diff --git a/OCI/README.md b/OCI/README.md index ec313c2..5ba3f19 100644 --- a/OCI/README.md +++ b/OCI/README.md @@ -44,6 +44,7 @@ services: #MILTER_SOCKET: 'inet:123456@0.0.0.0' MILTER_POLICY_FILE: '/data/policy.json' MILTER_DKIM_ENABLED: 'some_value' + MILTER_DKIM_ALIGNMENT_REQUIRED: 'True' MILTER_TRUSTED_AUTHSERVID: 'my-auth-serv-id' MILTER_X509_ENABLED: 'some_value' MILTER_X509_TRUSTED_CN: 'mail.protection.outlook.com' diff --git a/app/exota-milter.py b/app/exota-milter.py index 0aaa895..55f9d58 100644 --- a/app/exota-milter.py +++ b/app/exota-milter.py @@ -27,6 +27,8 @@ g_milter_tmpfail_message = 'Service temporarily not available! Please try again g_loglevel = logging.INFO # ENV[MILTER_DKIM_ENABLED] g_milter_dkim_enabled = False +# ENV[MILTER_DKIM_ALIGNMENT_REQUIRED] +g_milter_dkim_alignment_required = True # ENV[MILTER_TRUSTED_AUTHSERVID] g_milter_trusted_authservid = 'invalid' # ENV[MILTER_POLICY_SOURCE] @@ -350,6 +352,11 @@ class ExOTAMilter(Milter.Base): logging.info(self.mconn_id + "/" + str(self.getsymval('i')) + "/EOM: No aligned DKIM signatures found!" ) + if g_milter_dkim_alignment_required: + return self.smfir_reject( + queue_id = self.getsymval('i'), + reason = 'DKIM alignment required!' + ) else: logging.info(self.mconn_id + "/" + str(self.getsymval('i')) + "/EOM: No valid DKIM authentication result found" @@ -449,6 +456,17 @@ if __name__ == "__main__": else: logging.error("ENV[MILTER_TRUSTED_AUTHSERVID] is mandatory!") sys.exit(1) + if 'MILTER_DKIM_ALIGNMENT_REQUIRED' in os.environ: + if os.environ['MILTER_DKIM_ALIGNMENT_REQUIRED'] == 'True': + g_milter_dkim_alignment_required = True + elif os.environ['MILTER_DKIM_ALIGNMENT_REQUIRED'] == 'False': + g_milter_dkim_alignment_required = False + else: + logging.error("ENV[MILTER_DKIM_ALIGNMENT_REQUIRED] must be a boolean type: 'True' or 'False'!") + sys.exit(1) + logging.info("ENV[MILTER_DKIM_ALIGNMENT_REQUIRED]: {0}".format( + g_milter_dkim_alignment_required + )) logging.info("ENV[MILTER_DKIM_ENABLED]: {0}".format(g_milter_dkim_enabled)) if 'MILTER_X509_ENABLED' in os.environ: g_milter_x509_enabled = True diff --git a/tests/README.md b/tests/README.md index f5ffd94..f33612d 100644 --- a/tests/README.md +++ b/tests/README.md @@ -16,6 +16,7 @@ export LOG_LEVEL=debug export MILTER_SOCKET=/tmp/exota-milter export MILTER_POLICY_FILE=tests/policy.json export MILTER_DKIM_ENABLED=yepp +export MILTER_DKIM_ALIGNMENT_REQUIRED=True export MILTER_TRUSTED_AUTHSERVID=my-auth-serv-id export MILTER_X509_ENABLED=yepp export MILTER_X509_TRUSTED_CN=mail.protection.outlook.com diff --git a/tests/miltertest.lua b/tests/miltertest.lua index 1197a5d..e69eaa1 100644 --- a/tests/miltertest.lua +++ b/tests/miltertest.lua @@ -30,10 +30,10 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end -if mt.header(conn, "aaa-resent-fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "resent-fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then @@ -51,7 +51,7 @@ end if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com-blubb header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then