add DNSOverride configuration for testing

dkimpy_milter/__init__.py

@@ -260,7 +260,12 @@ class dkimMilter(Milter.Base):
         for y in range(self.has_dkim):  # Verify _ALL_ the signatures
             d = dkim.DKIM(txt)
             try:
-                res = d.verify(idx=y)
+                dnsoverride = milterconfig.get('DNSOverride')
+                if isinstance(dnsoverride, str):
+                    syslog.syslog("DNSOverride: {0}".format(dnsoverride))
+                    res = d.verify(idx=y, dnsfunc=lambda _x: dnsoverride)
+                else:
+                    res = d.verify(idx=y)
                 if res:
                     if d.signature_fields.get(b'a') == 'ed25519-sha256':
                         self.dkim_comment = ('Good {0} signature'

dkimpy_milter/config.py

@@ -48,6 +48,7 @@ defaultConfigData = {
     'DiagnosticDirectory': '',
     'MacroList': '',
     'MacroListVerify': '',
+    'DNSOverride': None,
     'debugLevel': 0  # Undocumented config item for developer use
     }
 
@@ -334,6 +335,7 @@ def _readConfigFile(path, configData=None, configGlobal={}):
         'DiagnosticDirectory': 'str',
         'MacroList': 'dataset',
         'MacroListVerify': 'dataset',
+        'DNSOverride': 'str',
         'debugLevel': 'int'
         }
 

man/dkimpy-milter.conf.5

@@ -311,6 +311,13 @@ be set:
 (b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector;
 [fooTable options NOT IMPLEMENTED]
 
+.TP 
+.I DNSOverride (string)
+Provide a text string that a verifying milter should use instead of
+consulting the DNS on each message.  This is useful primarily for
+testing purposes in environments where it is awkward to modify the
+system DNS resolution.  It should not be used in production.
+
 .TP
 .I PeerList (dataset)
 Identifies a set of "peers" that identifies clients whose connections