diff --git a/INSTALL/README.md b/INSTALL/README.md
index 2f37d01..9063699 100644
--- a/INSTALL/README.md
+++ b/INSTALL/README.md
@@ -32,19 +32,23 @@ docker-compose-exota-milter-1 | 2022-06-06 21:54:04,511: INFO 140529821924168 S
```
## kubernetes
+By default this example installs the Exota-milter workload into the `exota-milter` namespace, which must be created in advance:
```
-~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl apply -f 01_config-map.yaml
+kubectl create ns exota-milter
+
+namespace/exota-milter created
+```
+Deploy stateless workload (type `Deployment`) with `kustomize`:
+```
+~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl apply -k .
+
configmap/exota-milter-policy-cmap created
-
-~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl apply -f 02_deployment.yaml
-deployment.apps/exota-milter created
-
-~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl apply -f 03_service.yaml
service/exota-milter created
+deployment.apps/exota-milter created
```
-Check status of pods, replica-sets and service
+Check status of pods, replica-sets and cluster internal service:
```
-~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl -n devel get all
+~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl -n exota-milter get all
NAME READY STATUS RESTARTS AGE
pod/exota-milter-547dbccd8b-j69mn 1/1 Running 0 64s
pod/exota-milter-547dbccd8b-7hl6c 1/1 Running 0 64s
@@ -59,9 +63,9 @@ deployment.apps/exota-milter 3/3 3 3 64s
NAME DESIRED CURRENT READY AGE
replicaset.apps/exota-milter-547dbccd8b 3 3 3 65s
```
-Get logs of one of the pods:
+Get logs of the pods:
```
-~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl -n devel logs exota-milter-547dbccd8b-7hl6c
+~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl -n exota-milter logs -l app=exota-milter
2022-06-06 21:57:03,515: INFO Logger initialized
2022-06-06 21:57:03,515: INFO ENV[MILTER_NAME]: exota-milter
2022-06-06 21:57:03,515: INFO ENV[MILTER_SOCKET]: inet:4321@127.0.0.1
@@ -80,6 +84,18 @@ Get logs of one of the pods:
2022-06-06 21:57:03,516: INFO JSON policy backend initialized
2022-06-06 21:57:03,516: INFO Startup exota-milter@socket: inet:4321@127.0.0.1
```
+Remove workload from cluster:
+```
+~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl delete -k .
+
+configmap "exota-milter-policy-cmap" deleted
+service "exota-milter" deleted
+deployment.apps "exota-milter" deleted
+
+~/src/ExOTA-Milter/INSTALL/kubernetes$ kubectl delete ns exota-milter
+
+namespace "exota-milter" deleted
+```
## systemd
If you do not want to run the ExOTA-Milter in a containerized environment but directly as a systemd-unit/-service, first you´ll need to install all necessary python and build dependencies. Start with build deps (examples refere to ubuntu/debian):
diff --git a/INSTALL/kubernetes/01_config-map.yaml b/INSTALL/kubernetes/01_config-map.yaml
index c75507d..0bea43e 100644
--- a/INSTALL/kubernetes/01_config-map.yaml
+++ b/INSTALL/kubernetes/01_config-map.yaml
@@ -3,7 +3,6 @@ kind: ConfigMap
apiVersion: v1
metadata:
name: exota-milter-policy-cmap
- namespace: devel
data:
exota-milter-policy: |
{
diff --git a/INSTALL/kubernetes/02_deployment.yaml b/INSTALL/kubernetes/02_deployment.yaml
index 9212595..4e6e791 100644
--- a/INSTALL/kubernetes/02_deployment.yaml
+++ b/INSTALL/kubernetes/02_deployment.yaml
@@ -2,7 +2,6 @@
kind: Deployment
apiVersion: apps/v1
metadata:
- namespace: devel
name: exota-milter
labels:
app: exota-milter
diff --git a/INSTALL/kubernetes/03_service.yaml b/INSTALL/kubernetes/03_service.yaml
index 4c79055..5f9a13f 100644
--- a/INSTALL/kubernetes/03_service.yaml
+++ b/INSTALL/kubernetes/03_service.yaml
@@ -2,7 +2,6 @@
apiVersion: v1
kind: Service
metadata:
- namespace: devel
name: exota-milter
spec:
selector:
diff --git a/INSTALL/kubernetes/kustomization.yaml b/INSTALL/kubernetes/kustomization.yaml
new file mode 100644
index 0000000..702af4a
--- /dev/null
+++ b/INSTALL/kubernetes/kustomization.yaml
@@ -0,0 +1,7 @@
+namespace: exota-milter
+commonLabels:
+ app: exota-milter
+resources:
+- 01_config-map.yaml
+- 02_deployment.yaml
+- 03_service.yaml
\ No newline at end of file
diff --git a/README.md b/README.md
index 719f64b..e54486d 100644
--- a/README.md
+++ b/README.md
@@ -147,4 +147,33 @@ Take a look [here](OCI/README.md)
First of all please take a look at how to set up the testing environment, which is described [here](tests/README.md)
# How to install on docker/kubernetes/systemd?
-The installation procedure is documented [here](INSTALL/README.md)
\ No newline at end of file
+The installation procedure is documented [here](INSTALL/README.md)
+
+# How to *configure* the ExOTA-Milter?
+
+|ENV variable|type|default|description|
+|---|---|---|---|
+|MILTER_NAME|`string`|`exota-milter`|Name of the milter instance. Base for socket path. Name appears in logs |
+|MILTER_SOCKET|`string`|`/socket/`|Defines the filesystem path of milter socket. The milter can be also exposed as a tcp-socket like `inet:4321@127.0.0.1`|
+|MILTER_REJECT_MESSAGE|`string`|`Security policy violation!`|Milter reject (SMTP 5xx code) message presented to the calling MTA|
+|MILTER_TMPFAIL_MESSAGE|`string`|`Service temporarily not available! Please try again later.`|Milter temporary fail (SMTP 4xx code) message presentetd to the calling MTA.|
+|MILTER_TENANT_ID_REQUIRED|`bool`|`false`|Controls the requirement of the presence of the unofficial `X-MS-Exchange-CrossTenant-Id` header. Used as additional authentication factor.|
+|MILTER_DKIM_ENABLED|`bool`|`false`|Enables/disables the checking of DKIM authentication results. Used as additional but strong authentication factor.|
+|MILTER_DKIM_ALIGNMENT_REQUIRED|`bool`|`false`|Enables/disables the alighment checks of DKIM SDID with RFC-5322.from_domain. Requires ENV[MILTER_DKIM_ENABLED] = `true`|
+|MILTER_TRUSTED_AUTHSERVID|`string`|`invalid`|Specifies the trusted DKIM-signature validating entity (DKIM-validator - producer of Authentication-Results header). The DKIM-validator must place exactly the same string as configured here into the Authentication-Results header! Requires ENV[MILTER_DKIM_ENABLED] = `true`|
+|MILTER_POLICY_SOURCE|`string`|`file`|Policy source - Possible values `file` (JSON) or `ldap`|
+|MILTER_POLICY_FILE|`string`|`/data/policy.json`|Filesystem path to the (JSON) policy file. Requires ENV[MILTER_POLICY_SOURCE] = `file`|
+|MILTER_X509_ENABLED|`bool`|`false`|Enables/disables the checking of client x509-certificate. Used as additional authentication factor.|
+|MILTER_X509_TRUSTED_CN|`string`|`mail.protection.outlook.com`|FQDN of authenticating client MTA. Requires ENV[MILTER_X509_ENABLED] = `true`|
+|MILTER_X509_IP_WHITELIST|Whitespace or comma separated list of `string`|`127.0.0.1,::1`|List of IP-addresses for which the ExOTA-Milter skips x509 checks. Requires ENV[MILTER_X509_ENABLED] = `true`|
+|MILTER_ADD_HEADER|`bool`|`false`|Controls if the ExOTA-Milter should write an additional `X-ExOTA-Authentication-Results` header with authentication information|
+|MILTER_AUTHSERVID|`string`|empty|Provides ID of authenticating entity within `X-ExOTA-Authentication-Results` header to further validating instances. Required when ENV[MILTER_ADD_HEADER] = `true`|
+|MILTER_LDAP_SERVER_URI|`string`|empty|LDAP-URI of LDAP server holding ExOTA policies. Required when ENV[MILTER_POLICY_SOURCE] = `ldap`|
+|MILTER_LDAP_RECEIVE_TIMEOUT|`int`|5|Timespan the ExOTA-Milter waits for the LDAP server to respond to a request. This NOT the TCP-connect timeout! Requires ENV[MILTER_POLICY_SOURCE] = `ldap`|
+|MILTER_LDAP_BINDDN|`string`|empty|Distinguished name of the binding (authenticating) *user*|
+|MILTER_LDAP_BINDPW|`string`|empty|Password of the binding (authenticating) *user*|
+|MILTER_LDAP_SEARCH_BASE|`string`|empty|Search base-DN on the LDAP server. Required when ENV[MILTER_POLICY_SOURCE] = `ldap`|
+|MILTER_LDAP_QUERY|`string`|empty|LDAP query/filter used to match for a ExOTA-policy. A placeholder must be used to filter for the authenticating domain (`%d`), e.g. `(domain_attribute=%d)`|
+|MILTER_LDAP_TENANT_ID_ATTR|`string`|`exotaMilterTenantId`|Custom LDAP attribute name unless using the ExOTA-milter LDAP schema|
+|MILTER_LDAP_DKIM_ENABLED_ATTR|`string`|`exotaMilterDkimEnabled`|Custom LDAP attribute name unless using the ExOTA-milter LDAP schema|
+|MILTER_LDAP_DKIM_ALIGNMENT_REQIRED_ATTR|`string`|`exotaMilterDkimAlignmentRequired`|Custom LDAP attribute name unless using the ExOTA-milter LDAP schema|
diff --git a/app/exota-milter.py b/app/exota-milter.py
index 7338994..6c511db 100644
--- a/app/exota-milter.py
+++ b/app/exota-milter.py
@@ -165,12 +165,11 @@ class ExOTAMilter(Milter.Base):
return self.smfir_continue()
def header(self, name, hval):
- log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
- "/HDR: Header: {0}, Value: {1}".format(name, hval)
- )
-
# Parse RFC-5322-From header
- if(name.lower() == "From".lower()):
+ if(name.lower() == "from"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
hdr_5322_from = email.utils.parseaddr(hval)
self.hdr_from = hdr_5322_from[1].lower()
m = re.match(g_re_domain, self.hdr_from)
@@ -187,7 +186,10 @@ class ExOTAMilter(Milter.Base):
)
# Parse RFC-5322-Resent-From header (Forwarded)
- if(name.lower() == "Resent-From".lower()):
+ if(name.lower() == "resent-from"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
hdr_5322_resent_from = email.utils.parseaddr(hval)
self.hdr_resent_from = hdr_5322_resent_from[1].lower()
m = re.match(g_re_domain, self.hdr_resent_from)
@@ -204,7 +206,10 @@ class ExOTAMilter(Milter.Base):
)
# Parse non-standardized X-MS-Exchange-CrossTenant-Id header
- elif(name.lower() == "X-MS-Exchange-CrossTenant-Id".lower()):
+ elif(name.lower() == "x-ms-exchange-crosstenant-id"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
if g_milter_tenant_id_required == True:
log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
"/HDR: Tenant-ID: {0}".format(hval.lower())
@@ -219,8 +224,17 @@ class ExOTAMilter(Milter.Base):
self.hdr_tenant_id_count += 1
self.hdr_tenant_id = hval.lower()
+ # Just for debugging cases
+ elif(name.lower() == "dkim-signature"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
+
# Parse RFC-7601 Authentication-Results header
- elif(name.lower() == "Authentication-Results".lower()):
+ elif(name.lower() == "authentication-results"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
if g_milter_dkim_enabled == True:
ar = None
try:
@@ -248,6 +262,9 @@ class ExOTAMilter(Milter.Base):
)
elif(name == "X-ExOTA-Authentication-Results"):
+ log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
+ "/HDR: Header: {0}, Value: {1}".format(name, hval)
+ )
log_debug(self.mconn_id + "/" + str(self.getsymval('i')) +
"/HDR: Found X-ExOTA-Authentication-Results header. Marking for deletion."
)
diff --git a/app/logger.py b/app/logger.py
index b0b4390..7ecdce7 100644
--- a/app/logger.py
+++ b/app/logger.py
@@ -14,10 +14,6 @@ def init_logger():
elif re.match(r'debug', os.environ['LOG_LEVEL'], re.IGNORECASE):
log_level = logging.DEBUG
log_format = '%(asctime)s: %(levelname)s %(message)s '
- if log_level == logging.DEBUG:
- # Log thread-ID too. This helps to correlate DEBUG logs,
- # as Backend-logs do not have a queue_id nor a mconn_id!
- log_format = '%(asctime)s: %(levelname)s %(thread)d %(message)s '
logging.basicConfig(
filename = None, # log to stdout
format = log_format,
diff --git a/samples/exo_validator.eml b/samples/exo_validator.eml
deleted file mode 100644
index 8fa80bd..0000000
--- a/samples/exo_validator.eml
+++ /dev/null
@@ -1,64 +0,0 @@
-Return-Path: <>
-Received: from DEU01-FR2-obe.outbound.protection.outlook.com (mail-fr2deu01lp2173.outbound.protection.outlook.com [104.47.11.173])
- (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
- (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
- by outbound.connector.blahblubb.de (Postfix) with ESMTPS id 4CjqCQ2WRCzGjg6
- for ; Sat, 28 Nov 2020 12:34:26 +0100 (CET)
-ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
- b=RuGSfIN1OzQHDqrF0erLAHZ3fyhtmoE5Sllj+Qp6CtbcNUkkmdhR44b8capz/J1mBpyb13udY1mhkPZCK1Cmt+mpg9yFXgkv5BxY+dV9647Fq+MboUE60Psn84d4vXFvyrWDrFW1jWZi7/NdXhjLcCqTHpAzDaRfAOfGhG/VWYJAXnD/EBpCzPfd8hh9ZOONI2UN2HQfRnx0P3WXyeVSGilP4RGPdmcCZV5ZzpjlQoKUshjq293+ZltXaeKfF/LHGX0yScHhKO2f9O+qY3hnH0P+NGwFvhIky3IyszfxpANaJnz2Jpp0sK1W16rwGSTI2gl9bpJsj+wzKLGkJV75+Q==
-ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
- s=arcselector9901;
- h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
- bh=KWHUKEKZxeQyFbKe45TV1PJMC2XrVCMTFkdwSYWR6o0=;
- b=go8dFv6srV3NnETxQxaANld1if9BOsIgrhjefC4WkRrrgwEjZSNnm9DyO+GC2ZZo60At5JHOVLjqN9kjz2pFdAG0qnFEj3Wx/6NnuTfBUk0n4s32RoFuhADu8BC+aOU9Ec909uu2QQ9ucEMiVSjuyQ3QpGS5DR0yCAZLZ12B61hmoMgkXJ9ah6rluUV4GeMGKTsUn16u6mrJycXp0OoD4n19JomPpQo5o8gouK3Zz4F7DxX4lshNJ+VCsOznqS+FI4rQ2LSyU8Y0AZa9clyCSN94AJa6K0TiDgQ/gLZEWsZ1tZkgPrdMlyqi58ONW/dNQ7lyrEFz6deB4YmsusJPbQ==
-ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
- action=none header.from=lalalulu.onmicrosoft.com; dkim=none (message not
- signed); arc=none
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
- d=lalalulu.onmicrosoft.com; s=selector1-lalalulu-onmicrosoft-com;
- h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
- bh=KWHUKEKZxeQyFbKe45TV1PJMC2XrVCMTFkdwSYWR6o0=;
- b=DYTLJtLFjvVrSZtZQagTwuEe5PQYqrNGi7hR5bkhO+GYUV4dcQZnDO4hAPzJkOWhz8JCVJ+/yt5K8L/exegk80g9m0GJjZzJBxMy0ZE/7wg8yqiHNE+iQqWhJLtwsD23kx2+09G5dBSDI1QVqFKkL0YKBWVffSuXi+tjM4/BztffZ7ok7XZdKCFfKzK3TLdiAWYTRIp1214zdnIE0CLBhnOIWC4gnML2fXsVZsWb/CMgaW0vBsZGI/yaSivaNFPZloSb0/sEnMFMEbv2GXt9mN913M0thwCi/+NLwzaW6TNlw2Vz7l4SGRVvciGaa4s2sFnJ0ANMD2u5qBbJ8j8Z0w==
-Authentication-Results: blahblubb.de; dkim=none (message not signed)
- header.d=none;blahblubb.de; dmarc=none action=none
- header.from=lalalulu.onmicrosoft.com;
-Received: from AM6P193CA0087.EURP193.PROD.OUTLOOK.COM (2603:10a6:209:88::28)
- by BEXP281MB0216.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:6::12) with
- Microsoft SMTP Server (version=TLS1_2,
- cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.6; Sat, 28 Nov
- 2020 11:34:25 +0000
-Received: from BE0P281MB0257.DEUP281.PROD.OUTLOOK.COM
- (2603:10a6:209:88:cafe::a2) by AM6P193CA0087.outlook.office365.com
- (2603:10a6:209:88::28) with Microsoft SMTP Server (version=TLS1_2,
- cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend
- Transport; Sat, 28 Nov 2020 11:34:24 +0000
-From: O365ConnectorValidation@lalalulu.onmicrosoft.com
-Date: Sat, 28 Nov 2020 11:34:24 +0000
-Message-Id:
-To: some.recipient@example.org
-Subject: Test email for connector validation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=us-ascii
-X-MS-PublicTrafficType: Email
-X-MS-Office365-Filtering-Correlation-Id: abcd1234-abcd-471a-1234-08d893918edd
-X-MS-TrafficTypeDiagnostic: BEXP281MB0216:
-X-Microsoft-Antispam-PRVS:
-
-X-MS-Oob-TLC-OOBClassifiers: OLM:2733;
-X-MS-Exchange-SenderADCheck: 1
-X-Microsoft-Antispam: BCL:0;
-X-Microsoft-Antispam-Message-Info:
- P2dut4iALZ4EsHFmDE6p0OBg/Q4PvbmhUGI6BnGbHo/u7Vza6tyXE6BPK0VrJQ8WnCYXNx7lEKtiZs8nakJ9EghgxvFRNuYyRBJcGAdlN2TJAb2/7Wp5m7vzuGp1JJhES0RC/hypLDL8miRoP1xYl/pQHZVUGczSddujsZT6im0EgDJvAB0L1vzyKvZJ1QH3vTWDKMAgetlQHiPvCfzZmUgY92g1+sfF9UwGTRXDj8cd83H+TLI7GL8kZF1H219l+DLDiZ3u+qUdprwMn9XDEBljZpczY8BhiFdmnbyJ26ePVNa5JluRboz2Gfaa6GZE+ar8FyKtepxFOyNlI+hyL/vcWNwmnjL+pyYFVPPHnODjxu8JixWg00ThTUiZbclJ
-X-Forefront-Antispam-Report:
- CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BE0P281MB0257.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(376002)(346002)(39830400003)(34036004)(366004)(396003)(136003)(31686004)(78352004)(6916009)(508600001)(5660300002)(42882007)(2906002)(8936002)(558084003)(31696002)(17440700003)(316002)(9686003)(85236043)(68406010)(8676002)(83380400001)(16130700016)(100380200003)(20230700015);DIR:OUT;SFP:1501;
-X-OriginatorOrg: lalalulu.onmicrosoft.com
-X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Nov 2020 11:34:24.7460
- (UTC)
-X-MS-Exchange-CrossTenant-Network-Message-Id: abcd1234-abcd-471a-1234-08d893918edd
-X-MS-Exchange-CrossTenant-AuthSource: AM6P193CA0087.EURP193.PROD.OUTLOOK.COM
-X-MS-Exchange-CrossTenant-AuthAs: Internal
-X-MS-Exchange-CrossTenant-Id: 1234abcd-18c5-45e8-88de-123456789abc
-X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
-X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEXP281MB0216
-
-This test email message was sent from Office 365 to check that email can be delivered to you using your new or modified connector. No need to reply.
\ No newline at end of file
diff --git a/samples/multiple_from.eml b/samples/multiple_from.eml
deleted file mode 100644
index 1d24578..0000000
--- a/samples/multiple_from.eml
+++ /dev/null
@@ -1,2 +0,0 @@
-From: from2@example.com
-From: from1@example.org
\ No newline at end of file
diff --git a/snippets/parse_5322_headers.py b/snippets/parse_5322_headers.py
deleted file mode 100644
index 0e19435..0000000
--- a/snippets/parse_5322_headers.py
+++ /dev/null
@@ -1,16 +0,0 @@
-import sys
-import email, email.header
-from email.utils import getaddresses
-
-f = open("../samples/exo_validator.eml", "r")
-email = email.message_from_file(f)
-from_hdr = email.get_all("From")
-print("from_hdr: " + str(from_hdr))
-if(len(from_hdr) > 1):
- print("Multiple From-headers found!")
- sys.exit(1)
-elif(len(from_hdr) == 1):
- print("Exactly one From-header found :)")
- print(from_hdr)
- from_addr = getaddresses(from_hdr)
- print(str(from_addr[0][1]))
diff --git a/tests/miltertest.lua b/tests/miltertest.lua
index bc9ad04..83d8acd 100644
--- a/tests/miltertest.lua
+++ b/tests/miltertest.lua
@@ -37,37 +37,45 @@ if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then
- error "mt.header(From) failed"
+ error "mt.header(Resent-From) failed"
end
if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(X-MS-Exchange-CrossTenant-Id) failed"
+end
+
+dkim_sig = "v=1; a=rsa-sha256; c=relaxed/simple; d=staging.zwackl.de;\n"
+.."\ts=selector-xyz; t=1685872089;\n"
+.."\tbh=5/ZUJAdcuyAn6J+J6apWtAaJLbDCKkI5Ie31qVKiY0w=;\n"
+.."\th=Date:From:To:Subject:MIME-Version:Content-Type;\n"
+.."\tb=Bn/xAbFFjAg1b9bBFPHAYSaupsnL4pzPPDUauetfGB0hu0Qz0Dio+4Z2Vi6PMOesA\n"
+.."\t72VbehuxG+b++XVL/hs3+K6p7vTgVAWiWAZLvfs5bHE5HAalsCrNenpKTk6RUcSYtw\n"
+.."\tLiiYhvw0TR5LbyNoSPG2J16mXEcS+k2q+K7WfwMg="
+if mt.header(conn, "DKIM-Signature", dkim_sig) ~= nil then
+ error "mt.header(DKIM-Signature) failed"
end
---if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "4321abcd-18c5-45e8-88de-blahblubb") ~= nil then
--- error "mt.header(Subject) failed"
---end
if mt.header(conn, "Authentication-Results", "another-wrong-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-Results", "wrong-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "Authentication-Results", "some-validating-host;\n dkim=pass header.d=paypal.de header.s=pp-dkim1 header.b=PmTtUzer;\n dmarc=pass (policy=reject) header.from=paypal.de;\n spf=pass (some-validating-host: domain of service@paypal.de designates 173.0.84.226 as permitted sender) smtp.mailfrom=service@paypal.de") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(Authentication-Results) failed"
end
if mt.header(conn, "X-ExOTA-Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then
- error "mt.header(Subject) failed"
+ error "mt.header(X-ExOTA-Authentication-Results) failed"
end
-- EOM
diff --git a/tests/miltertest_conn_reuse_fail_pass.lua b/tests/miltertest_conn_reuse_fail_pass.lua
index 89cdf00..38e72af 100644
--- a/tests/miltertest_conn_reuse_fail_pass.lua
+++ b/tests/miltertest_conn_reuse_fail_pass.lua
@@ -35,13 +35,13 @@ if mt.header(conn, "fRoM", '"Blah Blubb"