* [9front] dkim patches
@ 2023-04-24 20:29 ooga
0 siblings, 0 replies; only message in thread
From: ooga @ 2023-04-24 20:29 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 509 bytes --]
I'm not sure how to send these patches, but here they are, attached: one to use custom headers, one to prevent headers from being inserted and one to silence upas/qer.
The first one is fresh, but dkim didn't crashed :) with a couple of message I've test it. I'm not sure I use the right function to parse the command line argument. I used to have a hardcoded list in dkim.c, but it wasn't enough.
The messages pass the validation from Google and FairMail (android app), with or without the trailing ":".
[-- Attachment #2: dkim-custom-headers.diff --]
[-- Type: text/plain, Size: 1756 bytes --]
upas/dkim: allow custom headers to be signed
The list of headers someone wants to sign is larger that the default
list used by upas/dkim. For example, many servers add 'cc',
'reply-to', 'sender' and 'mime-version', the top of the recommended
list[1].
In addition to this, there are times when you want to sign
specific headers on some messages. For example, Google
signs tls-report-submitter and tls-report-domain with smpt-tls-reporting
messages.
[1]: https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields
---
diff 2c6484d1804bd719ae89b9ee36e90b61dd9f6fbb 742fd9b6fa574793f709fa69b791196438ad1ee8
--- a/sys/man/1/filter
+++ b/sys/man/1/filter
@@ -204,6 +204,11 @@
flag specifies the selector. If the selector is not
specified, it defaults to
.IR dkim .
+.I -h
+flag specifies a list of headers to sign. If this flag is not
+specified, it defaults to
+.IR from:,to:,subject:,date:,message-id:
+.
The keyspec searched for the signing key is:
.IP
.EX
--- a/sys/src/cmd/upas/dkim/dkim.c
+++ b/sys/src/cmd/upas/dkim/dkim.c
@@ -6,7 +6,7 @@
#include <authsrv.h>
#include <pool.h>
-char *signhdr[] = {
+char *defsignhdr[] = {
"from:",
"to:",
"subject:",
@@ -14,6 +14,8 @@
"message-id:",
nil
};
+char **signhdr = defsignhdr;
+char *usersignhdr[20];
char *keyspec;
char *domain;
@@ -93,7 +95,7 @@
void
usage(void)
{
- fprint(2, "usage: %s [-s sel] -d dom\n", argv0);
+ fprint(2, "usage: %s [-s sel] [-h headers] -d dom\n", argv0);
exits("usage");
}
@@ -109,6 +111,10 @@
ARGBEGIN{
case 'd':
domain = EARGF(usage());
+ break;
+ case 'h':
+ usersignhdr[getfields(EARGF(usage()), usersignhdr, nelem(usersignhdr)-1, 1, ",")] = nil;
+ signhdr = usersignhdr;
break;
case 's':
selector = EARGF(usage());
[-- Attachment #3: dkim-seal.diff --]
[-- Type: text/plain, Size: 985 bytes --]
upas/dkim: seal the signed header fields
"Signers MAY claim to have signed header fields that do not exist
...
A header field name need only be listed once more
than the actual number of that header field in a message
at the time of signing in order to prevent any further additions."
https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields
---
diff 742fd9b6fa574793f709fa69b791196438ad1ee8 c24531318db27a706d0af70f69ae7f524ba1754a
--- a/sys/src/cmd/upas/dkim/dkim.c
+++ b/sys/src/cmd/upas/dkim/dkim.c
@@ -33,6 +33,18 @@
return e - p;
}
+void
+addallhdrs(char **hs)
+{
+ char **p;
+
+ for(p = signhdr; *p; p++){
+ if((*hs = realloc(*hs, strlen(*hs) + strlen(*p) + 1)) == nil)
+ sysfatal("realloc: %r");
+ strcat(*hs, *p);
+ }
+}
+
int
usehdr(char *ln, char **hs)
{
@@ -165,6 +177,7 @@
}
append(&hdr, &nhdr, &hdrsz, ln, n);
}
+ addallhdrs(&hdrset); /* https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields */
sb = nil;
ntail = 0;
[-- Attachment #4: qer.diff --]
[-- Type: text/plain, Size: 670 bytes --]
upas/qer: don't log if mail starts with DKIM-Signature:
Without this, when we use upas/dkim in /mail/lib/qmail:
upas/dkim ... | upas/qer ...
we'll have a warning in our logs for every message we send.
---
diff f9aa809cbf2d1c17d989bd777c97d4bd4944a8e3 2c6484d1804bd719ae89b9ee36e90b61dd9f6fbb
--- a/sys/src/cmd/upas/q/qer.c
+++ b/sys/src/cmd/upas/q/qer.c
@@ -129,7 +129,7 @@
*/
i = 0;
while((n = read(0, buf, sizeof(buf)-1)) > 0){
- if(i++ == 0 && strncmp(buf, "From", 4) != 0){
+ if(i++ == 0 && strncmp(buf, "From", 4) != 0 && strncmp(buf, "DKIM-Signature:", 15) != 0){
buf[n] = 0;
syslog(0, "smtp", "qer usys data starts with %-40.40s", buf);
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-04-24 20:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-24 20:29 [9front] dkim patches ooga
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).