https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7831
--- Comment #6 from Rob Mosher <[email protected]> --- It's a simple patch but it took a bit of research as I'm not familiar with any of these code bases. Some review would be good. Some notes... In Mail::DKIM, the identity will not validate if t=s is set and the identity is a subdomain of the domain. This is already handled correctly so I don't think we need to add any additional logic. If an identity is not specified, it is filled in with @domain, so it should be safe to use in place in those cases. https://metacpan.org/release/Mail-DKIM/source/lib/Mail/DKIM/Signature.pm#L458 check_dkim_valid_envelopefrom also wasn't checking the full return path domain, and just the base domain. Test from valid subdomain X-Spam-Status: No, score=1.4 required=4.0 tests=BAYES_00,BODY_SINGLE_WORD, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FSL_BULK_SIG, PYZOR_CHECK,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 Test from the base domain X-Spam-Status: No, score=1.4 required=4.0 tests=BAYES_00,BODY_SINGLE_WORD, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FSL_BULK_SIG, PYZOR_CHECK,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 Test mailing from subdomain with t=s set in domain record X-Spam-Status: No, score=1.8 required=4.0 tests=BAYES_00,BODY_SINGLE_WORD, DKIM_INVALID,DKIM_SIGNED,FSL_BULK_SIG,PYZOR_CHECK,SPF_HELO_PASS, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 --- a/lib/Mail/SpamAssassin/Plugin/DKIM.pm +++ b/lib/Mail/SpamAssassin/Plugin/DKIM.pm @@ -561,9 +561,10 @@ sub check_dkim_valid_author_sig { sub check_dkim_valid_envelopefrom { my ($self, $pms, $full_ref) = @_; my $result = 0; - my $envfrom=$self->{'main'}->{'registryboundaries'}->uri_to_domain($pms->get("EnvelopeFrom")); + my ( $envfrom ) = $pms->get("EnvelopeFrom") =~ /@([a-z0-9\-\.]*)/i; # if no envelopeFrom, it cannot be valid return $result if !$envfrom; + $envfrom = lc $envfrom; $self->_check_dkim_signature($pms) if !$pms->{dkim_checked_signature}; if (!$pms->{dkim_valid}) { # don't bother @@ -720,7 +721,7 @@ sub _check_dkim_signed_by { next if $minimum_key_bits && $sig->{_spamassassin_key_size} && $sig->{_spamassassin_key_size} < $minimum_key_bits; } - my $sdid = $sig->domain; + my ( $sdid ) = $sig->identity =~ /@(.*)/; next if !defined $sdid; # a signature with a missing required tag 'd' ? $sdid = lc $sdid; if ($must_be_author_domain_signature) { @@ -909,7 +910,7 @@ sub _check_dkim_signature { push(@valid_signatures, $signature) if $valid && !$expired; # check if we have a potential Author Domain Signature, valid or not - my $d = $signature->domain; + my ( $d ) = $signature->identity =~ /@(.*)/; if (!defined $d) { # can be undefined on a broken signature with missing required tags } else { @@ -1261,7 +1262,7 @@ sub _wlcheck_list { } } - my $sdid = $signature->domain; + my ( $sdid ) = $signature->identity =~ /@(.*)/; $sdid = lc $sdid if defined $sdid; my %tried_authors; -- You are receiving this mail because: You are the assignee for the bug.
