Re: [exim] How to include transport info

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: exim-users, Todd Lyons
Subject: Re: [exim] How to include transport info
On Thu, Sep 30, 2010 at 6:44 AM, Todd Lyons <tlyons@???> wrote:
>> I haven't thought about this deeply, but: what are the circumstances
>> under which you'd want to sign an email where the envelope sender isn't
>> the same as one of the addresses in the From: header?
>
> I have custA and custB, two different domains, thus two different
> email addresses, and both use SMTP Auth to send email.  Suppose custA
> sends an email, but sets the From to be custB's email.  Further
> suppose that my system is configured to sign for both domains if the
> source is webmail or smtp auth.  If I only use the From: header to
> determine the signing domain, it will sign custA's email with custB's
> key.  You might ask, what's the big deal?  custA could abuse custB's
> reputation by sending email as that user.

<snip>
> Based on your example (in the previous email), I need to modify my domain and local_part
> extractions to perform the ${sg...} on the From: header to extract
> only the first address because I just plain forgot that From: could
> have multiple addresses :-(


Ok, so here is the logic I am using:

1. If user is using SMTP Auth, the first From: header address must
match the authenticated address, thus use the authenticated address to
generate signing domain.
2. If user is sending via webmail then use the first address in the
From header (tests for a webmail header and from a webmail hostlist
are done elsewhere in an acl and router) to generate the signing
domain

Here is what I ended up with in its final configuration:

FIRST_FROM_ADDRESS = ${lc:${sg{${addresses:$h_from:}}{:.*}{}}}

DKIM_SENDER_MATCHES_FROM = eq{${lc:$sender_address}} {FIRST_FROM_ADDRESS}

DKIM_SMTP_AUTH_SENDER = ${if DKIM_SENDER_MATCHES_FROM
{${lc:$sender_address}} {} }

DKIM_DOMAIN = ${if def:sender_host_authenticated
{${domain:DKIM_SMTP_AUTH_SENDER}} {${domain:FIRST_FROM_ADDRESS}} }

DKIM_LOCAL_PART = ${if def:sender_host_authenticated
{${local_part:DKIM_SMTP_AUTH_SENDER}}
{${local_part:FIRST_FROM_ADDRESS}} }

Damn, that sure seems complicated. :-( Can the above be simplified
without losing the check that it performs? Or is the check
superfluous? As long as I don't allow one user to impersonate another
another use their keys, that's all that matters.

>> ... cases where the envelope sender doesn't match the first
>> from address are not signed?


That's where I ended up going with the above, thanks for the suggestion.

--
Regards...      Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius