Bump version to 1.1.3

(LP: #1844189)

CHANGES

@@ -1,3 +1,12 @@
+1.1.3 2019-10-06
+ - Fix sysv init so it works (LP: #1839487)
+
+1.1.2 2019-09-23
+ - Fix variable initialization so mailformed mails missing body From do not
+   cause a traceback (LP: #1844161)
+ - Catch more ascii encoding errors to improve resilience against bad data
+   (LP: #1844189)
+
 1.1.1 2019-09-06
  - Fix startup logging so it provides information at a useful time
  - Fix verify processing so missing (optional) i= tag doesn't cause the milter

README

@@ -84,9 +84,8 @@ MTA INTEGRATION
 
 Both a systemd unit file and a sysv init file are provided.  Both make
 assumptions about defaults being used, e.g. if a non-standard pidfile name is
-used, they will need to be updated.  The sysv init file is Debian specific and
+used, they will need to be updated.  The sysv init file uses start-stop-deamon
-untested, since the developers are not using sysv init.  Feedback/patches
+from Debian.  It is not portable to systems without that available.
-welcome.
 
 The dkimpy-milter drops priviledges after setup to the user/group specified in
 UserID.  During initial setup, this system user needs to be manually created.

dkimpy_milter/__init__.py

@@ -55,6 +55,7 @@ class dkimMilter(Milter.Base):
         self.privatersa = privateRSA
         self.privateed25519 = privateEd25519
         self.fp = None
+        self.fdomain = ''
 
     @Milter.noreply
     def connect(self, hostname, unused, hostaddr):
@@ -136,14 +137,18 @@ class dkimMilter(Milter.Base):
             try:
                 self.fdomain = self.author.split('@')[1].lower()
             except IndexError as er:
-                self.fdomain = ''  # self.author was not a proper email address
+                pass # self.author was not a proper email address
             if (milterconfig.get('Syslog') and
                     milterconfig.get('debugLevel') >= 1):
                 syslog.syslog("{0}: {1}".format(name, val))
         elif lname == 'authentication-results':
             self.arheaders.append(val)
         if self.fp:
+            try:
                 self.fp.write(b"%s: %s\n" % (codecs.encode(name, 'ascii'), codecs.encode(val, 'ascii')))
+            except:
+                # Don't choke on header fields with non-ascii garbage in them.
+                pass
         return Milter.CONTINUE
 
     @Milter.noreply
@@ -260,6 +265,7 @@ class dkimMilter(Milter.Base):
 
     def check_dkim(self, txt):
         res = False
+        self.header_a = None
         for y in range(self.has_dkim):  # Verify _ALL_ the signatures
             d = dkim.DKIM(txt)
             try:
@@ -293,8 +299,16 @@ class dkimMilter(Milter.Base):
                 self.header_i = codecs.decode(d.signature_fields.get(b'i'), 'ascii')
             except TypeError as x:
                 self.header_i = None
+            try:
                 self.header_d = codecs.decode(d.signature_fields.get(b'd'), 'ascii')
                 self.header_a = codecs.decode(d.signature_fields.get(b'a'), 'ascii')
+            except Exception as x:
+                self.dkim_comment = str(x)
+                if milterconfig.get('Syslog'):
+                    syslog.syslog("check_dkim: {0}".format(x))
+                self.header_d = None
+            if not self.header_a:
+                self.header_a = 'rsa-sha256'
             if res:
                 if (milterconfig.get('Syslog') and
                         (milterconfig.get('SyslogSuccess') or
@@ -314,12 +328,18 @@ class dkimMilter(Milter.Base):
                         syslog.syslog('DKIM: Fail (saved as {0})'
                                       .format(fname))
                 else:
-                    syslog.syslog('DKIM: Fail ({0})'.format(d.domain.lower()))
+                    if milterconfig.get('Syslog'):
+                        if d.domain:
+                            syslog.syslog('DKIM: Fail ({0})'
+                                          .format(d.domain.lower()))
+                        else:
+                            syslog.syslog('DKIM: Fail, unextractable domain')
             if res:
                 result = 'pass'
             else:
                 result = 'fail'
             res = False
+            if self.header_d:
                 self.arresults.append(
                     authres.DKIMAuthenticationResult(result=result,
                                                  header_i=self.header_i,
@@ -328,6 +348,7 @@ class dkimMilter(Milter.Base):
                                                  result_comment=
                                                  self.dkim_comment)
             )
+            self.header_a = None
         return
 
 # get parent domain to be signed for if fdomain is a subdomain

setup.py

@@ -30,7 +30,7 @@ except ImportError:  # If PyDNS is not installed, prefer dnspython
 
 setup(
     name='dkimpy-milter',
-    version='1.1.1',
+    version='1.1.3',
     author='Scott Kitterman',
     author_email='scott@kitterman.com',
     url='https://launchpad.net/dkimpy-milter',

system/dkimpy-milter

@@ -20,7 +20,7 @@
 ### END INIT INFO
 prefix="/usr/local"
 exec_prefix=${prefix}
-sysconfdir="/etc/dkimpy-milter"
+sysconfdir="/usr/local/etc"
 bindir="${exec_prefix}/bin/"
 RUNDIR="/run/dkimpy-milter"
 DAEMON=${bindir}/dkimpy-milter
@@ -67,14 +67,14 @@ case "$1" in
 			fi
 		fi
 	fi
-
+        start-stop-daemon --start --background --quiet --pidfile \
-        start-stop-daemon --start --quiet --pidfile $RUNDIR/$NAME.pid --startas \
+                $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
-                $DAEMON $sysconfdir/$NAME.conf --name $NAME --test > /dev/null \
 	echo "$NAME."
 	;;
   stop)
 	echo -n "Stopping $DESC: "
 	if [ -f $RUNDIR/$NAME.pid ]; then
+		chown root:root $RUNDIR/$NAME.pid
 		start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid 
 		rm $RUNDIR/$NAME.pid
 		#echo $SOCKET
@@ -87,6 +87,7 @@ case "$1" in
   force-reload)
         echo -n "Force reloading $DESC: "
         if [ -f $RUNDIR/$NAME.pid ]; then
+                chown root:root $RUNDIR/$NAME.pid
                 start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
                 rm $RUNDIR/$NAME.pid
                 #echo $SOCKET
@@ -95,7 +96,7 @@ case "$1" in
                 fi
         fi
         sleep 1
-        start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+        start-stop-daemon --start --background --quiet --pidfile \
                 $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
         echo "$NAME."
         ;;
@@ -103,6 +104,7 @@ case "$1" in
         echo "Restarting $DESC: "
         echo -n "Stopping $DESC: "
         if [ -f $RUNDIR/$NAME.pid ]; then
+                chown root:root $RUNDIR/$NAME.pid
                 start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
                 rm $RUNDIR/$NAME.pid
                 #echo $SOCKET
@@ -113,7 +115,7 @@ case "$1" in
         echo "$NAME."
 	sleep 1
         echo -n "Starting $DESC: "
-        start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+        start-stop-daemon --start --background --quiet --pidfile \
                 $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
         echo "$NAME."
 	;;