On Tue, 26 Jan 2021 21:47:42 -0800 Michel Lespinasse
wrote:
> Package: dkimpy-milter
> Version: 1.2.1-1~bpo10+1
> Severity: normal
>
>
> I have been encountering issues trying to configure the sign-vs-verify
> logic in dkimpy-milter. Some of it comes down to confusing documentation,
> but it also appears that the behavior I want can not be configured.
>
> I would like the sign-vs-verify logic to behave similarly to the
> smtpd_relay_restrictions rules in my postfix configuration:
> - any email coming from local networks (local sendmail, localhost smtpd,
> or 10.0.0.0/8 smtpd) should be signed,
> - any email coming from other sources should be verified.
>
>
> Reading the documentation, it seems that setting InternalHosts should work,
> but this doesn't seem to be the case:
>
> In dkimMilter.connect(),
> - self.internal_connection is set if the connection comes from an address
matching InternalHosts, or if the milter macros match MacroList.
> - self.external_connection is set if the milter macros match MacroListVerify
>
> In dkimMilter.eom():
> - self.external_connection disables signing
> - self.internal_connection disables verifying
>
> Therefore, MacroListVerify ends up controllinjg signing (despite what
> the name implies!), and MacroList ends up controlling verifying
> (despite what the documentation says about it). Additionally, for a
> smtpd milter receiving mail from both internal and external
> connections, it is not possible to control signing based on the
> InternalHosts value.
>
>
> My wishes for resolving this bug are:
> 1- There should be a way to control signing based on the originating
> connection's IP address;
> 2- It would be nice for the documentation to explain how the
> MacroList, MacroListVerify and InternalHosts values interact to
> determine wether we are dealing with an internal/trusted or
> external/untrusted connection (right now the values are only described
> separately and the interactions are not documented in any way);
> 3- I am not sure if there are any reasons for connections to be marked as
> both internal and external at once, or to have neither markings - if there
> are valid reasons for that, the documentation should explain them; if not
> maybe the milter should emit a warning when incorrectly configured...
> 4- The interaction between Mode and internal vs external connections
> should be documented (i.e. that Mode=s still only signs internal
> connections, and Mode=v still only verifies external connections).
>
>
> Sorry for the long winded report, hope it is at least clear enough :)
Thanks. I agree it's a bit of a mess.
The theory is that a connection identified as "internal" should only sign, not
verify and a connection that's identified as "external" should only verify and
not sign.
Currently the code will identify a connection as "internal" if it is in
IntHosts or libmilter provides the macro in "MacroList".
The code will identify a connection as "external" if the MacroListVerify macro
is provided.
If it's not an "external" connection and the mode is s or sv, it will sign.
If it's not an "internal" connection and the mode is v or sv, DKIM will be
verified.
If it's not "internal" or "external" (i.e.IntHosts not set and neither
MacroLIst or MacroLIstVerify provided), then the Mode (v, s, or sv) controls
exclusively.
I agree this could be better documented and I had to look at the code to try t
figure it out again. I don't think both internal and external would every be
set, but neither being set is appropriate if there aren't any macros provided
and it's not covered by IntHosts.
Scott K
signature.asc
Description: This is a digitally signed message part.
