Re: Only signing when listed in TrustedHosts AND authenticated from Aaron Paetznick on 2015-07-20 (OpenDKIM Users mailing list)

From: Aaron Paetznick <testing98_at_alliancecom.net>
Date: Mon, 20 Jul 2015 14:18:49 -0500

Ok after further testing, I don't think this is going to work. OpenDKIM
is always signing if authenticated for some reason, and I can't get it
to stop. This happens whether it matches any or all macros, or none.

I'm still trying to create a new macro and expose it to the MILTER
interface. Here's my current sendmail.mc:

dnl OpenDKIM signing?
LOCAL_RULE_3
DX${auth_authen}$?{should_sign} (true)$.
define(`confMILTER_MACROS_ENVFROM',`[i, {auth_type}, {auth_authen},
{auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr},
{should_sign}]')

And then in my opendkim.conf, I have:

MacroList should_sign

My syslog still says "no macros match". This is moot though, as it will
still always sign the email if I'm authenticated, no matter if it
matches this additional macro or not. I'm starting to think this isn't
going to be possible.

Any other ideas?

--Aaron

On 7/16/2015 2:22 PM, Aaron Paetznick wrote:
> Thanks for this! I can look into defining a new macro and exposing it
> through the MILTER interface (which seems to be fairly complicated),
> or can I just use MacroList to have OpenDKIM check for both
> {auth_authen} and {cipher}? The problem is that I need to have
> OpenDKIM check for TrustedHosts AND {auth_authen} AND {cipher}, not
> TrustedHosts OR {auth_authen} OR {cipher}. The latter seems to be the
> case right now.
>
> As for the syntax, I'm currently having some luck with this:
>
> MacroList auth_authen, cipher
>
>
> If I define MacroList as above, am I saying BOTH auth_authen AND
> cipher must exist, or EITHER auth_authen OR cipher must exist?
>
> Also, is there a macro for whether TrustedHosts was matched?
>
>
> --Aaron
>
>
> On 7/15/2015 2:31 PM, Claus Assmann wrote:
>> On Tue, Jul 14, 2015, Aaron Paetznick wrote:
>>
>>> I would like to be able to configure OpenDKIM to only sign email
>>> that is
>>> listed in the TrustedHosts AND authenticated AND encrypted, or at
>>> least just
>> Take a look at the option MacroList: write a local sendmail rule
>> that sets a specific macro under the conditions you listed/want and
>> tell opendkim to check it.
>>
>>
>
Received on Mon Jul 20 2015 - 19:19:15 PST

This archive was generated by hypermail 2.3.0 : Mon Jul 20 2015 - 20:27:00 PST