy in JSON format. If the verification of the ARC signature was successful, then the lines for the history file should look something like this:: arc 0 arc_policy 0 json:[{ "i": 1, "d":"example.com", "s":"arcselector1", "ip":"11.22.33.44" }] If the ARC signature check fails, then the lines for the history file should look something like this: arc 7 arc_policy 2 json:[{ "i": 1, "d":"example.com", "s":"arcselector1", "ip":"11.22.33.44" }] I do not know what values should be specified if the email does not contains an ARC signature. > I could guess that "-" might be viable, by analogy with > the "rua" line coding, but that's not really sufficient. > The RFC standard for DMARC doesn't mention ARC. Is there > one somewhere? "rua" is a text field. "arc" and "arc_policy" are integers. And "arc_policy" has an additional field with ARC policy in JSON. > [ And how in hell did libopendmarc not break > *everybody* with these changes? > ] -- Best wishes Victor Ustugov mailto:vic...@corvax.kiev.ua public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
