Re: [pmg-devel] [PATCH pmg-api 6/7] reinject_local_mail: sign mails with DKIM based on header

[Maximiliano Sandoval <m.sandoval@proxmox.com>]

Stoiko Ivanov <s.ivanov@proxmox.com> writes:

> as most mails PMG generates locally has an empty envelope-sender,
> signing only makes sense when the from-header domain is used as
> signing domain.
>
> This fixes #3423, and partially addresses #2971 and #4658 (bounces
> generated by postfix directly are not passed through our stack, and
> should not be processed in general -  see
> https://www.postfix.org/postconf.5.html#internal_mail_filter_classes).
>
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
>  src/PMG/Utils.pm | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index b2a75fb..3303bac 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -247,6 +247,24 @@ sub reinject_local_mail {
>  	$params->{mail}->{smtputf8} = $needs_smtputf8;
>      }
>
> +    my $dkim_sign = $cfg->get('admin', 'dkim_sign');
> +    if ($dkim_sign) {
> +	my $dkim = {};
> +	$dkim->{sign} = $dkim_sign;
> +	$dkim->{use_domain} = $cfg->get('admin', 'dkim-use-domain');
> +	$dkim->{sign_all} = $cfg->get('admin', 'dkim_sign_all_mail');
> +	$dkim->{selector} = $cfg->get('admin', 'dkim_selector');
> +	eval {
> +	    $entity = PMG::DKIMSign::sign_entity($entity, $dkim, $sender);
> +	};
> +	if ($@) {
> +	    syslog('warning',
> +		"Could not DKIM-Sign local mail, set mail address with domain as "
> +		    ."'admin-mail-from': $@",

> set mail address with domain as 'admin-mail-from': $@"

nit: Perhaps this could be phrased differently, I am personally having
trouble understanding how the part after the `,` should be read.

> +	    );
> +	}
> +    }
> +
>      return reinject_mail($entity, $sender, $targets, $xforward, $me, $params);
>  }



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel