Fix subdomain signing with top-level organizational domain

Bug #1999434 reported by Matthias Hunstock
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

Expected behaviour:

Given the following setup:

root@mailrouter:/etc/dkimpy-milter# cat KeyTable.txt

root@mailrouter:/etc/dkimpy-milter# cat SigningTable.txt
* key1
* key1
* key2
* key2

it should be possible - according to docs - to sign all subdomains of with instead of having to create a DNS entry for each subdomain.

Actual result:
No signing takes place.

Probable cause:

In get_identities_sign in the milter class is an empty array since the config values Domain etc. are not used, and in the code path executed when using the Table files the domain array is not pre-filled with all known domains but instead the current domain is added on-the-fly when a match is found. Since is not pre-filled, the get_parent_domain also cannot do its job.

Proposed fix:

The attached patch adds a domain found in the keytable - at a point in the code where it is decided that the corresponding credentials can be used for signing - to so that the if-condition later on (around line 204) can succeed and signing actually takes place. It is found to be a working minimal change.

Revision history for this message
Matthias Hunstock (atze80) wrote :
description: updated
Changed in dkimpy-milter:
importance: Undecided → Medium
milestone: none → 1.2.3
status: New → Triaged
Revision history for this message
Scott Kitterman (kitterman) wrote :

Thanks. Committed for the next release.

Changed in dkimpy-milter:
status: Triaged → Fix Committed
Changed in dkimpy-milter:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.