Enhanced signature verification logging to provide more useful information, added signing success logging, and more PEP 8
This commit is contained in:
Scott Kitterman
@@ -4,13 +4,14 @@
|
|||||||
- Added support for MacroListVerify option
|
- Added support for MacroListVerify option
|
||||||
- Added example in README to show use of MacroList* to separate inbound and
|
- Added example in README to show use of MacroList* to separate inbound and
|
||||||
outbound mail streams
|
outbound mail streams
|
||||||
- Added support for SyslogSuccess option
|
- Added support for SyslogSuccess option (both signing and verifying)
|
||||||
- Rationalized logging to be much less verbose unless SyslogSuccess or
|
- Rationalized logging to be much less verbose unless SyslogSuccess or
|
||||||
debugLevel are set - default is generally start/stop/errors only
|
debugLevel are set - default is generally start/stop/errors only
|
||||||
- Fixed install_requires so either dnspython (preferred if neither is
|
- Fixed install_requires so either dnspython (preferred if neither is
|
||||||
installed) or PyDNS satisfies the install requirements
|
installed) or PyDNS satisfies the install requirements
|
||||||
- Update Authentication Results result comment not to mention key size for
|
- Updated Authentication Results result comment not to mention key size for
|
||||||
ed25519 signatures, since it's irrelevant
|
ed25519 signatures, since it's irrelevant
|
||||||
|
- Enhanced signature verification logging to provide more useful information
|
||||||
|
|
||||||
0.9.4 2018-03-09
|
0.9.4 2018-03-09
|
||||||
- Create PID directory if it is missing
|
- Create PID directory if it is missing
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ SyslogSuccess implemented verified
|
|||||||
1.0.0
|
1.0.0
|
||||||
No additional features planned
|
No additional features planned
|
||||||
|
|
||||||
Plannedataset type support:
|
Plannedataset type support (if needed):
|
||||||
db:/.db
|
db:/.db
|
||||||
mdb:
|
mdb:
|
||||||
|
|
||||||
|
|||||||
@@ -218,6 +218,14 @@ class dkimMilter(Milter.Base):
|
|||||||
canonicalize[1]))
|
canonicalize[1]))
|
||||||
name, val = h.split(': ', 1)
|
name, val = h.split(': ', 1)
|
||||||
self.addheader(name, val.strip().replace('\r\n', '\n'), 0)
|
self.addheader(name, val.strip().replace('\r\n', '\n'), 0)
|
||||||
|
if (milterconfig.get('Syslog') and
|
||||||
|
(milterconfig.get('SyslogSuccess')
|
||||||
|
or milterconfig.get('debugLevel') >= 1)):
|
||||||
|
syslog.syslog('{0}: {1} DKIM-Signature field added (s={2} '
|
||||||
|
'd={3})'.format(self.getsymval('i'),
|
||||||
|
d.signature_fields.get(b'a'),
|
||||||
|
d.signature_fields.get(b's'),
|
||||||
|
d.domain))
|
||||||
if privateEd25519:
|
if privateEd25519:
|
||||||
d = dkim.DKIM(txt)
|
d = dkim.DKIM(txt)
|
||||||
h = d.sign(milterconfig.get('SelectorEd25519'), self.fdomain,
|
h = d.sign(milterconfig.get('SelectorEd25519'), self.fdomain,
|
||||||
@@ -226,6 +234,14 @@ class dkimMilter(Milter.Base):
|
|||||||
signature_algorithm='ed25519-sha256')
|
signature_algorithm='ed25519-sha256')
|
||||||
name, val = h.split(': ', 1)
|
name, val = h.split(': ', 1)
|
||||||
self.addheader(name, val.strip().replace('\r\n', '\n'), 0)
|
self.addheader(name, val.strip().replace('\r\n', '\n'), 0)
|
||||||
|
if (milterconfig.get('Syslog') and
|
||||||
|
(milterconfig.get('SyslogSuccess')
|
||||||
|
or milterconfig.get('debugLevel') >= 1)):
|
||||||
|
syslog.syslog('{0}: {1} DKIM-Signature field added (s={2} '
|
||||||
|
'd={3})'.format(self.getsymval('i'),
|
||||||
|
d.signature_fields.get(b'a'),
|
||||||
|
d.signature_fields.get(b's'),
|
||||||
|
d.domain))
|
||||||
except dkim.DKIMException as x:
|
except dkim.DKIMException as x:
|
||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.syslog('DKIM: {0}'.format(x))
|
syslog.syslog('DKIM: {0}'.format(x))
|
||||||
@@ -243,8 +259,8 @@ class dkimMilter(Milter.Base):
|
|||||||
if res:
|
if res:
|
||||||
if d.signature_fields.get(b'a') == 'ed25519-sha256':
|
if d.signature_fields.get(b'a') == 'ed25519-sha256':
|
||||||
self.dkim_comment = ('Good {0} signature'
|
self.dkim_comment = ('Good {0} signature'
|
||||||
.format(d.signature_fields
|
.format(d.signature_fields
|
||||||
.get(b'a')))
|
.get(b'a')))
|
||||||
else:
|
else:
|
||||||
self.dkim_comment = ('Good {0} bit {1} signature'
|
self.dkim_comment = ('Good {0} bit {1} signature'
|
||||||
.format(d.keysize,
|
.format(d.keysize,
|
||||||
@@ -268,8 +284,12 @@ class dkimMilter(Milter.Base):
|
|||||||
if res:
|
if res:
|
||||||
if (milterconfig.get('Syslog') and
|
if (milterconfig.get('Syslog') and
|
||||||
(milterconfig.get('SyslogSuccess') or
|
(milterconfig.get('SyslogSuccess') or
|
||||||
milterconfig.get('debugLevel') >= 1)):
|
milterconfig.get('debugLevel') >= 1)):
|
||||||
syslog.syslog('DKIM: Pass ({0})'.format(d.domain))
|
syslog.syslog('{0}: {1} DKIM signature verified (s={2} '
|
||||||
|
'd={3})'.format(self.getsymval('i'),
|
||||||
|
d.signature_fields.get(b'a'),
|
||||||
|
d.signature_fields.get(b's'),
|
||||||
|
d.domain))
|
||||||
self.dkim_domain = d.domain
|
self.dkim_domain = d.domain
|
||||||
else:
|
else:
|
||||||
if milterconfig.get('DiagnosticDirectory'):
|
if milterconfig.get('DiagnosticDirectory'):
|
||||||
|
|||||||
Reference in New Issue
Block a user