From 84803d377939516c99f11dbf9b69bb210505126b Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Sun, 26 Feb 2023 19:38:53 -0500 Subject: [PATCH] Improve documentation of inter-relationship between Mode, InternalHosts, MacroList, and MacroListVerify options in dkimpy-milter.conf.5 (Closes: #969215) --- CHANGES | 3 +++ man/dkimpy-milter.conf.5 | 17 +++++++++++++++++ man/dkimpy-milter.conf.5.in | 17 +++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/CHANGES b/CHANGES index 8c15630..4c9a530 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ - Fix formatting for MinimumKeyBits in dkimpy-milter.conf(5) (Closes: #995335) - Reset the i= signature identity in get_identities_sign() (Closes: #981157) + - Improve documentation of inter-relationship between Mode, InternalHosts, + MacroList, and MacroListVerify options in dkimpy-milter.conf.5 (Closes: + #969215) 1.2.2 2020-08-09 - Improve README.md formating for markdown display on pypi diff --git a/man/dkimpy-milter.conf.5 b/man/dkimpy-milter.conf.5 index 89faecd..289d09e 100644 --- a/man/dkimpy-milter.conf.5 +++ b/man/dkimpy-milter.conf.5 @@ -244,6 +244,10 @@ Naturally, providing a value here overrides the default, so if mail from 127.0.0.1 should be signed, the list provided here should include that address explicitly. [PeerList NOT IMPLEMENTED] +Mail sent via connections from InternalHosts will not have any existing DKIM +signatures verified. This is not overridden by MacroList or Mode. If the +Mode is 'v', then no actions will be performed. + .TP .I KeyFile (string) Gives the location of a PEM-formatted private key to be used for RSA signing @@ -298,6 +302,10 @@ at the time the filter receives a connection from the MTA and its availability depends upon the version of milter used to compile the filter and the version of the MTA making the connection. +Mail sent via connections where macros that are in MacroList are provided +will not have any existing DKIM signatures verified. If the Mode is 'v', then +no actions will be performed. + .TP .I MacroListVerify (dataset) Defines a set of MTA-provided @@ -308,6 +316,10 @@ Entries in this data set follow the same form as those of the .I MacroList option above. [this option is not inhereted from OpenDKIM] +Mail sent via connections where macros that are in MacroListVerify are +provided will be not DKIM signed. If the Mode is 's', then no actions will +be performed. + .TP .I Mode (string) Selects operating modes. The string is a concatenation of characters that @@ -327,6 +339,11 @@ be set: (a) Domain, KeyFile, Selector, no KeyTable, no SigningTable; (b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector; +The action to sign or verify is also affected by the InternalHosts, MacroList, +and MacroListVerify options. Those options may preclude signing or +verification in some cases, but will not enable signing or verifying if not +allowed by Mode. + .TP .I MinimumKeyBits (integer) Establishes a minimum key size for acceptable RSA signatures. Signatures with diff --git a/man/dkimpy-milter.conf.5.in b/man/dkimpy-milter.conf.5.in index 7dde804..48aa210 100644 --- a/man/dkimpy-milter.conf.5.in +++ b/man/dkimpy-milter.conf.5.in @@ -244,6 +244,10 @@ Naturally, providing a value here overrides the default, so if mail from 127.0.0.1 should be signed, the list provided here should include that address explicitly. [PeerList NOT IMPLEMENTED] +Mail sent via connections from InternalHosts will not have any existing DKIM +signatures verified. This is not overridden by MacroList or Mode. If the +Mode is 'v', then no actions will be performed. + .TP .I KeyFile (string) Gives the location of a PEM-formatted private key to be used for RSA signing @@ -298,6 +302,10 @@ at the time the filter receives a connection from the MTA and its availability depends upon the version of milter used to compile the filter and the version of the MTA making the connection. +Mail sent via connections where macros that are in MacroList are provided +will not have any existing DKIM signatures verified. If the Mode is 'v', then +no actions will be performed. + .TP .I MacroListVerify (dataset) Defines a set of MTA-provided @@ -308,6 +316,10 @@ Entries in this data set follow the same form as those of the .I MacroList option above. [this option is not inhereted from OpenDKIM] +Mail sent via connections where macros that are in MacroListVerify are +provided will be not DKIM signed. If the Mode is 's', then no actions will +be performed. + .TP .I Mode (string) Selects operating modes. The string is a concatenation of characters that @@ -327,6 +339,11 @@ be set: (a) Domain, KeyFile, Selector, no KeyTable, no SigningTable; (b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector; +The action to sign or verify is also affected by the InternalHosts, MacroList, +and MacroListVerify options. Those options may preclude signing or +verification in some cases, but will not enable signing or verifying if not +allowed by Mode. + .TP .I MinimumKeyBits (integer) Establishes a minimum key size for acceptable RSA signatures. Signatures with