Add support for SignHeaders feature, thanks to Ralph Seichter for the patch
This commit is contained in:
Scott Kitterman
@@ -1,4 +1,5 @@
|
|||||||
1.2.0 UNRELEASED
|
1.2.0 UNRELEASED
|
||||||
|
- Add support for SignHeaders feature, thanks to Ralph Seichter for the patch
|
||||||
- Add new expand option to setup.py so various file system locations can be
|
- Add new expand option to setup.py so various file system locations can be
|
||||||
specified at build/install time rather than being hard coded
|
specified at build/install time rather than being hard coded
|
||||||
- Install openrc init file for Gentoo and other openrc users
|
- Install openrc init file for Gentoo and other openrc users
|
||||||
|
|||||||
@@ -49,6 +49,9 @@ Port to Python 3 implemented verified
|
|||||||
Subdomain support implemented verified
|
Subdomain support implemented verified
|
||||||
Test suite implemented verified
|
Test suite implemented verified
|
||||||
|
|
||||||
|
1.2.0
|
||||||
|
SignHeaders implemented
|
||||||
|
|
||||||
Planned dataset type support (if needed):
|
Planned dataset type support (if needed):
|
||||||
mdb:
|
mdb:
|
||||||
|
|
||||||
|
|||||||
@@ -217,13 +217,18 @@ class dkimMilter(Milter.Base):
|
|||||||
if (milterconfig.get('Syslog') and
|
if (milterconfig.get('Syslog') and
|
||||||
milterconfig.get('debugLevel') >= 1):
|
milterconfig.get('debugLevel') >= 1):
|
||||||
syslog.syslog('canonicalize: {0}'.format(canonicalize))
|
syslog.syslog('canonicalize: {0}'.format(canonicalize))
|
||||||
|
sign_headers = milterconfig.get('SignHeaders')
|
||||||
|
if not sign_headers:
|
||||||
|
# None or empty. DKIM explicitly tests for None.
|
||||||
|
sign_headers = None
|
||||||
try:
|
try:
|
||||||
if privateRSA:
|
if privateRSA:
|
||||||
d = dkim.DKIM(txt)
|
d = dkim.DKIM(txt)
|
||||||
h = d.sign(codecs.encode(milterconfig.get('Selector'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
|
h = d.sign(codecs.encode(milterconfig.get('Selector'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
|
||||||
codecs.encode(privateRSA, 'ascii'),
|
codecs.encode(privateRSA, 'ascii'),
|
||||||
canonicalize=(canonicalize[0],
|
canonicalize=(canonicalize[0],
|
||||||
canonicalize[1]))
|
canonicalize[1]),
|
||||||
|
include_headers=sign_headers)
|
||||||
name, val = h.split(b': ', 1)
|
name, val = h.split(b': ', 1)
|
||||||
self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)
|
self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)
|
||||||
if (milterconfig.get('Syslog') and
|
if (milterconfig.get('Syslog') and
|
||||||
@@ -239,6 +244,7 @@ class dkimMilter(Milter.Base):
|
|||||||
h = d.sign(codecs.encode(milterconfig.get('SelectorEd25519'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
|
h = d.sign(codecs.encode(milterconfig.get('SelectorEd25519'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
|
||||||
privateEd25519, canonicalize=(canonicalize[0],
|
privateEd25519, canonicalize=(canonicalize[0],
|
||||||
canonicalize[1]),
|
canonicalize[1]),
|
||||||
|
include_headers=sign_headers,
|
||||||
signature_algorithm=b'ed25519-sha256')
|
signature_algorithm=b'ed25519-sha256')
|
||||||
name, val = h.split(b': ', 1)
|
name, val = h.split(b': ', 1)
|
||||||
self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)
|
self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)
|
||||||
|
|||||||
@@ -340,7 +340,8 @@ def _readConfigFile(path, configData=None, configGlobal={}):
|
|||||||
'MacroList': 'dataset',
|
'MacroList': 'dataset',
|
||||||
'MacroListVerify': 'dataset',
|
'MacroListVerify': 'dataset',
|
||||||
'DNSOverride': 'str',
|
'DNSOverride': 'str',
|
||||||
'debugLevel': 'int'
|
'debugLevel': 'int',
|
||||||
|
'SignHeaders': 'dataset'
|
||||||
}
|
}
|
||||||
|
|
||||||
# check to see if it's a file
|
# check to see if it's a file
|
||||||
|
|||||||
@@ -325,6 +325,23 @@ be set:
|
|||||||
(a) Domain, KeyFile, Selector, no KeyTable, no SigningTable;
|
(a) Domain, KeyFile, Selector, no KeyTable, no SigningTable;
|
||||||
(b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector;
|
(b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector;
|
||||||
|
|
||||||
|
.TP
|
||||||
|
.I OmitHeaders (dataset)
|
||||||
|
Specifies a set of header fields that should be omitted when generating
|
||||||
|
signatures. If an entry in the list names any header field that is mandated
|
||||||
|
by the DKIM specification, the entry is ignored. A set of header fields is
|
||||||
|
listed in the DKIM specification (RFC6376, Section 5.4) as "SHOULD NOT" be
|
||||||
|
signed; the default list for this parameter contains those fields
|
||||||
|
(Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc and
|
||||||
|
DKIM-Signature). To omit no headers, simply use the string "." (or any
|
||||||
|
string that will match no header field names).
|
||||||
|
Specifying a list with this parameter replaces the default entirely, unless
|
||||||
|
one entry is "*" in which case the list is interpreted as a delta to the
|
||||||
|
default; for example, "*,+foobar" will use the entire default list plus
|
||||||
|
the name "foobar", while "*,-Bcc" would use the entire default list except
|
||||||
|
for the "Bcc" entry. [OmitHeaders NOT IMPLEMENTED - included for reference
|
||||||
|
only]
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.I DNSOverride (string)
|
.I DNSOverride (string)
|
||||||
Provide a text string that a verifying milter should use instead of
|
Provide a text string that a verifying milter should use instead of
|
||||||
@@ -382,6 +399,17 @@ This parameter is ignored if a
|
|||||||
.I KeyTableEd25519
|
.I KeyTableEd25519
|
||||||
is defined.
|
is defined.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
.I SignHeaders (dataset)
|
||||||
|
Specifies the set of header fields that should be included when generating
|
||||||
|
signatures. If the list omits any header field that is mandated by the DKIM
|
||||||
|
specification, those fields are implicitly added. By default, those fields
|
||||||
|
listed in the DKIM specification as "SHOULD" be signed (RFC6376, Section 5.4)
|
||||||
|
will be signed by the filter. See the
|
||||||
|
.I OmitHeaders
|
||||||
|
configuration option for more information about the format and interpretation
|
||||||
|
of this field.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.I SigningTable (dataset)
|
.I SigningTable (dataset)
|
||||||
|
|
||||||
@@ -489,7 +517,7 @@ is specified.
|
|||||||
\ddkimpy-milter\fR was written by Scott Kitterman <scott@kitterman.com>.
|
\ddkimpy-milter\fR was written by Scott Kitterman <scott@kitterman.com>.
|
||||||
It is based on dkim-milter.py Copyright (c) 2001-2013 Business Management Systems, Inc.
|
It is based on dkim-milter.py Copyright (c) 2001-2013 Business Management Systems, Inc.
|
||||||
Copyright (c) 2013-2015 Stuart D. Gathman
|
Copyright (c) 2013-2015 Stuart D. Gathman
|
||||||
Copyright (c) 2018 Scott Kitterman <scott@kitterman.com>.
|
Copyright (c) 2018,2019 Scott Kitterman <scott@kitterman.com>.
|
||||||
.PP
|
.PP
|
||||||
This man-page was created by Scott Kitterman <scott@kitterman.com>.
|
This man-page was created by Scott Kitterman <scott@kitterman.com>.
|
||||||
|
|
||||||
@@ -503,4 +531,4 @@ See LICENSE.
|
|||||||
|
|
||||||
Updated for dkimpy-milter. Updates licensed under the same terms as the rest
|
Updated for dkimpy-milter. Updates licensed under the same terms as the rest
|
||||||
of the package.
|
of the package.
|
||||||
Copyright (c) 2018, Scott Kitterman <scott@kitterman.com>
|
Copyright (c) 2018,2019 Scott Kitterman <scott@kitterman.com>
|
||||||
|
|||||||
Reference in New Issue
Block a user