Re: [Qmail-scanner-general]qmail-scanner + domainkeys

Tue, 05 Jul 2005 01:23:17 -0700 

Here it is. Made a mistake while sending the last one, and ended up
going only to Jason.

Regards,
Sorin

On 7/5/05, Sorin Pop <[EMAIL PROTECTED]> wrote:
> Hello.
> 
> Here is a function for DK check. It is "work under way" so please
> conmtribute to it if you can.
> 
> For now it adds DK status check to the mail.
> It uses Mail::DomainKey and Email::Simple.
> 
> TODO:
>      remove Email::Simple
>      sign outgoing mail
> 
> Regards,
> Sorin
> 
> 
>

#DomainKey scanner module for qmail-scanner 1.25
#by Sorin Pop <[EMAIL PROTECTED]>

sub domainkey {
  #NOTE: We only check for a DK signature, we don't sign any mail (for now)!
  my ($start_domainkey_time)=[gettimeofday];

  #Only run DK if mail is from a "remote" SMTP client, or QS_DK_LOCAL
  #is defined via tcpserver...
  if (defined($ENV{'RELAYCLIENT'}) && !defined($ENV{'QS_DK_LOCAL'})) {
    &debug("domainkey: don't check as RELAYCLIENT implies this was sent by a local user");
    return;
  }

  use Mail::DomainKeys::Message;
  use Mail::DomainKeys::Policy;
  use Email::Simple;

  my $dk_status = 2;  
  my ($textmail,$newtextmail);

  open(DKIN,"<$scandir/$wmaildir/new/$file_id")||&error_condition("cannot open $scandir/$wmaildir/new/$file_id - $!");
  while (<DKIN>)
    { $textmail.=$_; }
  close(DKIN);

  my $mailx = Email::Simple->new($textmail);
  my @the_body=split(/\n|\r\n|\r/, $mailx->body);
  
  my $mess = load Mail::DomainKeys::Message(
    HeadString => $HEADERS,
    BodyReference => [EMAIL PROTECTED]) or &error_condition("domainkey: unable to parse message");

  # no sender domain means no verification
  if (!($mess->senderdomain)) { $dk_status = 0; }
  
  #Message is signed (Incomming mail for sure)
  if ($mess->signed)
    {
    #If DK is ok, add to the headers DomainKey Verified STATUS
    if ($mess->verify) { if($dk_status!=0) { $dk_status = 1; } }
    else { $dk_status = 0; }
		
    #Check for domain policy
    my $plcy = fetch Mail::DomainKeys::Policy(
	            Protocol => "dns",
	            Domain => $mess->senderdomain);
    
    # domain or key testing: add header and return
    if ($mess->testing or $plcy->testing)   { if($dk_status!=0) { $dk_status = 1; } }
    $mailx->header_set($mess->header->key,$mess->header->value);

    #Add DomainKey status check to headers //Here I should add a check to see if there is a forged DK status allready
    $newtextmail=$mailx->as_string;
    
    #Write the new mail with DK Status
    open(DKOUT,">$scandir/$wmaildir/new/$file_id.dk")||&error_condition("cannot open $scandir/$wmaildir/new/$file_id.dk - $!");
    print DKOUT $newtextmail;
    close DKOUT;
    rename ("$scandir/$wmaildir/new/$file_id.dk","$scandir/$wmaildir/new/$file_id");
    }
  #Outgoing mail from local user
  #elsif(defined($ENV{'RELAYCLIENT'})) {}
  my $stop_domainkey_time=[gettimeofday];
  my $domainkey_time = tv_interval ($start_domainkey_time, $stop_domainkey_time);
  &debug("domainkey: finished scan of dir \"$ENV{'TMPDIR'}\" in $domainkey_time secs");
  }

Reply via email to