From 8f254c817ddc410f23dcd6ebfde9b149c282c3ce Mon Sep 17 00:00:00 2001 From: Alexandru Chirila Date: Wed, 14 Dec 2016 18:10:46 +0200 Subject: [PATCH] Resolve not using synthesized SPF sender domain in DMARC. When doing the DMARC check for NULL senders, the SPF domain checked for alignment should be synthesized to the ehlo. Change this to NOT check the SPF result, which can still be "pass" to check if the SPF domain is empty. --- src/src/dmarc.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/src/dmarc.c b/src/src/dmarc.c index c005d4ab9c..9058c8f4c1 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -273,19 +273,20 @@ if (!dmarc_abort && !sender_host_authenticated) { /* Use the envelope sender domain for this part of DMARC */ spf_sender_domain = expand_string(US"$sender_address_domain"); + /* No spf domain means null envelope sender so generate a domain name + * from the sender_helo_name */ + if (!*spf_sender_domain) + { + spf_sender_domain = sender_helo_name; + log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", + spf_sender_domain); + DEBUG(D_receive) + debug_printf("DMARC using synthesized SPF sender domain = %s\n", + spf_sender_domain); + } + if (!spf_response) { - /* No spf data means null envelope sender so generate a domain name - * from the sender_helo_name */ - if (!spf_sender_domain) - { - spf_sender_domain = sender_helo_name; - log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", - spf_sender_domain); - DEBUG(D_receive) - debug_printf("DMARC using synthesized SPF sender domain = %s\n", - spf_sender_domain); - } dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE; dmarc_spf_ares_result = ARES_RESULT_UNKNOWN; origin = DMARC_POLICY_SPF_ORIGIN_HELO;