Hello,
I used few months ago a perlfilter to implement DKIM on a courier
server. But I had some crashes with it.
So... I rewrote it :-) for pythonfilter...
How to install it:
- you need to install pydkim (beware of dependencies with net.resolver
provided by python-adns)
- generate your keys (for this, you can use
http://www.topdog-software.com/files/dkim-genkey.sh ). Beware of the
owner / rights of files generated
- modify your DNS...
- In /etc/pythonfilter.conf, add following lines AFTER antispam filters:
# dkim: sign message using DKIM signature
#
dkim_sign
- In /etc/pythonfilter-modules.conf, add following lines:
[dkim_sign.py]
selector = 'dkim'
privkey = '/home/dkim/dkim.private'
- Install the script attached. It's a little bit ugly (pydkim can't
handle Messages objects, so I open the body file as a "simple" string...)
Several things I have in mind:
- one private key per domain. So, we could enable DKIM only for domains
we want instead of allowing it for every domain we "host". Privkey would
become privkeydir, dkim.private would become domain.private for each
domain... Is this a real need?
- do I need to explicitly close files I opened ? (bodyFile and privkey)
or python will do it for me?
- This filter supposes sender is not forged... So it has to be run
after antispam filters... Or it would be possible to sign spams... Is
this way safe enough?
I wrote the filter tonight... I didn't test it yet ! Feel free to
comment it, to fix it, to use it :-)
Hope this helps.
Jerome Blion.
#!/usr/bin/python
# dkim_sign -- Courier filter which add DKIM signature to mails sent
# Copyright (C) 2009 Jerome Blion <[email protected]>
#
# This file is part of pythonfilter.
#
# pythonfilter is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# pythonfilter is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with pythonfilter. If not, see <http://www.gnu.org/licenses/>.
import email
import sys
import courier.config
import courier.control
import courier.xfilter
import dkim
def initFilter():
courier.config.applyModuleConfig('dkim_sign.py', globals())
# Record in the system log that this filter was initialized.
sys.stderr.write('Initialized the "dkim" python filter\n')
def doFilter(bodyFile, controlFileList):
"""Sign mails with DKIM keys
For mails which are locally hosted, sign messages with DKIM
"""
try:
message = open(bodyFile).read()
sender = courier.control.getSender(controlFileList)
domain=sender.split('@')[1]
sig = dkim.sign(message, selector, domain, open(privkey,
"r").read())
final_mail = email.message_from_string(sig+message)
try:
mfilter = courier.xfilter.XFilter('dkim_sign',
bodyFile, controlFileList)
except courier.xfilter.LoopError, e:
# LoopError indicates that we've already filtered this
message.
return ''
mfilter.setMessage(final_mail)
submitVal = mfilter.submit()
return submitVal
except Exception, e:
return '451 Internal failure : %s' (e)
if __name__ == '__main__':
# For debugging, you can create a file or set of files that
# mimics the Courier control file set.
if not sys.argv[2:]:
print 'Use: dkim.py <message body file> <control file list>'
sys.exit(1)
initFilter()
print doFilter(sys.argv[1], sys.argv[2])
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
