OpenDMARC

OpenDMARC copied to clipboard

An email with the following "From:" header was accepted by my mail server:

From: "Someone <[email protected]>"@mydomain.com

The server a.b.c.d from which this email was sent to my port 25 is a valid (according to SPF) server for "junk.com", but not for "mydomain.com". The domain "mydomain.com" is hosted on my server.

I would have expected this to fail, as a.b.c.d is not a permitted sender for "mydomain.com" according to SPF records. But OpenDMARC probably looked at the "@junk.com" part and decided this was allowed.

A test without the pointy brackets shows that, in that case, the message gets rejected correctly.

This has been confirmed by at least one other person, see https://github.com/mail-in-a-box/mailinabox/issues/2273.

I've tested dmarcf_mail_parse() and dmarcf_mail_parse_multi() by patching opendmarc-parse-test-patch.txt against opendmarc/parse.c, and compiled with

cc -DMAILPARSE_TEST -DMAILPARSE_MULTI_TEST -O0 -g -o mailparse_multi 
cc -DMAILPARSE_TEST -O0 -g -o mailparse parse.c`

then got:

$  ./mailparse 'From: "Someone <[email protected]>"@mydomain.com'
user: '"Someone <[email protected]>"'
domain: 'mydomain.com'
$ ./mailparse_multi 'From: "Someone <[email protected]>"@mydomain.com'
user: '"Someone <[email protected]>"'
domain: 'mydomain.com'

Also, SPF is not applied to From: header but smtp.from. So I don't think that this is not a problem on header parsing, and if there is some problem about it, it is on handling of smtp.from.

What is smtp.from is the case ?