From 4e806948c25b389ad01754e19fc950ae60027c16 Mon Sep 17 00:00:00 2001 From: Dominik Chilla Date: Mon, 30 Nov 2020 16:33:42 +0100 Subject: [PATCH] docs --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e407919..909bdc1 100644 --- a/README.md +++ b/README.md @@ -73,13 +73,23 @@ Authentication-Results: trusted.dkim.validating.relay; dkim=pass header.d=tenan [...] ``` -## X-MS-Exchange-CrossTenant-Id header -Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** determines the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor. +## X-MS-Exchange-CrossTenant-Id header (policy binding) +Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** extracts the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor. ``` [...] X-MS-Exchange-CrossTenant-Id: [...] ``` +At last the **ExOTA-Milter** needs an additional policy (JSON file), that provides a mapping of *sender-domain <-> tenant-id* and if DKIM-signatures must be taken under consideration or not. The JSON policy file itself looks like this: +``` +{ + "lalalulu.onmicrosoft.com": { + "tenant_id": "1234abcd-18c5-45e8-88de-123456789abc", + "dkim_enabled": true + } +} +``` +Actually I´m also working on a LDAP-based version as policy backend. # The solution So, *how can an Exchange-Online user/tenant be identified by a third party smarthost?* @@ -114,7 +124,7 @@ Prerequisites: `docker-compose` installed * `cd /docker/containers/exota-milter` * Create further directories in the deployment directory: * `install -d -m 777 data`. The application expects the policy file in `/data/policy.json` (path inside the container!). - * `install -d -m 777 socket`. The application places the milter socket file under `/socket/exomilter-socket` (path inside the container!) + * `install -d -m 777 socket`. The application places the milter socket file under `/socket/exota-milter` (path inside the container!) * Create the policy file `data/policy.json` with following content: ``` {