1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
From: Scott Kitterman <scott@kitterman.com>
Date: Mon, 23 Dec 2019 11:12:36 -0500
Subject: allow one to configure the SMTP Reject reason. This patch adds the
RejectString option.
Bug: https://sourceforge.net/p/opendmarc/tickets/168/
---
opendmarc/opendmarc-config.h | 1 +
opendmarc/opendmarc.c | 34 +++++++++++++++++++++++++++++++++-
opendmarc/opendmarc.conf.5.in | 7 +++++++
opendmarc/opendmarc.conf.sample | 8 ++++++++
opendmarc/opendmarc.h | 1 +
5 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/opendmarc/opendmarc-config.h b/opendmarc/opendmarc-config.h
index 1b781df..8398007 100644
--- a/opendmarc/opendmarc-config.h
+++ b/opendmarc/opendmarc-config.h
@@ -47,6 +47,7 @@ struct configdef dmarcf_config[] =
{ "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE },
{ "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE },
{ "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE },
+ { "RejectString", CONFIG_TYPE_STRING, FALSE },
{ "ReportCommand", CONFIG_TYPE_STRING, FALSE },
{ "Socket", CONFIG_TYPE_STRING, FALSE },
{ "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE },
diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c
index aee0d48..687ef6d 100644
--- a/opendmarc/opendmarc.c
+++ b/opendmarc/opendmarc.c
@@ -190,6 +190,7 @@ struct dmarcf_config
char * conf_historyfile;
char * conf_pslist;
char * conf_ignorelist;
+ char * conf_rejectstring;
char ** conf_trustedauthservids;
char ** conf_ignoredomains;
struct list * conf_domainwhitelist;
@@ -1419,6 +1420,10 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf,
&conf->conf_rejectfail,
sizeof conf->conf_rejectfail);
+ (void) config_get(data, "RejectString",
+ &conf->conf_rejectstring,
+ sizeof conf->conf_rejectstring);
+
(void) config_get(data, "RequiredHeaders",
&conf->conf_reqhdrs,
sizeof conf->conf_reqhdrs);
@@ -1627,6 +1632,33 @@ dmarcf_config_load(struct config *data, struct dmarcf_config *conf,
pthread_rwlock_unlock(&hash_lock);
+ if ( conf->conf_rejectstring == NULL ) {
+ conf->conf_rejectstring = DEFREJECTSTR;
+ }
+ else {
+ /* Count occurrences of "%s" in RejectString */
+ int countocc = 0;
+ const char *tmp = conf->conf_rejectstring;
+ while(tmp = strstr(tmp, "%s"))
+ {
+ countocc++;
+ tmp++;
+ }
+ switch ( countocc ) {
+ case 0:
+ snprintf(err, errlen, "%s: The RejectString doesn't contain %%s!",
+ basedir);
+ return -1;
+ case 1:
+ break;
+ default:
+ snprintf(err, errlen, "%s: The RejectString contains %d occurrences of %%s instead of one!",
+ basedir, countocc);
+ return -1;
+ }
+ }
+
+
return 0;
}
@@ -3561,7 +3593,7 @@ mlfi_eom(SMFICTX *ctx)
random() % 100 < pct)
{
snprintf(replybuf, sizeof replybuf,
- "rejected by DMARC policy for %s", pdomain);
+ conf->conf_rejectstring, pdomain);
status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP,
DMARC_REJECT_ESC, replybuf);
diff --git a/opendmarc/opendmarc.conf.5.in b/opendmarc/opendmarc.conf.5.in
index f7cea9a..ced6ddb 100644
--- a/opendmarc/opendmarc.conf.5.in
+++ b/opendmarc/opendmarc.conf.5.in
@@ -272,6 +272,13 @@ If set, messages with multiple addresses in the From: field of the message
will be rejected unless all domain names in that field are the same. They
will otherwise be ignored by the filter (the default).
+.TP
+.I RejectString (string)
+This string describes the reason of reject at SMTP level.
+The message MUST contain the word "%s" once, which will be replaced by
+the RFC5322.From domain.
+The default is "rejected by DMARC policy for %s"
+
.TP
.I ReportCommand (string)
Indicates the shell command to which failure reports should be passed for
diff --git a/opendmarc/opendmarc.conf.sample b/opendmarc/opendmarc.conf.sample
index 69c9afb..2accc6f 100644
--- a/opendmarc/opendmarc.conf.sample
+++ b/opendmarc/opendmarc.conf.sample
@@ -325,6 +325,14 @@
#
# RejectMultiValueFrom false
+## RejectString string
+## default ("rejected by DMARC policy for %s")
+##
+## This string describes the reason of reject. The message MUST contain the
+## word "%s" (only once), which will be replaced by the RFC5322.From domain.
+#
+# RejectString rejected by DMARC policy for %s
+
## ReportCommand string
## default "/usr/sbin/sendmail -t"
##
diff --git a/opendmarc/opendmarc.h b/opendmarc/opendmarc.h
index e36f93a..a3b053e 100644
--- a/opendmarc/opendmarc.h
+++ b/opendmarc/opendmarc.h
@@ -34,6 +34,7 @@
#define BUFRSZ 2048
#define DEFCONFFILE CONFIG_BASE "/opendmarc.conf"
#define DEFREPORTCMD "/usr/sbin/sendmail -t -odq"
+#define DEFREJECTSTR "rejected by DMARC policy for %s"
#define JOBIDUNKNOWN "(unknown-jobid)"
#define MAXARGV 65536
#define MAXHEADER 1024
|
