| 2022-12-12 20:02:00 |
Matthias Hunstock |
description |
Expected behaviour:
Given the following setup:
root@mailrouter:/etc/dkimpy-milter# cat KeyTable.txt
key1 example.com:dkim-1:/etc/ssl/private/dkim-1.key
key2 example.net:dkim-2:/etc/ssl/private/dkim-2.key
root@mailrouter:/etc/dkimpy-milter# cat SigningTable.txt
*@example.com key1
*example.com key1
*@example.net key2
*example.net key2
it should be possible - according to docs - to sign all subdomains of example.com with dkim-1._domainkey.example.com instead of having to create a DNS entry for each subdomain.
Actual result:
No signing takes place.
Probable cause:
In get_identities_sign in the milter class self.domains is an empty array since the config values Domain etc. are not used, and in the code path executed when using the Table files the domain array is not pre-filled with all known domains but instead the current domain is added on-the-fly when a match is found. Since self.domains is not pre-filled, the get_parent_domain also does cannot do its job.
Proposed fix:
The attached patch adds a domain found in the keytable - at a point in the code where it is decided that the corresponding credentials can be used for signing - to self.domains so that the if-condition later on (around line 204) can succeed and signing actually takes place. It is found to be a working minimal change. |
Expected behaviour:
Given the following setup:
root@mailrouter:/etc/dkimpy-milter# cat KeyTable.txt
key1 example.com:dkim-1:/etc/ssl/private/dkim-1.key
key2 example.net:dkim-2:/etc/ssl/private/dkim-2.key
root@mailrouter:/etc/dkimpy-milter# cat SigningTable.txt
*@example.com key1
*example.com key1
*@example.net key2
*example.net key2
it should be possible - according to docs - to sign all subdomains of example.com with dkim-1._domainkey.example.com instead of having to create a DNS entry for each subdomain.
Actual result:
No signing takes place.
Probable cause:
In get_identities_sign in the milter class self.domains is an empty array since the config values Domain etc. are not used, and in the code path executed when using the Table files the domain array is not pre-filled with all known domains but instead the current domain is added on-the-fly when a match is found. Since self.domains is not pre-filled, the get_parent_domain also cannot do its job.
Proposed fix:
The attached patch adds a domain found in the keytable - at a point in the code where it is decided that the corresponding credentials can be used for signing - to self.domains so that the if-condition later on (around line 204) can succeed and signing actually takes place. It is found to be a working minimal change. |
|
