Add support for Canonicalization option
This commit is contained in:
Scott Kitterman
@@ -10,3 +10,5 @@
|
|||||||
0.9.2 UNRELEASED
|
0.9.2 UNRELEASED
|
||||||
- Improved package requirements definition
|
- Improved package requirements definition
|
||||||
- Added systemd unit file and (untested) sysv init file
|
- Added systemd unit file and (untested) sysv init file
|
||||||
|
- Added dkim-milter.8 (based on opendim.8)
|
||||||
|
- Implemented support for Canonicalization option
|
||||||
|
|||||||
@@ -19,11 +19,11 @@ DKIM 'a' in AR implemented verified
|
|||||||
dkimpy-milter.service implemented verified
|
dkimpy-milter.service implemented verified
|
||||||
sysv init implemented
|
sysv init implemented
|
||||||
remove PidFile on stop implemented verified
|
remove PidFile on stop implemented verified
|
||||||
|
dkimpy-milter.8 provided needs work
|
||||||
|
Canonicalization implementd verified
|
||||||
|
|
||||||
0.9.5 (Beta)
|
0.9.5 (Beta)
|
||||||
dkimpy-milter.8
|
|
||||||
AuthservID
|
AuthservID
|
||||||
Canonicalization
|
|
||||||
Diagnostics
|
Diagnostics
|
||||||
DiagnosticDirectory
|
DiagnosticDirectory
|
||||||
InternalHosts
|
InternalHosts
|
||||||
@@ -31,6 +31,7 @@ SyslogFacility
|
|||||||
SyslogSuccess
|
SyslogSuccess
|
||||||
|
|
||||||
1.0.0
|
1.0.0
|
||||||
|
Convert dkim-milter-python config
|
||||||
No additional features planned
|
No additional features planned
|
||||||
|
|
||||||
Considered for near-term feature release
|
Considered for near-term feature release
|
||||||
|
|||||||
@@ -173,17 +173,24 @@ class dkimMilter(Milter.Base):
|
|||||||
return Milter.CONTINUE
|
return Milter.CONTINUE
|
||||||
|
|
||||||
def sign_dkim(self,txt):
|
def sign_dkim(self,txt):
|
||||||
conf = self.conf
|
canon = milterconfig.get('Canonicalization')
|
||||||
|
if len(canon.split('/')) == 2:
|
||||||
|
canonicalize.append(canon.split('/')[0])
|
||||||
|
canonicalize.append(canon.split('/')[1])
|
||||||
|
else:
|
||||||
|
canonicalize.append(canon)
|
||||||
|
canonicalize.append(canon)
|
||||||
|
syslog.syslog('canonicalize: {0}'.format(canonicalize))
|
||||||
try:
|
try:
|
||||||
d = dkim.DKIM(txt)
|
d = dkim.DKIM(txt)
|
||||||
h = d.sign(milterconfig.get('Selector'),milterconfig.get('Domain'), privateRSA,
|
h = d.sign(milterconfig.get('Selector'),milterconfig.get('Domain'), privateRSA,
|
||||||
canonicalize=('relaxed','simple'))
|
canonicalize=(canonicalize[0], canonicalize[1]))
|
||||||
name,val = h.split(': ',1)
|
name,val = h.split(': ',1)
|
||||||
self.addheader(name,val.strip().replace('\r\n','\n'),0)
|
self.addheader(name,val.strip().replace('\r\n','\n'),0)
|
||||||
if privateEd25519:
|
if privateEd25519:
|
||||||
d = dkim.DKIM(txt)
|
d = dkim.DKIM(txt)
|
||||||
h = d.sign(milterconfig.get('SelectorEd25519'),milterconfig.get('Domain'), privateEd25519,
|
h = d.sign(milterconfig.get('SelectorEd25519'),milterconfig.get('Domain'), privateEd25519,
|
||||||
canonicalize=('relaxed','simple'), signature_algorithm='ed25519-sha256')
|
canonicalize=(canonicalize[0], canonicalize[1]), signature_algorithm='ed25519-sha256')
|
||||||
name,val = h.split(': ',1)
|
name,val = h.split(': ',1)
|
||||||
self.addheader(name,val.strip().replace('\r\n','\n'),0)
|
self.addheader(name,val.strip().replace('\r\n','\n'),0)
|
||||||
except dkim.DKIMException as x:
|
except dkim.DKIMException as x:
|
||||||
@@ -254,14 +261,14 @@ def main():
|
|||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.openlog(os.path.basename(sys.argv[0]), syslog.LOG_PID, syslog.LOG_MAIL)
|
syslog.openlog(os.path.basename(sys.argv[0]), syslog.LOG_PID, syslog.LOG_MAIL)
|
||||||
setExceptHook()
|
setExceptHook()
|
||||||
write_pid(milterconfig)
|
pid = write_pid(milterconfig)
|
||||||
if milterconfig.get('KeyFile'):
|
if milterconfig.get('KeyFile'):
|
||||||
privateRSA = read_keyfile(milterconfig, 'RSA')
|
privateRSA = read_keyfile(milterconfig, 'RSA')
|
||||||
if milterconfig.get('KeyFileEd25519'):
|
if milterconfig.get('KeyFileEd25519'):
|
||||||
privateEd25519 = read_keyfile(milterconfig, 'Ed25519')
|
privateEd25519 = read_keyfile(milterconfig, 'Ed25519')
|
||||||
drop_privileges(milterconfig)
|
drop_privileges(milterconfig)
|
||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.syslog('dkimpy-milter started. user: {0}'.format(milterconfig.get('UserID')))
|
syslog.syslog('dkimpy-milter started:{0} user:{1}'.format(pid,milterconfig.get('UserID')))
|
||||||
Milter.factory = dkimMilter
|
Milter.factory = dkimMilter
|
||||||
Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
|
Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
|
||||||
miltername = 'dkimpy-filter'
|
miltername = 'dkimpy-filter'
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ defaultConfigData = {
|
|||||||
'Socket' : 'local:/var/run/dkimpy-milter/dkimpy-milter.sock',
|
'Socket' : 'local:/var/run/dkimpy-milter/dkimpy-milter.sock',
|
||||||
'PidFile' : '/var/run/dkimpy-milter/dkimpy-milter.pid',
|
'PidFile' : '/var/run/dkimpy-milter/dkimpy-milter.pid',
|
||||||
'UserID' : 'dkimpy-milter',
|
'UserID' : 'dkimpy-milter',
|
||||||
'Canonicalization' : 'simple'
|
'Canonicalization' : 'relaxed/simple'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -111,7 +111,6 @@ def _readConfigFile(path, configData = None, configGlobal = {}):
|
|||||||
'Selector' : 'str',
|
'Selector' : 'str',
|
||||||
'SelectorEd25519': 'str',
|
'SelectorEd25519': 'str',
|
||||||
'Canonicalization' : 'str',
|
'Canonicalization' : 'str',
|
||||||
'CanonicalizationEd25519' : 'str'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# check to see if it's a file
|
# check to see if it's a file
|
||||||
|
|||||||
@@ -92,6 +92,7 @@ def write_pid(milterconfig):
|
|||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.syslog('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
syslog.syslog('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
||||||
raise RuntimeError('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
raise RuntimeError('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
||||||
|
return pid
|
||||||
|
|
||||||
####################
|
####################
|
||||||
def read_keyfile(milterconfig, keytype):
|
def read_keyfile(milterconfig, keytype):
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ KeyFile /etc/mail/dkim.key
|
|||||||
Selector default
|
Selector default
|
||||||
|
|
||||||
# Commonly-used options; the commented-out versions show the defaults.
|
# Commonly-used options; the commented-out versions show the defaults.
|
||||||
#Canonicalization simple
|
#Canonicalization relaxed/simple
|
||||||
#Mode sv
|
#Mode sv
|
||||||
|
|
||||||
# Socket local:/var/run/dkimpy-milter/dkimpy-milter.sock
|
# Socket local:/var/run/dkimpy-milter/dkimpy-milter.sock
|
||||||
|
|||||||
@@ -133,7 +133,7 @@
|
|||||||
dkimpy-milter \- Python milter for DKIM signing and validation
|
dkimpy-milter \- Python milter for DKIM signing and validation
|
||||||
.SH "VERSION"
|
.SH "VERSION"
|
||||||
.IX Header "VERSION"
|
.IX Header "VERSION"
|
||||||
0\.9\.1
|
0\.9\.2
|
||||||
|
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
.IX Header "DESCRIPTION"
|
.IX Header "DESCRIPTION"
|
||||||
@@ -208,6 +208,8 @@ the canonicalization method. The recognized values are
|
|||||||
and
|
and
|
||||||
.I simple
|
.I simple
|
||||||
as defined by the DKIM specification. The default is
|
as defined by the DKIM specification. The default is
|
||||||
|
.I relaxed
|
||||||
|
/
|
||||||
.I simple.
|
.I simple.
|
||||||
The value may include two different canonicalizations separated by a
|
The value may include two different canonicalizations separated by a
|
||||||
slash ("/") character, in which case the first will be applied to the
|
slash ("/") character, in which case the first will be applied to the
|
||||||
|
|||||||
Reference in New Issue
Block a user