DKIM-alignment required per default globally

OCI/README.md

@@ -44,6 +44,7 @@ services:
       #MILTER_SOCKET: 'inet:123456@0.0.0.0'
       MILTER_POLICY_FILE: '/data/policy.json'
       MILTER_DKIM_ENABLED: 'some_value'
+      MILTER_DKIM_ALIGNMENT_REQUIRED: 'True'
       MILTER_TRUSTED_AUTHSERVID: 'my-auth-serv-id'
       MILTER_X509_ENABLED: 'some_value'
       MILTER_X509_TRUSTED_CN: 'mail.protection.outlook.com'

app/exota-milter.py

@@ -27,6 +27,8 @@ g_milter_tmpfail_message = 'Service temporarily not available! Please try again
 g_loglevel = logging.INFO
 # ENV[MILTER_DKIM_ENABLED]
 g_milter_dkim_enabled = False
+# ENV[MILTER_DKIM_ALIGNMENT_REQUIRED]
+g_milter_dkim_alignment_required = True
 # ENV[MILTER_TRUSTED_AUTHSERVID]
 g_milter_trusted_authservid = 'invalid'
 # ENV[MILTER_POLICY_SOURCE]
@@ -350,6 +352,11 @@ class ExOTAMilter(Milter.Base):
           logging.info(self.mconn_id + "/" + str(self.getsymval('i')) +
             "/EOM: No aligned DKIM signatures found!"
           )
+          if g_milter_dkim_alignment_required:
+            return self.smfir_reject(
+              queue_id = self.getsymval('i'),
+              reason = 'DKIM alignment required!'
+            )
       else:
         logging.info(self.mconn_id + "/" + str(self.getsymval('i')) +
           "/EOM: No valid DKIM authentication result found"
@@ -449,6 +456,17 @@ if __name__ == "__main__":
     else:
       logging.error("ENV[MILTER_TRUSTED_AUTHSERVID] is mandatory!")
       sys.exit(1)
+    if 'MILTER_DKIM_ALIGNMENT_REQUIRED' in os.environ:
+      if os.environ['MILTER_DKIM_ALIGNMENT_REQUIRED'] == 'True':
+        g_milter_dkim_alignment_required = True
+      elif os.environ['MILTER_DKIM_ALIGNMENT_REQUIRED'] == 'False':
+        g_milter_dkim_alignment_required = False
+      else:
+        logging.error("ENV[MILTER_DKIM_ALIGNMENT_REQUIRED] must be a boolean type: 'True' or 'False'!")
+        sys.exit(1)
+    logging.info("ENV[MILTER_DKIM_ALIGNMENT_REQUIRED]: {0}".format(
+      g_milter_dkim_alignment_required
+    ))
   logging.info("ENV[MILTER_DKIM_ENABLED]: {0}".format(g_milter_dkim_enabled))
   if 'MILTER_X509_ENABLED' in os.environ:
     g_milter_x509_enabled = True

tests/README.md

@@ -16,6 +16,7 @@ export LOG_LEVEL=debug
 export MILTER_SOCKET=/tmp/exota-milter
 export MILTER_POLICY_FILE=tests/policy.json
 export MILTER_DKIM_ENABLED=yepp
+export MILTER_DKIM_ALIGNMENT_REQUIRED=True
 export MILTER_TRUSTED_AUTHSERVID=my-auth-serv-id
 export MILTER_X509_ENABLED=yepp
 export MILTER_X509_TRUSTED_CN=mail.protection.outlook.com

tests/miltertest.lua

@@ -30,10 +30,10 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then
 end
 
 -- HEADER
-if mt.header(conn, "fRoM", '"Blah Blubb" <O365ConnectorValidation@yad.onmicrosoft.com>') ~= nil then
+if mt.header(conn, "fRoM", '"Blah Blubb" <O365ConnectorValidation@yad.onmicrosoft.comx>') ~= nil then
   error "mt.header(From) failed"  
 end
-if mt.header(conn, "aaa-resent-fRoM", '"Blah Blubb" <blah@yad.onmicrosoft.COMa>') ~= nil then
+if mt.header(conn, "resent-fRoM", '"Blah Blubb" <blah@yad.onmicrosoft.COM>') ~= nil then
   error "mt.header(From) failed"  
 end
 if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then
@@ -51,7 +51,7 @@ end
 if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n  exota=pass") ~= nil then
   error "mt.header(Subject) failed"  
 end
-if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n  dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
+if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n  dkim=pass header.d=yad.onmicrosoft.com-blubb header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
   error "mt.header(Subject) failed"  
 end
 if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n  dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then