Repair botched merge from "develop".

devgs · Apr 30, 2021 · 14a77f2 · 14a77f2
1 parent 2aafb01
commit 14a77f2
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 3 deletions.
diff --git a/opendmarc/README b/opendmarc/README
@@ -91,6 +91,12 @@ CONFIGURING OPENDMARC
 
 	/etc/init.d/postfix restart
 
+(9) Depending on your settings, mail sent with a policy of p=quarantine
+    may wind up in your MTA's "Hold" or "Quarantine" queue.
+
+	The setting "HoldQuarantinedMessages" (defaults to false) can be used
+	to control this feature.
+
 
 TESTING AND DEBUGGING
 =====================
@@ -220,5 +226,5 @@ subscribe to one or both of the following:
 
 These can be accessed via http://www.trusteddomain.org/mailman/listinfo.
 
-To report bugs and feature requests, you can access the SourceForge "tracker"
-facilities at http://sourceforge.net/projects/opendmarc.
+To report bugs and feature requests, you can access the GitHub "tracker"
+facilities at https://github.com/trusteddomainproject/OpenDMARC/issues.
diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h
@@ -36,6 +36,7 @@ struct configdef dmarcf_config[] =
 	{ "FailureReportsOnNone",	CONFIG_TYPE_BOOLEAN,	FALSE },
 	{ "FailureReportsSentBy",	CONFIG_TYPE_STRING,	FALSE },
 	{ "HistoryFile",		CONFIG_TYPE_STRING,	FALSE },
+	{ "HoldQuarantinedMessages",    CONFIG_TYPE_BOOLEAN,    FALSE },
 	{ "IgnoreAuthenticatedClients",	CONFIG_TYPE_BOOLEAN,	FALSE },
 	{ "IgnoreHosts",		CONFIG_TYPE_STRING,	FALSE },
 	{ "IgnoreMailFrom",		CONFIG_TYPE_STRING,	FALSE },

diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c
@@ -177,6 +177,7 @@ struct dmarcf_config
 	_Bool			conf_spfselfvalidate;
 #endif /* WITH_SPF */
 	_Bool			conf_ignoreauthclients;
+	_Bool			conf_holdquarantinedmessages;
 	_Bool			conf_reject_multi_from;
 	unsigned int		conf_refcnt;
 	unsigned int		conf_dnstimeout;
@@ -1454,6 +1455,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf,
 		                  &conf->conf_recordall,
 		                  sizeof conf->conf_recordall);
 
+		(void) config_get(data, "HoldQuarantinedMessages",
+				  &conf->conf_holdquarantinedmessages,
+				  sizeof conf->conf_holdquarantinedmessages);
+
 		(void) config_get(data, "IgnoreAuthenticatedClients",
 		                  &conf->conf_ignoreauthclients,
 		                  sizeof conf->conf_ignoreauthclients);
@@ -3557,7 +3562,8 @@ mlfi_eom(SMFICTX *ctx)
 		aresult = "fail";
 		ret = SMFIS_CONTINUE;
 
-		if (conf->conf_rejectfail && random() % 100 < pct)
+		if (conf->conf_rejectfail &&
+		    random() % 100 < pct)
 		{
 			snprintf(replybuf, sizeof replybuf,
 			         "rejected by DMARC policy for %s", pdomain);

diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in
@@ -191,6 +191,28 @@ rather periodically imported into a relational database from which the
 aggregate reports can be extracted using
 .B opendmarc-importstats(8).
 
+.TP
+.I HoldQuarantinedMessages (Boolean)
+If set, the milter will signal to the mta that messages with
+p=quarantine, which fail dmarc authentication, should be held in
+the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+If false, messsages will be accepted and passed along with the 
+regular mail flow, and the quarantine will be left up to downstream
+MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+including the Authentication-Results header added by this filter.
+The default is "false".
+
+.TP
+.I HoldQuarantinedMessages (Boolean)
+If set, the milter will signal to the mta that messages with
+p=quarantine, which fail dmarc authentication, should be held in
+the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+If false, messsages will be accepted and passed along with the 
+regular mail flow, and the quarantine will be left up to downstream
+MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+including the Authentication-Results header added by this filter.
+The default is "false".
+
 .TP
 .I IgnoreAuthenticatedClients (Boolean)
 If set, causes mail from authenticated clients (i.e., those that used

diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample
@@ -213,6 +213,19 @@
 #
 # HistoryFile /var/run/opendmarc.dat
 
+##  HoldQuarantinedMessages { true | false }
+##  	default "false"
+##
+##  If set, the milter will signal to the mta that messages with
+##  p=quarantine, which fail dmarc authentication, should be held in
+##  the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+##  If false, messsages will be accepted and passed along with the 
+##  regular mail flow, and the quarantine will be left up to downstream
+##  MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+##  including the Authentication-Results header added by OpenDMARC
+#
+# HoldQuarantinedMessages false
+
 ##  IgnoreAuthenticatedClients { true | false }
 ##  	default "false"
 ##
@@ -221,6 +234,20 @@
 #
 # IgnoreAuthenticatedClients false
 
+## HoldQuarantinedMessages { true | false }
+##  	default "false"
+##
+##  If set, the milter will signal to the mta that messages with
+##  p=quarantine, which fail dmarc authentication, should be held in
+##  the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+##  If false, messsages will be accepted and passed along with the 
+##  regular mail flow, and the quarantine will be left up to downstream
+##  MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+##  including the Authentication-Results header added by OpenDMARC
+#
+# HoldQuarantinedMessages false
+
+
 ##  IgnoreHosts path
 ##  	default (internal)
 ##