github-public-mirror/ExOTA-Milter
1
0
Fork 0
mirror of https://github.com/chillout2k/ExOTA-Milter.git synced 2025-12-13 02:10:18 +00:00
Code Issues Releases Wiki Activity

docs

Browse Source
This commit is contained in:
Dominik Chilla 2020-11-30 16:33:42 +01:00
parent 816223c181
commit 4e806948c2
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -73,13 +73,23 @@ Authentication-Results: trusted.dkim.validating.relay; dkim=pass header.d=tenan
[...]
```
## X-MS-Exchange-CrossTenant-Id header
Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** determines the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor.
## X-MS-Exchange-CrossTenant-Id header (policy binding)
Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** extracts the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor.
```
[...]
X-MS-Exchange-CrossTenant-Id: <UUID-of-tenant>
[...]
```
At last the **ExOTA-Milter** needs an additional policy (JSON file), that provides a mapping of *sender-domain <-> tenant-id* and if DKIM-signatures must be taken under consideration or not. The JSON policy file itself looks like this:
```
{
"lalalulu.onmicrosoft.com": {
"tenant_id": "1234abcd-18c5-45e8-88de-123456789abc",
"dkim_enabled": true
}
}
```
Actually I´m also working on a LDAP-based version as policy backend.
# The solution
So, *how can an Exchange-Online user/tenant be identified by a third party smarthost?*
@ -114,7 +124,7 @@ Prerequisites: `docker-compose` installed
* `cd /docker/containers/exota-milter`
* Create further directories in the deployment directory:
* `install -d -m 777 data`. The application expects the policy file in `/data/policy.json` (path inside the container!).
* `install -d -m 777 socket`. The application places the milter socket file under `/socket/exomilter-socket` (path inside the container!)
* `install -d -m 777 socket`. The application places the milter socket file under `/socket/exota-milter` (path inside the container!)
* Create the policy file `data/policy.json` with following content:
```
{