1 OPENDMARC RELEASE NOTES 2 3This listing shows the versions of the OpenDMARC package, the date of 4release, and a summary of the changes in that release. 5 61.4.2 2021/12/19 7 Fix issue #175: Don't reject a multi-valued From when all of the 8 domains match. 9 Fix issue #179: Don't crash when a value in a multi-valued From field 10 is missing a domain name. Resolves CVE-2021-34555. 11 121.4.1 2021/04/29 13 NOTE: In response to CVE-2019-20790, opendmarc has changed 14 how it evaluates headers added by previous 15 SPF milters. Users are encouraged to read the 16 CVE-2019-20790 file in the "SECURITY" folder 17 for more details. (#49, #158). Originally reported by 18 Jianjun Chen, feedback by Simon Wilson and 19 David Bürgin <dbuergin@gluet.ch>. 20 NOTE: OpenDMARC's internal SPF handling will be removed 21 in a future version. Users are encouraged to 22 build linked against libspf2. Many pre-built 23 packages provided by OS packagers already do this. 24 (See https://www.libspf2.org) 25 Addition of defines for MUSL C Library. (#129/#133). Patches by 26 Marco Rebhan. 27 Updated opendmarc.conf manpage and opendmarc.conf.sample to point to 28 https://publicsuffix.org/list/. 29 Added a CONTRIBUTING document. 30 Fix two #ifdefs in arc functions for strlcpy. (#138). Reported by 31 Leo Bicknell. 32 Fixes to MySQL Schema (#98/#99). Patch by Bond Keevil. 33 LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not 34 having the ns_type definition in arpa/resolv.h. 35 Added detection to configure script. (#134) 36 Reworked hcreate_r calls to use hcreate, to compile natively on 37 OpenBSD and MacOS. (Part of #94) Reported by Rupert 38 Gallagher. 39 Add compatibility with AutoConf 2.70. (#95) 40 Documentation updates about SourceForge being deprecated. (#101) 41 Only accept results from Received-SPF fields that indicate clearly 42 which identifier was being evaluated, since DMARC specifically 43 only wants results based on MAIL FROM. 44 Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81) 45 Patches provided by Rupert Gallagher (ruga@protonmail.com) 46 Added config option HoldQuarantinedMessages (default false), which 47 controls if messages with p=quarantine will be passed on to 48 the mail stream (if False) or placed in the MTA's "hold" 49 queue (if True). Issue #105. Patch by Marcos Moraes, on 50 the OpenDMARC mailing list. 51 Remove "--with-wall" from "configure". Suggested by Leo Bicknell. 52 LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT. 53 Problem reported by Jan Bouwhuis. 54 LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code. 55 LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code. 56 LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through 57 htonl() since it's already in network byte order. This 58 was causing SPF errors when the internal SPF 59 implementation was in use. 60 LIBOPENDMARC: Fix numerous problems with the internal SPF 61 implementation. 62 631.4.0 2021/01/28 64 Add ARC support. Extensive work contributed by ValiMail, with patches 65 by Jonathan Kamens. 66 Add "DomainWhitelist" and "DomainWhitelistFile" config options. 67 Extract client IP address for ARC reports when provided via 68 Authentication-Results. 69 Update SQL schema to support new reporting functionality for DKIM 70 selectors and ARC local policy overrides (refer to the example 71 schema.mysql file). 72 Add experimental support for reporting of ARC local policy overrides. 73 Add support for recording and reporting of DKIM selectors. 74 Override a DMARC "fail" if an ARC "pass" is recorded in conjunction 75 with an ARC policy pass. 76 Add "RejectMultiValueFrom" configuration option to reject messages 77 with multi-valued From fields, unless all domains in that 78 field are the same. 79 Fix bug #137: Handle base64 inside AR tokens that are values. 80 Problem reported by Joseph Coffland. 81 Fix Authentication-Results tokenizing. Patch from Dilyan Palauzov. 82 LIBOPENDMARC: Fix bug #203: Reject DMARC records that have duplicate 83 tags in them. Reported by Dirk Stoecker. 84 LIBOPENDMARC: Pull request #70: For a non-pass DKIM outcome, 85 discard unaligned domain. Patch from Andreas Weigel. 86 LIBOPENDMARC: Pull request #67: Fix resource leakage on systems 87 using res_ndestroy(). Patch from Emmanuel Dreyfus. 88 LIBOPENDMARC: In opendmarc_xml_parse(), ensure NULL-termination of 89 the buffer passed to opendmarc_xml(). 90 LIBOPENDMARC: Add opendmarc_policy_fetch_from_domain(). Patch 91 from Andreas Weigel. 92 LIBOPENDMARC: Fix handling of long or malformed DMARC records. Patch 93 from Joel Teichroeb. 94 LIBOPENDMARC: Enable opendmarc_policy_store_dkim() to report a missing 95 From domain. Patch from Joel Teichroeb. 96 REPORTS: Feature request #146: Add option to pull input from a file. 97 REPORTS: Fix bug #153: Suppress duplicate results from the same 98 domain. Patch from Tomki Camp. 99 1001.3.2 2017/03/04 101 Feature request #86: Change meaning of "RequiredHeaders" such that 102 header validity is always checked, but messages are only 103 rejected on that basis when the flag is set. Based 104 on a patch from Andreas Schulze. 105 Feature request #127: Log SPF results when rejecting. Requested 106 by Patrick Wagner; patch from Andreas Schulze, follow-up 107 patch from Juri Haberland. 108 Feature request #138: Inculde policy and disposition information 109 in an Authentication-Results comment. Based on a patch 110 from Juri Haberland. 111 Feature request #139: Include the client host name if known 112 in failure reports. Suggested by Roland Turner; 113 patch by Andreas Schulze. 114 Fix bug #95: Assume IPv6 for SPF operations. Patch from Juri 115 Haberland. 116 Fix bug #120: Fix control logic around the SPF result. 117 Reported by Christophe Wolfhugel; patch from Andreas Schulze. 118 Fix bug #122: Don't skip the HELO milter phase when SPF is enabled. 119 Reported by Christophe Wolfhugel. 120 Fix bug #157: Fix logging of implicit authserv-ids. Reported 121 by Andreas Schulze; patch from Juri Haberland. 122 Fix bug #158: Log ignored connections. Patch from Andreas Schulze. 123 Fix bug #160: Fix "SyslogFacility" handling. Patch from 124 Juri Haberland. 125 Fix bug #163: Use a larger buffer for the raw MAIL FROM value. 126 Based on a patch from Andreas Schulze. 127 Fix bug #174: Trim "!" suffixes from reporting addresses. Problem 128 noted by Juri Haberland. 129 Fix bug #186: When reloading the configuration file, the public 130 suffix list was read in with the wrong comment indicator. 131 Patch from Federico Omoto. 132 Fix bug #194: Fix inappropriate DMARC status when "p=none" is 133 discovered. Patch from Juri Haberland. 134 Fix bug #195: When parsing Received-SPF, use the correct constants 135 in the history file entries. Patch from Juri Haberland. 136 LIBOPENDMARC: Fix bug #115: Fix type mismatch. Patch from 137 Sebastian A. Siewior via Scott Kitterman. 138 LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code. 139 Patch from Christophe Wolfhugel. 140 LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix. Reported by 141 Christophe Wolfhugel. 142 LIBOPENDMARC: Fix bug #131: Fix alignment bug. Patch from 143 Andreas Schulze. 144 LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from 145 DMARC DNS records. Based on a patch from Job Noorman. 146 LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and 147 applicable. Patch from Petr Novak. 148 LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic. 149 LIBOPENDMARC: Fix bug #156: Fix variable name. Patch by 150 Andreas Schulze. 151 LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF 152 identifier was used. Patches from Marco Favero and 153 Juri Haberland. 154 LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should 155 return "none". Patch from Marco Favero. 156 REPORTS: Fix bug #134: Handle SMTP errors correctly. Patch from 157 Andreas Schulze. 158 REPORTS: Fix bug #141: Set the HELO parameter correctly. 159 Reported by Alan Smith; patch from Andreas Schulze. 160 REPORTS: Fix bug #143: Fix logic in table truncation. 161 Reported by Wayne Andersen; patch from Juri Haberland. 162 REPORTS: Fix bug #162: Always report "sp" in aggregate reports. 163 Patch from Juri Haberland. 164 REPORTS: Fix bug #166: Fix report start/end time logic. 165 Patch from Juri Haberland. 166 REPORTS: Fix bug #188: Don't delete inputs too early in 167 opendmarc-reports. Patch from Juri Haberland. 168 TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure" 169 reports. Patch from Andreas Schulze. 170 TOOLS: Fix bug #164: Handle IPv6 test addresses. Reported by 171 Andreas Schulze; patch from Juri Haberland. 172 DOCS: Patch #189: Replace the DMARC RFC with an HTML page 173 referencing the relevant specs, since Debian doesn't 174 consider RFCs to be "free". Patch from Scott Kitterman 175 via Juri Haberland. 176 1771.3.1 2015/02/23 178 Fix bug #97: Add ability to change envelope sender, client IP 179 address, client hostname, and HELO value used in test 180 mode, via environment variables. This can be turned 181 into something more formal in a later release. Suggested 182 by Andreas Schulze. 183 Fix bug #102: Don't lose SPF results and output the "-1" default. 184 Reported by Kurt Roeckx. 185 Fix bug #103: Fix IgnoreAuthenticatedClients by requesting the 186 right macro value from the MTA. 187 Fix bug #113: Remove "TemporaryDirectory" (unused). Patch from 188 Andreas Schulze. 189 LIBOPENDMARC: Fix bug #104: Include <sys/param.h> and <resolv.h> 190 in <opendmarc/dmarc.h> so that MAXPATHLEN and MAXNS get 191 defined consistently. Reported by Frank J. Lhota. 192 LIBOPENDMARC: Fix bug #105: Get the h_errno definition from 193 <netdb.h> rather than declaring it. Problem noted 194 by Frank J. Lhota. 195 LIBOPENDMARC: Fix bug #106: Clean up issues with the types passed 196 to opendmarc_policy_library_dns_hook(). Noted by 197 Frank J. Lhota. 198 DOCS: Fix bug #99: Update list of constraints on 199 opendmarc_policy_fetch_alignment(). Reported by 200 Frank J. Lhota. 201 REPORTS: Fix bug #108: Handle malformed mailto URIs in DMARC 202 records (e.g., just "mailto:"). Reported by Andreas Schulze. 203 REPORTS: Fix bug #110: Support SQL backend selection in 204 opendmarc-expire. Reported by Mark Reidenbach. 205 2061.3.0 2014/07/31 207 Integrated SPF checking is now available through the new 208 SPFSelfValidate and SPFIgnoreResults settings. 209 Feature request #79: Optionally ignore clients that authenticated 210 using SMTP AUTH. 211 Fix bug #60, part II: Default AuthservID to the name provided by the 212 MTA, not the local host name, which is consistent with what 213 OpenDKIM does. Suggested by Robbert Klarenbeek. 214 Fix bug #72: Don't crash when From fields are absent. Patch from 215 Andreas Schulze. 216 Fix bug #74: Change "Forensic" to "Failure" just about everywhere 217 to match the language now being used in the base DMARC 218 draft. Note that this also changes some names in the 219 configuration file. 220 Fix bug #75: Correct typo in MIME of forensic reports. Reported by 221 Julian Mehnle. 222 Fix bug #76: Repair damage with respect to Authentication-Results 223 header field selection. Reported by Todd Lyons. 224 Fix bug #77: Request quarantine from the MTA during option 225 negotiation. Reported by Richard Platel. 226 Fix bug #78: Add missing newline in forensic report header. 227 Fix bug #90: Make "--with-sql-backend" without any value do the 228 right thing. Reported by Scott Kitterman. 229 Fix bug #93: Honor size limits in URIs. Patch from Tomki Camp. 230 Make "smime" and "rrvs" legal Authentication-Results methods. 231 Provide better logging when pclose() for a forensic report returns 232 non-zero. Problem noted by Michael Nausch. 233 Add configuration support for internal SPF checks. Includes hooks in 234 the milter to check that SPF is configured to do so. 235 This can use a private SPF implementation or libspf2. 236 Fix strlcat() and strlcpy() support for Debian. Patch from Scott 237 Kitterman. 238 REPORTS: Feature request #80: Generate aggregate reports on UTC 239 day boundaries. Requested by Tomki Camp. 240 REPORTS: Feature request #84: Optionally expire old data from 241 lower-growth tables. Requested by Christoph Steindl. 242 REPORTS: Fix bug #70: Fix date range generation in reports. Patch 243 from Karol Augustin. 244 REPORTS: Fix bug #82: Fix recording of report timestamp to avoid lost 245 records. Reported by Christoph Steindl. 246 REPORTS: Fix bug #83: When expiring data, truncate the signatures table 247 if all messages were expired. Reported by Christoph Steindl. 248 REPORTS: Fix bug #85: Report subdomain policy. Patch from 249 Christoph Steindl. 250 LIBOPENDMARC: Fix bug #71: Fix "rua" extraction from DMARC records 251 Problem noted by Karol Augustin. 252 LIBOPENDMARC: Added support for milter to perform own spf checks. 253 Three new files: opendmarc_spf.c, opendmard_spf_dns.c and 254 test/test_spf.cl, allow integrated SPF support. Support for 255 use of libspf2 is also provided. 256 2571.2.0 2014/03/14 258 Feature request #44: Allow override of the From: field on forensic 259 reports. Requested by Scott Kitterman. 260 Feature request #45: Log the host portion of ignored 261 Authentication-Results fields at "debug" level. Suggested 262 by Andreas Schulze. 263 Feature request #56: Add "RequiredHeaders" setting to enforce syntax 264 checks against a message and reject those that don't comply. 265 Suggested by Franck Martin; additional code from Andreas 266 Schulze. 267 Feature request #65: Add "ForensicReportsBcc". Requested by 268 Franck Martin. 269 Fix bug #46: Charitable tweak to a couple of log messages. Requested 270 by Andreas Schulze. 271 Fix bug #55: The "SoftwareHeader" setting wasn't being set properly. 272 Problem noted by Birta Levente. 273 Fix bug #58: The "smtp.mailfrom" part of an Authentication-Results 274 field might contain only a domain name. Problem noted by Scott 275 Kitterman. 276 Fix bug #60: Default AuthservID to the name provided by the MTA, 277 not the local host name, which is consistent with what 278 OpenDKIM does. Suggested by Robbert Klarenbeek. 279 Merge request #2: Validate external recipients before adding them to 280 report recipient lists. Code from Will Orr. 281 Record all DKIM results to the history file, rather than only 282 passing results. 283 BUILD: Fix bug #50: Check libbsd for strlcat() and strlcpy() so we 284 don't make our own when we don't need to. Requested by 285 Scott Kitterman. 286 CONTRIB: Fix bug #52: Update path to draft RFC in contrib/spec. 287 Problem noted by Kevin San Diego. 288 CONTRIB: Fix bug #59: Allow database name, userid and password to be 289 specified on the command line rather than hard-coding them. 290 Problem noted by Scott Kitterman. 291 DOCS: Fix bug #48: Add a libopendmarc use overview page. 292 DOCS: Fix bug #53: Add man page for opendmarc-importstats. Requested 293 by Scott Kitterman. 294 REPORTS: Fix bug #51: Check status after every phase of SMTP when 295 sending reports. Suggested by Todd Lyons. 296 REPORTS: Fix DKIM status importing. 297 LIBOPENDMARC: Fix bug #68: Fix strict/relaxed checking logic when 298 a public suffix list is available. Reported by 299 Andreas Schulze. 300 LIBOPENDMARC: Fixed a bug where in some instances the fetch of the 301 orgainizational domain could wrongly return the from domain. 302 LIBOPENDMARC: Fix call to missing function. Patch from William Orr. 303 3041.1.3 2013/04/13 305 Fix reporting of nonexistent SPF results. Problem noted by 306 Andrei Ioachim. 307 Fix extraction of data from Received-SPF. Problem noted by 308 Todd Lyons. 309 LIBOPENDMARC: Fix bug #47: Make sure that 310 opendmarc_policy_fetch_utilized_domain() returns the 311 organizational domain if that's the domain whose policy 312 was selected. Reported by John Mears. 313 3141.1.2 2013/03/27 315 Do Authentication-Results keyword parsing in a case-insensitive 316 manner. Problem noted by Chris Meidinger. 317 If the Authentication-Results for SPF didn't include one of the two 318 expected properties, don't crash. Problem noted by 319 Chris Meidinger. 320 Fix a data load problem with TestDNSData. 321 3221.1.1 2013/03/18 323 Don't crash when postfix reports no IP address. Problem reported 324 by Andrei Ioachim. 325 Add "TemporaryDirectory" to the list of valid config file items. 326 3271.1.0 2013/03/08 328 Feature request #34: Add support for local DNS overrides to enable 329 testing without Internet access. Requested by Scott Kitterman. 330 Feature request #35: Add "ForensicReportsOnNone". Requested by 331 Scott Kitterman. 332 Feature request #41: Log the domain name with the result. Requested 333 by Scott Kitterman. 334 Don't fail to start on empty or null configuration files. Problem 335 noted by Steve Jenkins. 336 LIBOPENDMARC: Fix bug #38: Avoid huge retry loops when parsing 337 non-DMARC TXT records, such as wildcards. Problem noted 338 by Andreas Schulze. 339 LIBOPENDMARC: Add opendmarc_policy_fetch_fo(), 340 opendmarc_policy_fetch_rf(), and 341 opendmarc_policy_to_buf(). 342 REPORTING: Feature request #39: Add a MySQL script for setting up the 343 reporting tables. Suggested by Scott Kitterman. 344 3451.0.1 2012/11/16 346 Fall back to lockf() if flock() support isn't available. 347 Fix faulty SPF error logging. Problem noted by Benny Pedersen. 348 REPORTING: Improve temporary file cleanup in opendmarc-reports. 349 CONTRIB: Fixes to configuration file generation in the spec file. 350 Problem noted by Steve Mays. 351 3521.0.0 2012/10/25 353 Rename "AlwaysDeliver" to "RejectFailures" and flip the logic. 354 Feature request #26: Don't overload "AuthservID"; instead, the list 355 of trusted authserv-ids is now specified by a 356 new "TrustedAuthservIDs" setting. Requested by Andreas Schulze. 357 Feature request #28: Add "CopyFailuresTo" which adds the specified 358 recipient to the message when DMARC failures occur. 359 Requested by Andreas Schulze. 360 Feature request #30: Improve logging by indicating what the return 361 path was when a parse failure occurred, and what the final 362 DMARC result was. Requested by Andreas Schulze. 363 Evaluate based on the envelope sender reported by 364 Authentication-Results and not on what was in the actual 365 envelope. 366 REPORTING: Feature request #27: Add "--nodomain" to opendmarc-reports 367 to skip report generation for specific domains. 368 LIBOPENDMARC: Fix bug #31: Improve From: field parsing. Problem 369 reported by Todd Lyons. 370 3710.2.2 2012/09/14 372 Fix bug #25: Use locks to co-ordinate between the filter writing 373 to the history file and opendmarc-import consuming it. 374 Problem noted by Marcos Vieira. 375 Don't use dmarcf_dstring_printf() where dmarcf_dstring_cat() suffices. 376 Add Authentication-Results fields honouring AuthservIDWithJobID. 377 Problem noted by Andreas Schulze. 378 Improve logic that identifies usable Authentication-Results fields. 379 Problem noted by Andreas Schulze. 380 REPORTING: Handle multiple "rua" values in both reporting scripts. 381 Problem noted by Andreas Schulze. 382 REPORTING: Get the date range right on reports. Problem noted by 383 Todd Lyons and Andreas Schulze. 384 3850.2.1 2012/08/31 386 Don't crash during shutdown by accessing freed memory. Problem 387 reported by Todd Lyons. 388 Update the command line usage message, which was terribly outdated. 389 Fix handling of an SPF pass when the envelope doesn't contain a 390 usable domain name. 391 Fix a crash problem having to do with default authserv-ids. 392 Fix an off-by-one string length comparison error when checking for 393 relevant authentication results. 394 3950.2.0 2012/08/24 396 Feature request #15: If there's no SPF Authentication-Results field, 397 look for a Received-SPF field to get SPF results. 398 Feature request #16: Add "RecordAllMessages" setting to record all 399 messages (the previous default). The new default is to record 400 only those messages whose From: domains had a published 401 DMARC record. 402 Feature request #19: Add "IgnoreMailFrom" setting, allowing mail from 403 specific domains to be ignored. 404 Feature request #20: Allow "AuthservID" to be a comma-separated list 405 of authserv-ids to trust as local. The first one is used 406 in header field generation. Suggested by Andreas Schulze. 407 Fix bug #18: Pass the absence of a "rua" field in a DMARC record 408 to the history file and into the "requests" table. 409 Prevent crashes when parsing horribly malformed From: fields. 410 Problem noted by Todd Lyons. 411 Don't apply a default IgnoreHosts list in test mode. Problem noted 412 by Marcos Vieira. 413 Don't expire request records for stuff that's never been generated 414 yet. Problem noted by Todd Lyons. 415 Register the filter with SMFIF_ADDHDRS not SMFIF_CHGHDRS. Problem 416 noted by Todd Lyons. 417 Fix bounds checking in dmarcf_dstring_printf(). Problem noted by 418 Marcos Vieira. 419 Arrays created in-place from strings don't need to have their elements 420 freed. Problem noted by Andreas Schulze. 421 BUILD: Install non-user scripts under sbin instead of bin. Problem 422 noted by Andreas Schulze. 423 CONTRIB: Add contrib/init/redhat and contents. Provided by Todd Lyons. 424 CONTRIB: Add contrib/spec and contents. Provided by Todd Lyons. 425 DB: Add some indexes to optimize operations. Suggested by Todd Lyons. 426 LIBOPENDMARC: Fix bug #22: Minimal solution to alignment checks when 427 no public suffix list is provided. Problem noted by 428 Todd Lyons. 429 REPORTING: Feature request #17: Add "opendmarc-params" tool, and 430 tie it to opendmarc-import, so that administrators can force 431 reports for specific domains to go to specific destinations 432 regardless of DMARC record contents. 433 REPORTING: Feature request #21: Add "--test" and "--keepfiles" options 434 to opendmarc-reports. Patch from Todd Lyons. 435 REPORTING: Add opendmarc-importstats. 436 REPORTING: Variable verbose levels in opendmarc-report. Patch from 437 Todd Lyons. 438 TOOLS: Feature request #14: Add "openmarc-check" command line tool for 439 translating DMARC records found in the DNS. 440 4410.1.8 2012/07/30 442 Fix Linux build issue. 443 REPORTING: Patch #13: Have report generation use SMTP directly. 444 Patch from Andreas Schulze. 445 4460.1.7 2012/07/26 447 Fix bug #5: Add "IgnoreHosts" setting. 448 Fix bug #9: Honour "pct" setting (or its default). 449 REPORTING: Fix bug #6: Add opendmarc-expire script. 450 LIBOPENDMARC: Fix bug #7: Chase down CNAMEs if the resolver doesn't 451 do it for you. Problem noted by Tim Draegen. 452 LIBOPENDMARC: Fix bug #10: When DKIM is in alignment, don't 453 short-circuit past SPF alignment tests. Problem noted by 454 Mike Adkins and Steve Jones. 455 LIBOPENDMARC: Fix bug #12: Fix a false positive alignment problem 456 in the "relaxed" case. 457 CONTRIB: Add a start/stop script. Contributed by Steve Mays. 458 4590.1.6 2012/07/20 460 Don't report false passes for SPF. Problem noted by Tim Draegen. 461 When opendmarc_policy_query_dmarc() fails, log the domain that was 462 being checked. 463 LIBOPENDMARC: Return DMARC_POLICY_NONE from 464 opendmarc_get_policy_to_enforce() when "p=none" was found. 465 DMARC_POLICY_PASS is only returned if alignment was discovered. 466 REPORTING: Bug #4: Use report begin/end times based on message 467 timestamps rather than last report's time/current time. 468 Reported by Julian Mehnle. 469 4700.1.5 2012/07/19 471 Add "Auth-Failure" field to forensic reports. 472 LIBOPENDMARC: Fix a bug in "ri" parsing. 473 4740.1.4 2012/07/15 475 LIBOPENDMARC: Fix a bug in dmarc_dns_get_record(). Reported by 476 Andreas Schulze. 477 LIBOPENDMARC: Fix library build for C++ compilers. Reported by 478 Andrew Birchall. 479 DB: Delete domains.lastsent, as it is unused. 480 REPORTING: Fix column name error in opendmarc-reports. Reported 481 by Andreas Schulze. 482 REPORTING: Fix generated aggregate report header. Patch by 483 Andreas Schulze. 484 REPORTING: Call setlocale() in opendmarc-reports. Requested by 485 Andreas Schulze. 486 CONTRIB: Pull down a new version of rddmarc. From John Levine. 487 4880.1.3 2012/07/14 489 Fix up the MIME syntax in AFRF reports. Patch from Andreas Schulze. 490 Fix bug #2: Remove dmarcf_dkim_select(); logic has been moved into 491 libopendmarc. 492 Fix Authentication-Results field syntax. 493 Don't generate an AFRF report on other than "reject" and "quarantine" 494 results. 495 Fix a test mode crash condition, and initialize a few minor things 496 before entering test mode so AFRFs come out cleaner. 497 Add "ReportCommand" to the valid configuration file item list. 498 Ignore "header.i" when parsing DKIM authentication results. We only 499 care about "header.d". 500 Check for return status of opendmarc_policy_query_dmarc() and do 501 the right thing with it. 502 BUILD: Include the "db" directory. 503 REPORTING: Fix bug #3: Drop XML::Generator and do it by hand, since we 504 need to generate the array of DKIM signature data (there can 505 be more than one) as a sub-query. 506 LIBOPENDMARC: If the From: domain didn't have a DMARC policy and 507 there's no Organizational Domain available, return the 508 correct result code. 509 5100.1.2 2012/07/11 511 LIBOPENDMARC: Use strlcat()/strlcpy(). 512 BUILD: Add -lresolv where needed in more places (libopendmarc unit 513 tests this time). Problem noted by Andreas Schulze. 514 BUILD: Split filter checks and live library checks into different 515 "--enable" flags. Problem noted by Andreas Schulze. 516 BUILD: Actually do something with "--disable-filter". Problem 517 noted by Andrew Birchall. 518 5190.1.1 2012/07/10 520 LIBOPENDMARC: Add strlcat() and strlcpy() if not provided in libc. 521 Problem noted by Andreas Schulze. 522 REPORTS: Fix generated XML format ("auth_results" is a sibling of 523 "row", not a child of it). Reported by John Levine. 524 BUILD: Add -lresolv where needed. Problem noted by Andreas Schulze. 525 BUILD: Clean up an errant "configure" line. Problem noted by 526 Andreas Schulze. 527 5280.1.0 2012/07/09 529 Initial Beta release. 530