Fix subdomain signing with top-level organizational domain

Bug #1999434 reported by Matthias Hunstock
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy-milter
Fix Released
Medium
Unassigned

Bug Description

Expected behaviour:

Given the following setup:

root@mailrouter:/etc/dkimpy-milter# cat KeyTable.txt
key1 example.com:dkim-1:/etc/ssl/private/dkim-1.key
key2 example.net:dkim-2:/etc/ssl/private/dkim-2.key

root@mailrouter:/etc/dkimpy-milter# cat SigningTable.txt
*@example.com key1
*example.com key1
*@example.net key2
*example.net key2

it should be possible - according to docs - to sign all subdomains of example.com with dkim-1._domainkey.example.com instead of having to create a DNS entry for each subdomain.

Actual result:
No signing takes place.

Probable cause:

In get_identities_sign in the milter class self.domains is an empty array since the config values Domain etc. are not used, and in the code path executed when using the Table files the domain array is not pre-filled with all known domains but instead the current domain is added on-the-fly when a match is found. Since self.domains is not pre-filled, the get_parent_domain also cannot do its job.

Proposed fix:

The attached patch adds a domain found in the keytable - at a point in the code where it is decided that the corresponding credentials can be used for signing - to self.domains so that the if-condition later on (around line 204) can succeed and signing actually takes place. It is found to be a working minimal change.

Revision history for this message
Matthias Hunstock (atze80) wrote :
description: updated
Changed in dkimpy-milter:
importance: Undecided → Medium
milestone: none → 1.2.3
status: New → Triaged
Revision history for this message
Scott Kitterman (kitterman) wrote :

Thanks. Committed for the next release.

Changed in dkimpy-milter:
status: Triaged → Fix Committed
Changed in dkimpy-milter:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.