Re: DKIM plugin

Wed, 25 Jul 2007 16:01:00 -0700 

Attached is a simple DKIM signature checking plugin.  Prints the results 
to the log and as a header in the message

-- 
  Matthew Harrell                          I love defenseless animals,
  Bit Twiddlers, Inc.                       especially in a good gravy.
  [EMAIL PROTECTED]     

=head1 NAME

dkimcheck -- Check the DKIM / DomainKeys signatures in a message

=head1 DESCRIPTION

If an incoming message has a DKIM signature then this plugin will check
the validify of the message and report the results as a header in the 
mail message

=head1 CONFIG

None needed right now

=head1 TODO

Add check for DomainKeys

Add in ability to reject messages that fail the check

=cut


use strict;
use Mail::DKIM;
use Mail::DKIM::Verifier;


sub hook_data_post {
  my ($self, $transaction) = @_;

  # if this isn't signed, just move along
  return DECLINED unless $transaction->header->get( 'DKIM-Signature' );
        
  my $dkim = new Mail::DKIM::Verifier;

  # take all the headers, reformat them to eliminate cr/lf and push into
  #  dkim.  dkim seems particular about the cr/lf
  #
  my %hdrs = %{ $transaction->header->header_hashref() };

  foreach my $key ( keys %hdrs ) {
    my $val = join ( "", @{$hdrs{$key}} );
    $val =~ s/[\n\r]//g;

    # $self->log ( LOGNOTICE, "Hdr: " . $key . ": " . $val );
    $dkim->PRINT ( $key . ": " . $val . "\x0D\x0A" );
  }

  # push the body of the message on ensuring the cr/lf are correct
  #
  $transaction->body_resetpos;

  while ( my $line = $transaction->body_getline ) {
    chomp ( $line );
    $line =~ s/\015$//;

    # $self->log ( LOGNOTICE, "Body: " . $line );
    $dkim->PRINT ( $line . "\x0D\x0A" );
  }

  $dkim->CLOSE;

  # get the key policy - need to act on this
  #
  my $policy = $dkim->fetch_author_policy;
  my $policy_result = $policy->apply ( $dkim );

  # print the result
  #
  $transaction->header->replace ( "X-DKIM-Authentication: ",
                                  "domain: " . $dkim->signature->domain .
                                  ", selector: " . $dkim->signature->selector .
                                  ", result: " . $dkim->result_detail .
                                  ", policy: " . $policy_result );

  $self->log ( LOGNOTICE, "dkimcheck: domain: " . $dkim->signature->domain .
                                  ", selector: " . $dkim->signature->selector .
                                  ", result: " . $dkim->result_detail .
                                  ", policy: " . $policy_result );

  return DECLINED;
}

Reply via email to