diff --git a/dkimpy_milter/__init__.py b/dkimpy_milter/__init__.py index 28971c3..5345fc7 100644 --- a/dkimpy_milter/__init__.py +++ b/dkimpy_milter/__init__.py @@ -260,7 +260,12 @@ class dkimMilter(Milter.Base): for y in range(self.has_dkim): # Verify _ALL_ the signatures d = dkim.DKIM(txt) try: - res = d.verify(idx=y) + dnsoverride = milterconfig.get('DNSOverride') + if isinstance(dnsoverride, str): + syslog.syslog("DNSOverride: {0}".format(dnsoverride)) + res = d.verify(idx=y, dnsfunc=lambda _x: dnsoverride) + else: + res = d.verify(idx=y) if res: if d.signature_fields.get(b'a') == 'ed25519-sha256': self.dkim_comment = ('Good {0} signature' diff --git a/dkimpy_milter/config.py b/dkimpy_milter/config.py index 9f42af2..3359246 100644 --- a/dkimpy_milter/config.py +++ b/dkimpy_milter/config.py @@ -48,6 +48,7 @@ defaultConfigData = { 'DiagnosticDirectory': '', 'MacroList': '', 'MacroListVerify': '', + 'DNSOverride': None, 'debugLevel': 0 # Undocumented config item for developer use } @@ -334,6 +335,7 @@ def _readConfigFile(path, configData=None, configGlobal={}): 'DiagnosticDirectory': 'str', 'MacroList': 'dataset', 'MacroListVerify': 'dataset', + 'DNSOverride': 'str', 'debugLevel': 'int' } diff --git a/man/dkimpy-milter.conf.5 b/man/dkimpy-milter.conf.5 index 3dd7612..a7e5d31 100644 --- a/man/dkimpy-milter.conf.5 +++ b/man/dkimpy-milter.conf.5 @@ -311,6 +311,13 @@ be set: (b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector; [fooTable options NOT IMPLEMENTED] +.TP +.I DNSOverride (string) +Provide a text string that a verifying milter should use instead of +consulting the DNS on each message. This is useful primarily for +testing purposes in environments where it is awkward to modify the +system DNS resolution. It should not be used in production. + .TP .I PeerList (dataset) Identifies a set of "peers" that identifies clients whose connections