Add early out for messages that aren't signed at all (ignoring domains which
mandate signing by policy for the moment). Change variables to use actual English words as names (instead of disemvoweled or truncated variants). Tweak Copyright notice to be current. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@652 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
84b7363018
commit
f654defacb
@ -2,41 +2,43 @@ sub hook_data_post {
|
|||||||
use Mail::DomainKeys::Message;
|
use Mail::DomainKeys::Message;
|
||||||
use Mail::DomainKeys::Policy;
|
use Mail::DomainKeys::Policy;
|
||||||
|
|
||||||
my $self = shift;
|
my ($self, $transaction) = @_;
|
||||||
my $tran = shift;
|
|
||||||
|
# if this isn't signed, just move along
|
||||||
|
return DECLINED
|
||||||
|
unless $transaction->header->get('DomainKey-Signature');
|
||||||
|
|
||||||
my @body;
|
my @body;
|
||||||
|
|
||||||
|
$transaction->body_resetpos;
|
||||||
|
|
||||||
$tran->body_resetpos;
|
$transaction->body_getline; # \r\n seperator is NOT part of the body
|
||||||
|
|
||||||
$tran->body_getline; # \r\n seperator is NOT part of the body
|
while (my $line = $transaction->body_getline) {
|
||||||
|
|
||||||
while (my $line = $tran->body_getline) {
|
|
||||||
push @body, $line;
|
push @body, $line;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $mess = load Mail::DomainKeys::Message(
|
my $message = load Mail::DomainKeys::Message(
|
||||||
HeadString => $tran->header->as_string,
|
HeadString => $transaction->header->as_string,
|
||||||
BodyReference => \@body) or
|
BodyReference => \@body) or
|
||||||
$self->log(LOGWARN, "unable to load message"),
|
$self->log(LOGWARN, "unable to load message"),
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
|
|
||||||
# no sender domain means no verification
|
# no sender domain means no verification
|
||||||
$mess->senderdomain or
|
$message->senderdomain or
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
|
|
||||||
my $status;
|
my $status;
|
||||||
|
|
||||||
# key testing
|
# key testing
|
||||||
if ( $mess->testing ) {
|
if ( $message->testing ) {
|
||||||
# Don't do anything else
|
# Don't do anything else
|
||||||
$status = "testing";
|
$status = "testing";
|
||||||
}
|
}
|
||||||
elsif ( $mess->signed ) {
|
elsif ( $message->signed ) {
|
||||||
if ( $mess->verify ) {
|
if ( $message->verify ) {
|
||||||
# verified: add good header
|
# verified: add good header
|
||||||
$status = $mess->signature->status;
|
$status = $message->signature->status;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
# not verified, i.e. forged signature
|
# not verified, i.e. forged signature
|
||||||
@ -44,20 +46,20 @@ sub hook_data_post {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else { # not signed
|
else { # not signed
|
||||||
my $plcy = fetch Mail::DomainKeys::Policy(
|
my $policy = fetch Mail::DomainKeys::Policy(
|
||||||
Protocol => "dns",
|
Protocol => "dns",
|
||||||
Domain => $mess->senderdomain
|
Domain => $message->senderdomain
|
||||||
);
|
);
|
||||||
if ( $plcy ) {
|
if ( $policy ) {
|
||||||
if ( $plcy->testing ) {
|
if ( $policy->testing ) {
|
||||||
# Don't do anything else
|
# Don't do anything else
|
||||||
$status = "testing";
|
$status = "testing";
|
||||||
}
|
}
|
||||||
elsif ( $plcy->signall ) {
|
elsif ( $policy->signall ) {
|
||||||
# if policy requires all mail to be signed
|
# if policy requires all mail to be signed
|
||||||
$status = undef;
|
$status = undef;
|
||||||
}
|
}
|
||||||
else { # $plcy->signsome
|
else { # $policy->signsome
|
||||||
# not signed and domain doesn't sign all
|
# not signed and domain doesn't sign all
|
||||||
$status = "no signature";
|
$status = "no signature";
|
||||||
}
|
}
|
||||||
@ -69,7 +71,7 @@ sub hook_data_post {
|
|||||||
|
|
||||||
|
|
||||||
if ( defined $status ) {
|
if ( defined $status ) {
|
||||||
$tran->header->replace("DomainKey-Status", $status);
|
$transaction->header->replace("DomainKey-Status", $status);
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -100,7 +102,7 @@ unless Mail::DomainKeys::Message->can('header');
|
|||||||
|
|
||||||
domainkeys: validate a DomainKeys signature on an incoming mail
|
domainkeys: validate a DomainKeys signature on an incoming mail
|
||||||
|
|
||||||
Copyright (C) 2005 John Peacock.
|
Copyright (C) 2005-2006 John Peacock.
|
||||||
|
|
||||||
Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This
|
Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This
|
||||||
program is free software; you can redistribute it and/or modify it under
|
program is free software; you can redistribute it and/or modify it under
|
||||||
|
Loading…
Reference in New Issue
Block a user