use another DKIM header if one fails

2021-09-13 16:04:32 +02:00 · 2021-09-13 16:04:32 +02:00 · b3012376c3
parent 6e42e536db
commit b3012376c3
3 changed files with 26 additions and 4 deletions
--- a/app/config.py
+++ b/app/config.py
@ -157,7 +157,6 @@ DISABLE_ALIAS_SUFFIX = "DISABLE_ALIAS_SUFFIX" in os.environ
 UNSUBSCRIBER = os.environ.get("UNSUBSCRIBER")

 DKIM_SELECTOR = b"dkim"
-DKIM_HEADERS = [b"from", b"to"]
 DKIM_PRIVATE_KEY = None

 if "DKIM_PRIVATE_KEY_PATH" in os.environ:
--- a/app/email_utils.py
+++ b/app/email_utils.py
@ -31,7 +31,6 @@ from app.config import (
    NOT_SEND_EMAIL,
    DKIM_SELECTOR,
    DKIM_PRIVATE_KEY,
-    DKIM_HEADERS,
    ALIAS_DOMAINS,
    SUPPORT_NAME,
    POSTFIX_SUBMISSION_TLS,
@ -391,7 +390,31 @@ def get_email_domain_part(address):
    return address[address.find("@") + 1 :]


+# headers used to DKIM sign in order of preference
+_DKIM_HEADERS = [
+    [b"Message-ID", b"Date", b"subject", b"from", b"to"],
+    [b"from", b"to"],
+    [b"Message-ID", b"Date"],
+    [b"from"],
+]
+
+
 def add_dkim_signature(msg: Message, email_domain: str):
+    for dkim_headers in _DKIM_HEADERS:
+        try:
+            add_dkim_signature_with_header(msg, email_domain, dkim_headers)
+            return
+        except dkim.DKIMException:
+            LOG.w("DKIM fail with %s", dkim_headers)
+            # try with another headers
+            continue
+
+    raise Exception("Cannot create DKIM signature")
+
+
+def add_dkim_signature_with_header(
+    msg: Message, email_domain: str, dkim_headers: [bytes]
+):
    delete_header(msg, "DKIM-Signature")

    # Specify headers in "byte" form
@ -402,7 +425,7 @@ def add_dkim_signature(msg: Message, email_domain: str):
            DKIM_SELECTOR,
            email_domain.encode(),
            DKIM_PRIVATE_KEY.encode(),
-            include_headers=DKIM_HEADERS,
+            include_headers=dkim_headers,
        )
        sig = sig.decode()

--- a/email_handler.py
+++ b/email_handler.py
@ -577,7 +577,7 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
    if user.ignore_loop_email:
        mail_from = envelope.mail_from
        for mb in alias.mailboxes:
-            # email send from a mailbox to its alias
+            # email sent from a mailbox to its alias
            if mb.email == mail_from:
                LOG.w("cycle email sent from %s to %s", mb, alias)
                handle_email_sent_to_ourself(alias, mb, msg, user)