From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C091862659 for ; Mon, 26 Oct 2020 11:59:29 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AD394F150 for ; Mon, 26 Oct 2020 11:59:29 +0100 (CET) Received: from pmg.fws.fr (pmg.fws.fr [51.91.175.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 6A985F140 for ; Mon, 26 Oct 2020 11:59:28 +0100 (CET) Received: from pmg.fws.fr (localhost [127.0.0.1]) by pmg.fws.fr (Proxmox) with ESMTP id 72A73C18BE for ; Mon, 26 Oct 2020 11:50:54 +0100 (CET) Received: from zmproxy.fws.fr (zmproxy.fws.fr [10.29.1.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pmg.fws.fr (Proxmox) with ESMTPS id 97AA7C08A7 for ; Mon, 26 Oct 2020 11:50:53 +0100 (CET) Received: from zmproxy.fws.fr (localhost [127.0.0.1]) by zmproxy.fws.fr (Postfix) with ESMTPS id 8AFBC8B79BF; Mon, 26 Oct 2020 11:50:53 +0100 (CET) Received: from zmproxy.fws.fr (localhost [127.0.0.1]) by zmproxy.fws.fr (Postfix) with ESMTPS id 731548B79C0; Mon, 26 Oct 2020 11:50:53 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 zmproxy.fws.fr 731548B79C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=firewall-services.com; s=7DAD15A2-D84A-11E9-8F77-BEC4FAA34EBC; t=1603709453; bh=YhPdROG0Mc2SX2gHQy3a1TTep7l9cXOs10pxtU5y+Cs=; h=From:To:Date:Message-Id:MIME-Version; b=rK5rqR55Ovjj1Tgu37r0+BxfF4kJOrfy30NzGgfar1FRzdmoSUlVmbug90bPerkY/ cpPDbS4ashu2uKz53XU4qC3Ake32ygDvpOhCaqAp31uEiMA2XWhIHSr96F3hJtNsTG LK63871U3lTPBjS3h14MD9SWvoq5CXuuzq6WBC1P/ntWWmHXmxIAeM0Ozj0SuhDwXJ 1+99bjVza3jNEXlIHlvrvEmkS9HExJaz9k7djWSmi+3m3TvT7VTeQm9nI0/rjWl7E8 Od7utPnQLlhsbqW6veRRzBtvVGcvwP7R993ZpQa2cXi3ihPCqVGcpWNwPTea/jXhVl +d4sm95ckeG1g== Received: from germaine.lapiole.org (unknown [192.168.7.101]) by zmproxy.fws.fr (Postfix) with ESMTPSA id 4B75E8B79BF; Mon, 26 Oct 2020 11:50:53 +0100 (CET) From: Daniel Berteaud To: pmg-devel@lists.proxmox.com Date: Mon, 26 Oct 2020 11:50:45 +0100 Message-Id: <20201026105046.424454-1-daniel@firewall-services.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.012 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH pmg-api 0/1] DKIM, first check for exact domain match X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2020 10:59:29 -0000 When selecting the sending domain for the DKIM signature, we should first check for an exact match. If none is found, look for parent domains. This fixes the case where wrong signing domain can be added if sign_all is disabled and we sign both a parent and a child domain. This fixes #3098 Daniel Berteaud (1): [pmg-api]: fix #3098 : first check for exact domain match src/PMG/DKIMSign.pm | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.26.2