From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BD12D625C6 for ; Mon, 26 Oct 2020 11:59:59 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AECDCF151 for ; Mon, 26 Oct 2020 11:59:29 +0100 (CET) Received: from pmg.fws.fr (pmg.fws.fr [51.91.175.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5D278F13B for ; Mon, 26 Oct 2020 11:59:28 +0100 (CET) Received: from pmg.fws.fr (localhost [127.0.0.1]) by pmg.fws.fr (Proxmox) with ESMTP id A50C9C08A7 for ; Mon, 26 Oct 2020 11:50:54 +0100 (CET) Received: from zmproxy.fws.fr (zmproxy.fws.fr [10.29.1.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pmg.fws.fr (Proxmox) with ESMTPS id BEDA2C105B for ; Mon, 26 Oct 2020 11:50:53 +0100 (CET) Received: from zmproxy.fws.fr (localhost [127.0.0.1]) by zmproxy.fws.fr (Postfix) with ESMTPS id B8DC18B79C1; Mon, 26 Oct 2020 11:50:53 +0100 (CET) Received: from zmproxy.fws.fr (localhost [127.0.0.1]) by zmproxy.fws.fr (Postfix) with ESMTPS id A07728B79C0; Mon, 26 Oct 2020 11:50:53 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 zmproxy.fws.fr A07728B79C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=firewall-services.com; s=7DAD15A2-D84A-11E9-8F77-BEC4FAA34EBC; t=1603709453; bh=14sxs7Hl+7SVnsXWHaeF5T8UzjKRYmXaId+cw3EEkbg=; h=From:To:Date:Message-Id:MIME-Version; b=joMJr7/eOENJ42rzcklMS+efUZkXrrMwv+BwSsnd+/cqGCAaBqDEdF2OR+04eNfcV jAILBz6Z9FNNXgsCrHRyJ5SstG15hXbpwElV+j3S6cutl9OEjbj3lMQEJ5TuIsEQ7r /u5eVRyU7UvfqBojKNgyJ7uXU8GsqafOImlZHo8M1Gnv1cndut1Zm1+iI+M8gx2xMH LreTSO32v2IH1OFTQ0rOy7RtV6813+TPqlYT9Srm/PJddkuEBXu4i26PET88yGrZGc f542nps6wYeSdzSQX5uzDxKY3xEPh2kG2JE7vBDCbMG7kEu9ZSgitoIqPWQe5so6rx OSdHF8GPmlEKw== Received: from germaine.lapiole.org (unknown [192.168.7.101]) by zmproxy.fws.fr (Postfix) with ESMTPSA id 815CA8B79C1; Mon, 26 Oct 2020 11:50:53 +0100 (CET) From: Daniel Berteaud To: pmg-devel@lists.proxmox.com Date: Mon, 26 Oct 2020 11:50:46 +0100 Message-Id: <20201026105046.424454-2-daniel@firewall-services.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201026105046.424454-1-daniel@firewall-services.com> References: <20201026105046.424454-1-daniel@firewall-services.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.012 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH pmg-api 1/1] [pmg-api]: fix #3098 : first check for exact domain match X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2020 10:59:59 -0000 When selecting the sending domain for the DKIM signature, we should first check for an exact match. If none is found, look for parent domains. This fixes the case where wrong signing domain can be added if sign_all is disabled and we sign both a parent and a child domain. Signed-off-by: Daniel Berteaud --- src/PMG/DKIMSign.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/PMG/DKIMSign.pm b/src/PMG/DKIMSign.pm index 7cb06a6..8fd9eed 100644 --- a/src/PMG/DKIMSign.pm +++ b/src/PMG/DKIMSign.pm @@ -69,6 +69,14 @@ sub signing_domain { my $dkimdomains = PVE::INotify::read_file('dkimdomains'); $dkimdomains = PVE::INotify::read_file('domains') if !scalar(%$dkimdomains); + # First check for an exact match in the domain list + foreach my $domain (sort keys %$dkimdomains) { + if ( $input_domain eq $domain ) { + $self->domain($domain); + return 1; + } + } + # If no exact match is found, check for parent/child domains foreach my $domain (sort keys %$dkimdomains) { if ( $input_domain =~ /\Q$domain\E$/i ) { $self->domain($domain); -- 2.26.2