[pmg-devel] [PATCH pmg-api] Don't add DKIM signature without domain

Stoiko Ivanov s.ivanov at proxmox.com
Fri Nov 22 10:40:57 CET 2019 

When the DKIMSign module fails to determine the domain for signing
(the one added to the header and used for retrieving the publickey record)
the code logs that no signing will take place, but only does not set the
domain - resulting in a generated and added signature with domain 'example.com'

Fixed by returning the success-status from signing_domain and only signing if
it was successful.

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
Sorry for catching this so late!
I think we can ship a fixed version after the upcoming 6.1 release, since it's
a small inconvenience in a new feature:
* DKIM works if configured correctly
* if the configuration exposes the issue the mail will get signed with a broken
  signature, instead of not getting signed - AFAIR SpamAssassin will assign a
  score of 0.1 to such mails

 src/PMG/DKIMSign.pm | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/PMG/DKIMSign.pm b/src/PMG/DKIMSign.pm
index 1107959..5810cea 100644
--- a/src/PMG/DKIMSign.pm
+++ b/src/PMG/DKIMSign.pm
@@ -61,7 +61,7 @@ sub signing_domain {
 
     if ($self->{sign_all}) {
 	    $self->domain($input_domain) if $self->{sign_all};
-	    return;
+	    return 1;
     }
 
     # check that input_domain is in/a subdomain of in the
@@ -72,13 +72,13 @@ sub signing_domain {
     foreach my $domain (sort keys %$dkimdomains) {
 	if ( $input_domain =~ /\Q$domain\E$/i ) {
 	    $self->domain($domain);
-	    return;
+	    return 1;
 	}
     }
 
     syslog('info', "not DKIM signing mail from $sender_email");
 
-    return;
+    return 0;
 }
 
 
@@ -107,11 +107,12 @@ sub sign_entity {
     my $signer = __PACKAGE__->new($selector, $sign_all);
 
     $signer->extended_headers($extended_headers);
-    $signer->signing_domain($sender);
 
-    $entity->print($signer);
-    my $signature = $signer->create_signature();
-    $entity->head->add('DKIM-Signature', $signature, 0);
+    if ($signer->signing_domain($sender)) {
+	$entity->print($signer);
+	my $signature = $signer->create_signature();
+	$entity->head->add('DKIM-Signature', $signature, 0);
+    }
 
     return $entity;
 
-- 
2.20.1

More information about the pmg-devel mailing list