DKIM: Allow the DKIM ACL to override verification results. Bug 2186

This provides generic support, though is covers the need introduced by https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/?include_text=1 (deprecating sha-1 and RSA keys shorter than 1024 bits).
author: Jeremy Harris <jgh146exb@wizmail.org> 2017-11-07 19:01:42 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2017-11-07 19:01:42 +0000
commit: a79d883474c84fa2a286b7797a7664b599912fcd (patch)
tree: dba2c8be5c8c9f90504ad157c2e2623f142de1a4 /test/confs
parent: ba86e143c7aeb0d70ea4c9d73a617a98f06f6baa (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/test/confs/4500 b/test/confs/4500
index bf4f1f6ad..f2e44beff 100644
--- a/test/confs/4500
+++ b/test/confs/4500
@@ -9,9 +9,23 @@ primary_hostname = myhost.test.ex
 # ----- Main settings -----
 
 acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+acl_smtp_dkim = check_dkim
 
 queue_only
 queue_run_in_order
 
+
+begin acl
+
+check_dkim:
+.ifdef OPTION
+  warn	condition =	${if eq {$dkim_algo}{rsa-sha1}}
+	condition =	${if eq {$dkim_verify_status}{pass}}
+	logwrite =	NOTE: forcing dkim verify fail (was pass)
+	set dkim_verify_status = fail
+	set dkim_verify_reason = hash too weak
+.endif
+  accept
+	logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+
 # End
author	Jeremy Harris <jgh146exb@wizmail.org>	2017-11-07 19:01:42 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2017-11-07 19:01:42 +0000
commit	a79d883474c84fa2a286b7797a7664b599912fcd (patch)
tree	dba2c8be5c8c9f90504ad157c2e2623f142de1a4 /test/confs
parent	ba86e143c7aeb0d70ea4c9d73a617a98f06f6baa (diff)