Add support for specifying MinimumKeyBits for RSA signatures

dkimpy_milter/__init__.py

@@ -359,7 +359,7 @@ class dkimMilter(Milter.Base):
         res = False
         self.header_a = None
         for y in range(self.has_dkim):  # Verify _ALL_ the signatures
-            d = dkim.DKIM(txt)
+            d = dkim.DKIM(txt, minkey=self.conf.get('MinimumKeyBits'))
             try:
                 dnsoverride = self.conf.get('DNSOverride')
                 if isinstance(dnsoverride, str):

dkimpy_milter/config.py

@@ -39,6 +39,7 @@ defaultConfigData = {
     'SyslogFacility': 'mail',
     'UMask': 0o07,
     'Mode': 'sv',
+    'MinimumKeyBits': 1024,
     'Socket': None,
     'PidFile': None,
     'UserID': 'dkimpy-milter',
@@ -336,6 +337,7 @@ def _readConfigFile(path, configData=None, configGlobal={}):
         'SyslogSuccess': 'bool',
         'UMask': 'int',
         'Mode': 'str',
+        'MinimumKeyBits': 'int',
         'Socket': 'str',
         'PidFile': 'str',
         'UserID': 'str',
@@ -421,6 +423,10 @@ def _readConfigFile(path, configData=None, configGlobal={}):
             else:
                 configData[name] = str(value)
         elif conversion == 'int':
+            if name == 'MinimumKeyBits':
+                if int(value) == 0:
+                    # Odd inheritence from OpenDKIM where value of 0 means use default.
+                    value = configData.get(name)
             configData[name] = int(value)
         elif conversion == 'dataset':
             configData[name] = _dataset_to_list(value)