[pmg-devel] [PATCH pmg-api v3 05/11] DKIM sign outbound mail if configured
Stoiko Ivanov
s.ivanov at proxmox.com
Fri Oct 18 16:53:52 CEST 2019
The signing is done in the Accept-Action just before the mail gets handed to
the outbound postifx process, thus ensuring that all modifications done by
the rule-system don't invalidate the signature
The PMG::DKIMSign/DKIM::Signer object is not cached, since subsequent calls to
the same object lead to invalid signatures.
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
src/PMG/RuleDB/Accept.pm | 14 +++++++++++++-
src/PMG/RuleDB/BCC.pm | 11 +++++++++++
src/bin/pmg-smtp-filter | 7 +++++++
3 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/src/PMG/RuleDB/Accept.pm b/src/PMG/RuleDB/Accept.pm
index 8e76d8f..0bcf250 100644
--- a/src/PMG/RuleDB/Accept.pm
+++ b/src/PMG/RuleDB/Accept.pm
@@ -10,6 +10,7 @@ use Digest::SHA;
use PMG::Utils;
use PMG::ModGroup;
+use PMG::DKIMSign;
use PMG::RuleDB::Object;
use base qw(PMG::RuleDB::Object);
@@ -89,7 +90,8 @@ sub execute {
my ($self, $queue, $ruledb, $mod_group, $targets,
$msginfo, $vars, $marks) = @_;
- my $subgroups = $mod_group->subgroups($targets, 1);
+ my $dkim = $msginfo->{dkim} // {};
+ my $subgroups = $mod_group->subgroups($targets, !$dkim->{sign});
my $rulename = $vars->{RULE} // 'unknown';
@@ -98,6 +100,16 @@ sub execute {
PMG::Utils::remove_marks($entity);
+ if ($dkim->{sign}) {
+ eval {
+ $entity = PMG::DKIMSign::sign_entity($entity,
+ $dkim->{selector}, $msginfo->{sender}, $dkim->{sign_all});
+ };
+ syslog('warning',
+ "Could not create DKIM-Signature - disabling Signing: $@") if $@;
+ }
+
+
if ($msginfo->{testmode}) {
my $fh = $msginfo->{test_fh};
print $fh "accept from: $msginfo->{sender}\n";
diff --git a/src/PMG/RuleDB/BCC.pm b/src/PMG/RuleDB/BCC.pm
index be695f7..a8db3f5 100644
--- a/src/PMG/RuleDB/BCC.pm
+++ b/src/PMG/RuleDB/BCC.pm
@@ -8,6 +8,7 @@ use PVE::SafeSyslog;
use PMG::Utils;
use PMG::ModGroup;
+use PMG::DKIMSign;
use PMG::RuleDB::Object;
use base qw(PMG::RuleDB::Object);
@@ -137,6 +138,16 @@ sub execute {
$entity = $entity->dup();
PMG::Utils::remove_marks($entity);
+ my $dkim = $msginfo->{dkim} // {};
+ if ($dkim->{sign}) {
+ eval {
+ $entity = PMG::DKIMSign::sign_entity($entity,
+ $dkim->{selector}, $msginfo->{sender}, $dkim->{sign_all});
+ };
+ syslog('warning',
+ "Could not create DKIM-Signature - disabling Signing: $@") if $@;
+ }
+
if ($msginfo->{testmode}) {
my $fh = $msginfo->{test_fh};
print $fh "bcc from: $msginfo->{sender}\n";
diff --git a/src/bin/pmg-smtp-filter b/src/bin/pmg-smtp-filter
index 62ce9ab..5f1e582 100755
--- a/src/bin/pmg-smtp-filter
+++ b/src/bin/pmg-smtp-filter
@@ -640,6 +640,13 @@ sub handle_smtp {
$msginfo->{xforward} = $smtp->{xforward};
$msginfo->{targets} = $smtp->{to};
+ my $dkim_sign = $msginfo->{trusted} && $pmg_cfg->get('admin', 'dkim_sign');
+ if ($dkim_sign) {
+ $msginfo->{dkim}->{sign} = $dkim_sign;
+ $msginfo->{dkim}->{sign_all} = $pmg_cfg->get('admin', 'dkim_sign_all_mail');
+ $msginfo->{dkim}->{selector} = $pmg_cfg->get('admin', 'dkim_selector');
+ }
+
$msginfo->{hostname} = PVE::INotify::nodename();
my $resolv = PVE::INotify::read_file('resolvconf');
--
2.20.1
More information about the pmg-devel
mailing list