Mailing List Archive

no DMARC?
Hi,

I am running an Ubuntu 18.04 machine and I am trying to get DMARC
working on my Exim. Therefor I have grabbed the Exim source from Ubuntu
18.10 and compiled it with this Makefile:

========================================================

$ grep -ve "^#" -ve "^$" ./Local/Makefile
BIN_DIRECTORY=/usr/sbin
CONFIGURE_FILE=/etc/exim4/exim4.conf
EXIM_USER=ref:Debian-exim
SPOOL_DIRECTORY=/var/spool/exim4
ROUTER_ACCEPT=yes
ROUTER_DNSLOOKUP=yes
ROUTER_IPLITERAL=yes
ROUTER_MANUALROUTE=yes
ROUTER_QUERYPROGRAM=yes
ROUTER_REDIRECT=yes
ROUTER_IPLOOKUP=yes
TRANSPORT_APPENDFILE=yes
TRANSPORT_AUTOREPLY=yes
TRANSPORT_PIPE=yes
TRANSPORT_SMTP=yes
SUPPORT_MAILDIR=yes
SUPPORT_MAILSTORE=yes
SUPPORT_MBX=yes
LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
LOOKUP_CDB=yes
LOOKUP_DSEARCH=yes
LOOKUP_LDAP=yes
LOOKUP_MYSQL=yes
LOOKUP_NIS=yes
LOOKUP_NISPLUS=yes
LOOKUP_PASSWD=yes
LOOKUP_PGSQL=yes
LOOKUP_SQLITE=yes
LOOKUP_SQLITE_PC=sqlite3
LDAP_LIB_TYPE=OPENLDAP2
PCRE_CONFIG=yes
SUPPORT_DANE=yes
LOOKUP_INCLUDE=-I /usr/include/mysql -I /usr/include/postgresql -I
/usr/local/ldap/include -I /usr/local/mysql/include -I
/usr/local/pgsql/include
LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lsqlite3
WITH_CONTENT_SCAN=yes
DISABLE_MAL_AVE=yes
DISABLE_MAL_KAV=yes
DISABLE_MAL_MKS=yes
EXPERIMENTAL_DCC=yes
EXPERIMENTAL_DMARC=yes
DMARC_TLD_FILE= /etc/exim4/opendmarc.tlds
CFLAGS += -I/usr/include
LDFLAGS += -lopendmarc
EXPERIMENTAL_ARC=yes
EXPERIMENTAL_DSN_INFO=yes
EXPERIMENTAL_LMDB=yes
CFLAGS += -I/usr/local/include
LDFLAGS += -llmdb
EXPERIMENTAL_QUEUEFILE=yes
FIXED_NEVER_USERS=root
CONFIGURE_OWNER=ref:Debian-exim
CONFIGURE_GROUP=ref:Debian-exim
AUTH_CRAM_MD5=yes
AUTH_CYRUS_SASL=yes
AUTH_DOVECOT=yes
AUTH_PLAINTEXT=yes
AUTH_SPA=yes
AUTH_TLS=yes
AUTH_LIBS=-lsasl2
HEADERS_CHARSET="ISO-8859-1"
HAVE_ICONV=yes
DEFAULT_CRYPT=crypt16
SUPPORT_TLS=yes
USE_GNUTLS=yes
TLS_LIBS=-lgnutls -ltasn1 -lgcrypt -lgnutls-dane
TLS_LIBS += -lgnutls-dane
TLS_INCLUDE=-I /opt/gnu/include -I /usr/lib/x86_64-linux-gnu/
DLOPEN_LOCAL_SCAN=yes
LDFLAGS += -rdynamic
CFLAGS += -fvisibility=hidden
LOG_FILE_PATH=/var/log/exim4/%slog
SYSLOG_LOG_PID=yes
EXICYCLOG_MAX=10
COMPRESS_COMMAND=/usr/bin/gzip
COMPRESS_SUFFIX=gz
ZCAT_COMMAND=/usr/bin/zcat
EXIM_PERL=perl.o
SUPPORT_PAM=yes
EXTRALIBS_EXIM=-lpam
SUPPORT_SOCKS=yes
SUPPORT_PROXY=yes
SUPPORT_SPF=yes
CFLAGS += -I/usr/include
LDFLAGS += -lspf2
SYSTEM_ALIASES_FILE=/etc/aliases
HAVE_IPV6=yes
EXIM_TMPDIR="/tmp"
SUPPORT_MOVE_FROZEN_MESSAGES=yes

========================================================

After that I have build .deb installation files and installed them. The
Exim version however does not show DMARC support:

========================================================

$ exim --version
Exim version 4.91 #2 built 30-Jul-2018 18:35:06
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007
- 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR
PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

========================================================

I thought I read somewhere that DMARC is not experimental anymore, so I
also used a Makefile with SUPPORT_DMARC=YES, but that did not work out
either. Can somebody explain me why DMARC is not supported on my
installation? And how I could fix that?


Kind regards,
Wido


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: no DMARC? [ In reply to ]
wido.exim--- via Exim-users <exim-users@exim.org> (Do 25 Okt 2018 17:30:58 CEST):
>
>
> Hi,
>
> I am running an Ubuntu 18.04 machine and I am trying to get DMARC
> working on my Exim. Therefor I have grabbed the Exim source from Ubuntu
> 18.10 and compiled it with this Makefile:
>
> ========================================================

> $ exim --version
> Exim version 4.91 #2 built 30-Jul-2018 18:35:06
~~~~~~~~~~~~~~~~~~~~


I'd expect a more recent build date, or is did you build end of July?

--
Heiko
Re: no DMARC? [ In reply to ]
Hi,

On 27-10-18 12:33, Heiko Schlittermann via Exim-users wrote:
>> $ exim --version
>> Exim version 4.91 #2 built 30-Jul-2018 18:35:06
> ~~~~~~~~~~~~~~~~~~~~
> I'd expect a more recent build date, or is did you build end of July?

No, it was not. I have very limited experience in building my own
packages, so I do not know what sets the build date. Today I gave it a
another go.

Today I pulled the latest source from the Debian repo, which is
exim4-4.92~RC4. I used the Makefile as posted at the bottom of this
mail, part of it is:
SUPPORT_DMARC=yes
DMARC_TLD_FILE= /etc/exim4/opendmarc.tlds
CFLAGS += -I/usr/include
LDFLAGS += -lopendmarc

After installing the package I see that the new build is in use, but
still no DMARC support:

$ exim4 --version
Exim version 4.92-RC4 #3 built 05-Jan-2019 14:35:38
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR
PROXY SOCKS TCP_Fast_Open

After adding some DMARC configuration as pointed out here:
https://github.com/Exim/exim/blob/master/doc/doc-txt/experimental-spec.txt

Exim does not want to start because of the lacking DMARC support:
$ journalctl -xe | grep dmarc
Jan 07 23:58:36 neptunus exim4[20124]: main option "dmarc_tld_file"
unknown

Why doesn't my build have DMARC support?


Kind regard,
Wido


Makefile:
$ grep -ve "^#" -ve "^$" Local/Makefile
BIN_DIRECTORY=/usr/sbin
CONFIGURE_FILE=/etc/exim4/exim4.conf
EXIM_USER=ref:Debian-exim
SPOOL_DIRECTORY=/var/spool/exim4
ROUTER_ACCEPT=yes
ROUTER_DNSLOOKUP=yes
ROUTER_IPLITERAL=yes
ROUTER_MANUALROUTE=yes
ROUTER_QUERYPROGRAM=yes
ROUTER_REDIRECT=yes
ROUTER_IPLOOKUP=yes
TRANSPORT_APPENDFILE=yes
TRANSPORT_AUTOREPLY=yes
TRANSPORT_PIPE=yes
TRANSPORT_SMTP=yes
SUPPORT_MAILDIR=yes
SUPPORT_MAILSTORE=yes
SUPPORT_MBX=yes
LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
LOOKUP_CDB=yes
LOOKUP_DSEARCH=yes
LOOKUP_LDAP=yes
LOOKUP_MYSQL=yes
LOOKUP_NIS=yes
LOOKUP_NISPLUS=yes
LOOKUP_PASSWD=yes
LOOKUP_PGSQL=yes
LOOKUP_SQLITE=yes
LOOKUP_SQLITE_PC=sqlite3
LDAP_LIB_TYPE=OPENLDAP2
PCRE_CONFIG=yes
SUPPORT_DANE=yes
LOOKUP_INCLUDE=-I /usr/include/mysql -I /usr/include/postgresql -I
/usr/local/ldap/include -I /usr/local/mysql/include -I
/usr/local/pgsql/include
LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lsqlite3
WITH_CONTENT_SCAN=yes
DISABLE_MAL_AVE=yes
DISABLE_MAL_KAV=yes
DISABLE_MAL_MKS=yes
EXPERIMENTAL_DCC=yes
SUPPORT_DMARC=yes
DMARC_TLD_FILE= /etc/exim4/opendmarc.tlds
CFLAGS += -I/usr/include
LDFLAGS += -lopendmarc
EXPERIMENTAL_ARC=yes
EXPERIMENTAL_DSN_INFO=yes
EXPERIMENTAL_LMDB=yes
CFLAGS += -I/usr/local/include
LDFLAGS += -llmdb
EXPERIMENTAL_QUEUEFILE=yes
FIXED_NEVER_USERS=root
CONFIGURE_OWNER=ref:Debian-exim
CONFIGURE_GROUP=ref:Debian-exim
AUTH_CRAM_MD5=yes
AUTH_CYRUS_SASL=yes
AUTH_DOVECOT=yes
AUTH_PLAINTEXT=yes
AUTH_SPA=yes
AUTH_TLS=yes
AUTH_LIBS=-lsasl2
HEADERS_CHARSET="ISO-8859-1"
HAVE_ICONV=yes
DEFAULT_CRYPT=crypt16
SUPPORT_TLS=yes
USE_GNUTLS=yes
TLS_LIBS=-lgnutls -ltasn1 -lgcrypt -lgnutls-dane
TLS_LIBS += -lgnutls-dane
TLS_INCLUDE=-I /opt/gnu/include -I /usr/lib/x86_64-linux-gnu/
DLOPEN_LOCAL_SCAN=yes
LDFLAGS += -rdynamic
CFLAGS += -fvisibility=hidden
LOG_FILE_PATH=/var/log/exim4/%slog
SYSLOG_LOG_PID=yes
EXICYCLOG_MAX=10
COMPRESS_COMMAND=/usr/bin/gzip
COMPRESS_SUFFIX=gz
ZCAT_COMMAND=/usr/bin/zcat
EXIM_PERL=perl.o
SUPPORT_PAM=yes
EXTRALIBS_EXIM=-lpam
SUPPORT_SOCKS=yes
SUPPORT_PROXY=yes
SUPPORT_SPF=yes
CFLAGS += -I/usr/include
LDFLAGS += -lspf2
SYSTEM_ALIASES_FILE=/etc/aliases
HAVE_IPV6=yes
EXIM_TMPDIR="/tmp"
SUPPORT_MOVE_FROZEN_MESSAGES=yes

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: no DMARC? [ In reply to ]
On Saturday, 27 October 2018 12:33:04 PM AEDT Heiko Schlittermann via Exim-
users wrote:
> wido.exim--- via Exim-users <exim-users@exim.org> (Do 25 Okt 2018 17:30:58
CEST):
> > Hi,
> >
> > I am running an Ubuntu 18.04 machine and I am trying to get DMARC
> > working on my Exim. Therefor I have grabbed the Exim source from Ubuntu
> > 18.10 and compiled it with this Makefile:
> >
> > ========================================================
>
> …
>
> > $ exim --version
> > Exim version 4.91 #2 built 30-Jul-2018 18:35:06
>
> ~~~~~~~~~~~~~~~~~~~~
>
>
> I'd expect a more recent build date, or is did you build end of July?
The exim package from Debian sets the build date to the timestamp of the most
recent entry in the debian/changelog file so as to facilitate reproducible
builds. I usually take their source package and do dch -l myorg when I'm
compiling custom package so its version is newer than the upstream package.
Did you grab the dev packages for dmarc? I assume it will be the same name for
Ubuntu, but on Debian I add libspf2-dev, libopendmarc-dev ( along with some
other libraries for smtputf8 and lmdb ) to the build depends in debian/
control.

>
> --
> Heiko



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: no DMARC? [ In reply to ]
On 07/01/2019 23:18, wido.exim--- via Exim-users wrote:
> After adding some DMARC configuration as pointed out here:
> https://github.com/Exim/exim/blob/master/doc/doc-txt/experimental-spec.txt
>
> Exim does not want to start because of the lacking DMARC support:
> $ journalctl -xe | grep dmarc
> Jan 07 23:58:36 neptunus exim4[20124]: main option "dmarc_tld_file"
> unknown
>
> Why doesn't my build have DMARC support?

Assuming you said "make" at some point... dmarc requires both dkim
and spf. Do you have spf?
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: no DMARC? [ In reply to ]
Hi,

Thank you for your answers/help. My problem is solved.

On 08-01-19 00:18, wido.exim--- via Exim-users wrote:
> Why doesn't my build have DMARC support?

Somebody offline gave me some tips. I clearly need to learn a lot more
on how to build packages :). The build is finished and it has DMARC
support \o/.

Exim version 4.92-RC4 #21 built 05-Jan-2019 14:35:38
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages
Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR SOCKS SPF
TCP_Fast_Open Experimental_ARC Experimental_DCC Experimental_DMARC
Experimental_DSN_info Experimental_REQUIRETLS


Kind regards,
Wido

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/