Fix subdomain signing with top-level organizational domain
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dkimpy-milter |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Expected behaviour:
Given the following setup:
root@mailrouter
key1 example.
key2 example.
root@mailrouter
*@example.com key1
*example.com key1
*@example.net key2
*example.net key2
it should be possible - according to docs - to sign all subdomains of example.com with dkim-1.
Actual result:
No signing takes place.
Probable cause:
In get_identities_sign in the milter class self.domains is an empty array since the config values Domain etc. are not used, and in the code path executed when using the Table files the domain array is not pre-filled with all known domains but instead the current domain is added on-the-fly when a match is found. Since self.domains is not pre-filled, the get_parent_domain also cannot do its job.
Proposed fix:
The attached patch adds a domain found in the keytable - at a point in the code where it is decided that the corresponding credentials can be used for signing - to self.domains so that the if-condition later on (around line 204) can succeed and signing actually takes place. It is found to be a working minimal change.
| Matthias Hunstock (atze80) wrote | #1 |
| description: | updated |
| Changed in dkimpy-milter: | |
| importance: | Undecided → Medium |
| milestone: | none → 1.2.3 |
| status: | New → Triaged |
| Scott Kitterman (kitterman) wrote | #2 |
| Changed in dkimpy-milter: | |
| status: | Triaged → Fix Committed |
| Changed in dkimpy-milter: | |
| status: | Fix Committed → Fix Released |
Thanks. Committed for the next release.