Add optional SSL SMTP Authentication to OpenDMARC-Reports

[specializedtom]

I noticed while setting up OpenDMARC on my server, that OpenDMARC-Reports was bouncing emails it was sending. This when I allowed 'permit_mynetworks' in my postfix configuration. Upon closer inspection, I noticed OpenDMARC-Reports expects (by default) an open SMTP server connection and only does a HELO request for the senders' FQDN.

To prevent situations where email servers may in fact be open relays, I have made changes to the OpenDMARC-Reports perl script to incorporate SSL SMTP Authentication. (I have tested my changes on the Fedora RPM v1.4.1 of OpenDMARC, and have had no problems.) I am happy to share the source code with the community, should the people at TrustedDomainProject accept my proposed changes.

[randolf]

I think this is a good idea because adding support for secure communications is better overall for internet security in general.

If you do share your updates, I suggest making the secure option the default (assuming it's not too much work), and adding an option to disable secure communications (which adds a warning to the logs whenever it's used so that administrators will be more inclined to switch to using secure communications).

[schildbach]

Isn't this a responsibility of the actual sendmail implementation? E.g., you could install sSMTP (https://wiki.debian.org/sSMTP) and use either UseSTARTTLS=Yes or UseTLS=Yes, plus AuthUser and AuthPass in /etc/ssmtp/ssmtp.conf.

[thegushi]

This code was written in BSD-land where chucking things (like cron output and system periodic mail) is just thrown at /usr/sbin/sendmail or at a border MX without authentication, where ip filters are typically what's used to determine who-may-relay.

It's a different world now, and if you have patches to the perl programs that don't complicate the C, I'm happy to take a look at them.