From f654defacb2289ba2b0ae08836970bef249a8592 Mon Sep 17 00:00:00 2001 From: John Peacock Date: Tue, 11 Jul 2006 17:41:48 +0000 Subject: [PATCH] Add early out for messages that aren't signed at all (ignoring domains which mandate signing by policy for the moment). Change variables to use actual English words as names (instead of disemvoweled or truncated variants). Tweak Copyright notice to be current. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@652 958fd67b-6ff1-0310-b445-bb7760255be9 --- plugins/domainkeys | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/plugins/domainkeys b/plugins/domainkeys index 5b04196..ef8f18d 100644 --- a/plugins/domainkeys +++ b/plugins/domainkeys @@ -2,41 +2,43 @@ sub hook_data_post { use Mail::DomainKeys::Message; use Mail::DomainKeys::Policy; - my $self = shift; - my $tran = shift; + my ($self, $transaction) = @_; + # if this isn't signed, just move along + return DECLINED + unless $transaction->header->get('DomainKey-Signature'); + my @body; + $transaction->body_resetpos; - $tran->body_resetpos; + $transaction->body_getline; # \r\n seperator is NOT part of the body - $tran->body_getline; # \r\n seperator is NOT part of the body - - while (my $line = $tran->body_getline) { + while (my $line = $transaction->body_getline) { push @body, $line; } - my $mess = load Mail::DomainKeys::Message( - HeadString => $tran->header->as_string, + my $message = load Mail::DomainKeys::Message( + HeadString => $transaction->header->as_string, BodyReference => \@body) or $self->log(LOGWARN, "unable to load message"), return DECLINED; # no sender domain means no verification - $mess->senderdomain or + $message->senderdomain or return DECLINED; my $status; # key testing - if ( $mess->testing ) { + if ( $message->testing ) { # Don't do anything else $status = "testing"; } - elsif ( $mess->signed ) { - if ( $mess->verify ) { + elsif ( $message->signed ) { + if ( $message->verify ) { # verified: add good header - $status = $mess->signature->status; + $status = $message->signature->status; } else { # not verified, i.e. forged signature @@ -44,20 +46,20 @@ sub hook_data_post { } } else { # not signed - my $plcy = fetch Mail::DomainKeys::Policy( + my $policy = fetch Mail::DomainKeys::Policy( Protocol => "dns", - Domain => $mess->senderdomain + Domain => $message->senderdomain ); - if ( $plcy ) { - if ( $plcy->testing ) { + if ( $policy ) { + if ( $policy->testing ) { # Don't do anything else $status = "testing"; } - elsif ( $plcy->signall ) { + elsif ( $policy->signall ) { # if policy requires all mail to be signed $status = undef; } - else { # $plcy->signsome + else { # $policy->signsome # not signed and domain doesn't sign all $status = "no signature"; } @@ -69,7 +71,7 @@ sub hook_data_post { if ( defined $status ) { - $tran->header->replace("DomainKey-Status", $status); + $transaction->header->replace("DomainKey-Status", $status); return DECLINED; } else { @@ -100,7 +102,7 @@ unless Mail::DomainKeys::Message->can('header'); domainkeys: validate a DomainKeys signature on an incoming mail -Copyright (C) 2005 John Peacock. +Copyright (C) 2005-2006 John Peacock. Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This program is free software; you can redistribute it and/or modify it under