[Mimedefang] mimedefang 3.3, filter_sender and md_dkim_verify()
Bill Cole
mdlist-20140424 at billmail.scconsult.com
Fri Apr 21 17:59:33 EDT 2023
On 2023-04-21 at 16:41:43 UTC-0400 (Fri, 21 Apr 2023 16:41:43 -0400)
Ralph Hayon via MIMEDefang <mimedefang at lists.mimedefang.org>
is rumored to have said:
> Hi Dianne,
>
> Ok, I could not find any documentation that states this. This was my
> guess based on my observations.
The filter_* functions are called at the analogous stages in the SMTP
transaction, so they only have the information known to the server at
each stage.
> I am trying to easily get the domain extracted by DKIM to validate the
> sender's email domain.
Until filter() you do not have ANY message headers or data, so you
cannot validate DKIM until then. It is also worth noting that if you
want to use DKIM with DMARC, you need to examine the address in the From
header, NOT the envelope sender, which is what MD puts in the $Sender
global. To get the From header address, you need to extract it from the
$entity object that MD passes to the filter() subroutine.
> I want to have a system that confirms that emails to my employees from
> other employees are valid and not faked.
If you are calling SpamAssassin 4.0 from MIMEDefang, you can use the
existing rules and welcomelist/blocklist features in SA to do this, no
coding needed. You would just add something like this to your local.cf:
welcomelist_from_auth *@example.com
describe _FROM_EXAMPLE From header has example.com domain
header _FROM_EXAMPLE From ~= /\bexample.com\b/
meta FORGED_FROM_EXAMPLE _FROM_EXAMPLE && !DKIM_VALID_AU
score FORGED_FROM_EXAMPLE 6
You could do the work in filter() or filter_end() yourself, if you don't
want to use SA.
> Any suggestions how I can easily extract the arguments provided to
> filter_sender() in a filter function after filter_begin() so that I
> can use DKIM tests to assist with this?
The globals documented in the mimedefang-filter man page are accessible
from filter() as is the MIME::Entity object $entity which holds the
message. You could also access the HEADERS file directly to find the
From header.
>
> Thank you for the information!
>
> Thanks.
>
> Ralph
>
> On 4/21/2023 4:25 PM, Dianne Skoll via MIMEDefang wrote:
>> On Fri, 21 Apr 2023 15:46:17 -0400
>> Ralph Hayon via MIMEDefang <mimedefang at lists.mimedefang.org> wrote:
>>
>>> When I try calling md_dkim_verify() inside of filter_sender() in
>>> mimedefang-filter , it fails.
>>> It also fails when I try callig md_dkim_verify() from
>>> filter_recipient(), with the same results.
>> You can't do DKIM tests until you have a message body. So the
>> earliest
>> you can do that is filter_begin()
>>
>> Regards,
>>
>> Dianne.
>>
>> _______________________________________________
>> NOTE: If there is a disclaimer or other legal boilerplate in the
>> above
>> message, it is NULL AND VOID. You may ignore it.
>>
>> MIMEDefang mailing list MIMEDefang at lists.mimedefang.org
>> https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
>
>
> --
> ***************************************
> Ralph Hayon
> Natural Wireless
>
> 60 Saddle River Ave, Unit B
> South Hackensack, New Jersey 07606
>
> email: ralph at naturalwireless.com
> www: naturalwireless.com
>
> office: 201-438-2865 x 403
> fax: 201-438-1803
> cell: 201-315-7397
>
> Natural Wireless
> An Ultra Internet Service Provider
> ***************************************
>
>
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> MIMEDefang mailing list MIMEDefang at lists.mimedefang.org
> https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
--
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
More information about the MIMEDefang
mailing list