mirror of
https://github.com/chatmail/relay.git
synced 2026-05-11 08:24:37 +00:00
7c7f1cad7f
OpenDKIM configuration has two Lua scripts defining strict DKIM policy. screen.lua filters out signatures that do not correspond to the From: domain so they are not even checked. final.lua rejects mail if it is not outgoing and has no valid DKIM signatures. OpenDKIM is configured as a milter on port 25 smtpd to check DKIM signatures and on mail reinjecting smtpd to sign outgoing messages with DKIM signatures.
29 lines
666 B
Lua
29 lines
666 B
Lua
if odkim.internal_ip(ctx) == 1 then
|
|
-- Outgoing message will be signed,
|
|
-- no need to look for signatures.
|
|
return nil
|
|
end
|
|
|
|
nsigs = odkim.get_sigcount(ctx)
|
|
if nsigs == nil then
|
|
return nil
|
|
end
|
|
|
|
for i = 1, nsigs do
|
|
sig = odkim.get_sighandle(ctx, i - 1)
|
|
sigres = odkim.sig_result(sig)
|
|
|
|
-- All signatures that do not correspond to From:
|
|
-- were ignored in screen.lua and return sigres -1.
|
|
--
|
|
-- Any valid signature that was not ignored like this
|
|
-- means the message is acceptable.
|
|
if sigres == 0 then
|
|
return nil
|
|
end
|
|
end
|
|
|
|
odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found")
|
|
odkim.set_result(ctx, SMFIS_REJECT)
|
|
return nil
|