From 2abac1a91169dd6285e76ab71acd18928f1f094d Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Sat, 4 Nov 2023 23:24:47 +0100 Subject: [PATCH] for dmarc reporting, be more conservate with sending reports to junky senders, and format textual dmarc report period in the message text in utc as claimed before this change, a message in the rejects folder that was read and marked as notjunk (e.g. automatically by webmail), could cause a dmarc report to be sent for another junky message from the domain. we now require positive signals to be for messages not in the rejects mailbox. the text/plain body of a dmarc report contains the period, but it was in local time while claiming to be in utc. make it utc, so we often get nicely rounded whole 24h utc days. --- dmarcdb/eval.go | 4 ++-- smtpserver/server.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dmarcdb/eval.go b/dmarcdb/eval.go index 1bd87f6838..14fc3b09e0 100644 --- a/dmarcdb/eval.go +++ b/dmarcdb/eval.go @@ -728,8 +728,8 @@ specified in the "rua" field of the DMARC record for your domain. Report domain: %s Submitter: %s Report-ID: %s -Period: %s - %s in UTC -`, dom, mox.Conf.Static.HostnameDomain, report.ReportMetadata.ReportID, beginTime.Format(time.DateTime), endTime.Format(time.DateTime)) +Period: %s - %s UTC +`, dom, mox.Conf.Static.HostnameDomain, report.ReportMetadata.ReportID, beginTime.UTC().Format(time.DateTime), endTime.UTC().Format(time.DateTime)) // The attached file follows the naming convention from the RFC. ../rfc/7489:1812 reportFilename := fmt.Sprintf("%s!%s!%d!%d!%s.xml.gz", mox.Conf.Static.HostnameDomain.ASCII, dom.ASCII, beginTime.Unix(), endTime.Add(-time.Second).Unix(), report.ReportMetadata.ReportID) diff --git a/smtpserver/server.go b/smtpserver/server.go index db735e8397..1b382e6486 100644 --- a/smtpserver/server.go +++ b/smtpserver/server.go @@ -2480,6 +2480,7 @@ func (c *conn) deliver(ctx context.Context, recvHdrFor func(string) string, msgW q := bstore.QueryTx[store.Message](tx) q.FilterNonzero(store.Message{MsgFromOrgDomain: m.MsgFromOrgDomain}) q.FilterEqual("Notjunk", true) + q.FilterEqual("IsReject", false) exists, err := q.Exists() if err != nil { return fmt.Errorf("querying for non-junk message from organizational domain: %v", err)