From 4e806948c25b389ad01754e19fc950ae60027c16 Mon Sep 17 00:00:00 2001 From: Dominik Chilla Date: Mon, 30 Nov 2020 16:33:42 +0100 Subject: [PATCH 1/2] docs --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e407919..909bdc1 100644 --- a/README.md +++ b/README.md @@ -73,13 +73,23 @@ Authentication-Results: trusted.dkim.validating.relay; dkim=pass header.d=tenan [...] ``` -## X-MS-Exchange-CrossTenant-Id header -Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** determines the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor. +## X-MS-Exchange-CrossTenant-Id header (policy binding) +Further each Microsoft Exchange-Online tenant has a unique tenant-ID in form of a UUID ([RFC 4122](https://tools.ietf.org/html/rfc4122)). **ExOTA-Milter** extracts the tenant-ID from the *X-MS-Exchange-CrossTenant-Id* email header and uses it as a *mandatory* authentication factor. ``` [...] X-MS-Exchange-CrossTenant-Id: [...] ``` +At last the **ExOTA-Milter** needs an additional policy (JSON file), that provides a mapping of *sender-domain <-> tenant-id* and if DKIM-signatures must be taken under consideration or not. The JSON policy file itself looks like this: +``` +{ + "lalalulu.onmicrosoft.com": { + "tenant_id": "1234abcd-18c5-45e8-88de-123456789abc", + "dkim_enabled": true + } +} +``` +Actually I´m also working on a LDAP-based version as policy backend. # The solution So, *how can an Exchange-Online user/tenant be identified by a third party smarthost?* @@ -114,7 +124,7 @@ Prerequisites: `docker-compose` installed * `cd /docker/containers/exota-milter` * Create further directories in the deployment directory: * `install -d -m 777 data`. The application expects the policy file in `/data/policy.json` (path inside the container!). - * `install -d -m 777 socket`. The application places the milter socket file under `/socket/exomilter-socket` (path inside the container!) + * `install -d -m 777 socket`. The application places the milter socket file under `/socket/exota-milter` (path inside the container!) * Create the policy file `data/policy.json` with following content: ``` { From fa8458bb646797769bd5328af25c9b325b9475bb Mon Sep 17 00:00:00 2001 From: Dominik Chilla Date: Mon, 30 Nov 2020 16:34:16 +0100 Subject: [PATCH 2/2] docs --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 909bdc1..862de51 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,10 @@ The **ExOTA-[Milter](https://en.wikipedia.org/wiki/Milter)** application is written in python3 and derives from **[sdgathman´s pymilter](https://github.com/sdgathman/pymilter)**. # Synopsis +TODO +# Table of contents +TODO # Abstract/problem/motivation Fact is that more and more companies are migrating their Outlook/Exchange environments to the [Microsoft cloud](https://www.microsoft.com/microsoft-365).