git.proxmox.com Git - pmg-api.git/commit

author	Stoiko Ivanov <s.ivanov@proxmox.com>
	Mon, 21 Oct 2019 17:23:28 +0000 (19:23 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 23 Oct 2019 09:11:19 +0000 (11:11 +0200)
commit	ad6e35cf956bc9569bfe106bbf89c9665da3f842
tree	8947011f99c8f042b201d45b9ba82951d5aea120	tree
parent	e4b3822143f32bcb4471a37e5fe8a8f856792eec	commit \| diff

add PMG::DKIMSign module

the module serves 3 purposes:
* it extends Mail::DKIM::Signer:
  * it provides a glue layer between MIME::Entity's output method (which
    expects print and uses \n as line terminator) and Mail::DKIM::Signer's
    PRINT method (which expects \r\n)

* it integrates with PMG's config
  * the domain which should be used for signing is selected based on the
    sender's e-mail address and the DKIM-settings in PMG-configuration
  * it provides a method which takes a MIME::Entity and returns it with
    signature
  * certain headers get oversigned (in order to prevent adding a previously
    non-existing header (e.g. Reply-To) and retaining a valid signature).
    the list of headers which are oversigned is inspired by rspamd's choice [0].
    for rationale see [1,2]

* it provides methods for handling selectors and keys.

[0] https://rspamd.com/doc/modules/dkim_signing.html#sign-headers
[1] https://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
[2] https://github.com/rspamd/rspamd/issues/2136

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

debian/dirs		diff \| blob \| blame \| history
src/Makefile		diff \| blob \| blame \| history
src/PMG/DKIMSign.pm	[new file with mode: 0644]	blob