qpsmtpd/qpsmtpd-0.96-dkim_no_sign_for_others_on_symlinks.patch

39 lines
2.2 KiB
Diff
Raw Normal View History

diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.96/plugins/dkim mezzanine_patched_qpsmtpd-0.96/plugins/dkim
--- qpsmtpd-0.96/plugins/dkim 2016-02-16 23:52:02.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.96/plugins/dkim 2016-04-27 17:48:41.616230753 +0200
@@ -99,19 +99,6 @@
As of this writing, most mail servers do not reject messages that fail DKIM policy, unless they also fail SPF, and no DMARC policy is published. The same holds true for SPF. There are technical reasons for this. See DMARC for more information, how you can control change that behavior, as well as receiving feedback from remote servers about messages they have accepted and rejected from senders claiming the identity of your domain(s).
-=head2 Sign for others
-
-Following the directions above will configure QP to DKIM sign messages from authenticated senders of example.org. Suppose you host client.com and would like to DKIM sign their messages too? Do that as follows:
-
- cd ~smtpd/config/dkim
- ln -s example.org client.com
-
-QP will follow the symlink target and sign client.com emails with the example.org DKIM key and set d=example.org.
-
-This is B<not> necessary for hosts or subdomains. If the DKIM key for host.example.com does not exist, and a key for example.com does exist, the parent DKIM key will be used to sign the message. So long as your DKIM and DMARC policies are set to relaxed alignment, these signed messages for subdomains will pass.
-
-CAUTION: just because you can sign for other domains, doesn't mean you should. Even with a relaxed DKIM policy, signing client.com's email with d=example.org causes an alignment error, and they may encounter deliverability problems. It is better to have keys generated and published for each domain, or at least to make a copy of config/dkim/example.org rather than linking to it.
-
=head1 SEE ALSO
http://www.dkim.org/
@@ -430,13 +417,7 @@
}
}
- if (-l $dir) {
- $dir = readlink($dir);
- $dir = "config/dkim/$dir" if $dir !~ /\//; # no /, relative path
- ($domain) = (split /\//, $dir)[-1];
- }
-
- if (!-d $dir) {
+ if (!-d $dir && !-l $dir) {
$self->log(LOGINFO, "skip, DKIM not configured for $domain");
return;
}