Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] dmarc record parsing failure #4906

Open
1 task done
errror opened this issue Apr 4, 2024 · 4 comments
Open
1 task done

[BUG] dmarc record parsing failure #4906

errror opened this issue Apr 4, 2024 · 4 comments
Labels
bug

Comments

@errror
Copy link

errror commented Apr 4, 2024

Prerequisites

Describe the bug
When parsing a DMARC DNS record for generating the DMARC report, rspamd fails if rua value contains multiple values seperated by , (a comma followed by spaces). Those values appear at least in the records of disneyplus.com and doctolib.de.

Steps to Reproduce

  1. Get a mail from disneyplus.com or doctolib.de
  2. Generate dmarc reports with rspamadm dmarc_report
  3. rspamd reports invalid rua url: "null""
  4. report is only sent to the first rua recipient, not to any secondary

Expected behavior
DMARC reports are sent to all recipients.

Versions

Rspamd daemon version 3.8.4

CPU architecture x86_64; features: avx2, avx, sse2, sse3, ssse3, sse4.1, sse4.2, rdrand
Hyperscan enabled: TRUE
Jemalloc enabled: TRUE
LuaJIT enabled: TRUE (LuaJIT version: LuaJIT 2.1.1700008891)
ASAN enabled: FALSE
BLAS enabled: FALSE
Fasttext enabled: FALSE

Additional Information

I already traced the problem down to gen_dmarc_grammar(). It seems, the generated grammar does not handle spaces followed by commas in rua values (most like likely other values, too) correctly. According to rfc7489, whitespace after commas in rua and ruf values are allowed.
@errror errror added the bug label Apr 4, 2024
@vstakhov
Copy link
Member

Hum, gen_dmarc_grammar does not work with commas at all.

@vstakhov
Copy link
Member

Oh, it works with spaces though.

vstakhov added a commit that referenced this issue May 16, 2024
@vstakhov
[Fix] Allow spaces in DMARC records
cb03870 
Issue: #4906
@spacefreak86
Copy link
Contributor

Hi @vstakhov

I guess this change introduced another issue with spaces and DMARC parsing fails.

Here is an example DMARC record that does not work anymore (space between "quarantine" and the semicolon):
v=DMARC1; p=quarantine ; pct=100

In this case Rspamd sets the symbol DMARC_BAD_POLICY with the following message: "p tag has invalid value: quarantin"
This is not a typo, the "e" is missing in the word "quarantine".

Could you please take a look at this?

@spacefreak86
Copy link
Contributor

Today I have found one more issue.

Take the following DMARC record as an example (space between the last email address in RUA and the semicolon):
v=DMARC1; p=quarantine; rua=mailto:[email protected],mailto:[email protected] ; pct=100

In this case, the grammar cuts the last character of the last email address in RUA, this is the result: mailto:[email protected],mailto:[email protected]

And even worse, all entries after RUA (in this case only TLC) are ignored.

I am currently trying to come up with a better grammar, but I always have a hard time working with those.

spacefreak86 added a commit to spacefreak86/rspamd that referenced this issue Sep 12, 2024
@spacefreak86
[Fix] Rework DMARC to correctly handle spaces in DMARC records
cf4ee94 
Issue: rspamd#4906
@spacefreak86 spacefreak86 mentioned this issue Sep 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vstakhov @spacefreak86 @errror