On 3/3/11 4:07 AM, Mark Martinec wrote:
On Thursday March 3 2011 12:18:45 Charles Lindsey wrote:
Having just had a deluge of bogus messages from Twitter, all allegedly
DKIM-signed, I think I need a working DKIM checker (my ISP has not
implemented DKIM ckecking so far).
I have not the time to write my own, so can someone please point me to an
implementation that could be deployed as a procmail filter. I have libssl
which could preumably do the RSA stuff.
Running a DKIM checker on an MTA would be preferred to procmail,
less opportunity for mangling a message by all the sw components
in the mail path. But if you do not have a choice or for a low
traffic rate, try perl module Mail::DKIM, either directly from a
command line, or through SpamAssassin (command line or spamc/spamd).
Here is a simple one-liner, which takes a message from stdin
and reports a pass or fail for each signature found.
You can expand its functionality from there:
$ perl -MMail::DKIM::Verifier -ne '
BEGIN{$dkim=Mail::DKIM::Verifier->new_object};
s/\r?\n\z/\015\012/; $dkim->PRINT($_); END{$dkim->CLOSE;
printf("%s\n",$_->result_detail) for $dkim->signatures}'
But since you need to check Twitter signature forgeries, you
need more than a simple signature validator, it needs to be
coupled with some sort of ADSP or rules. If the twitter.com
did provide a signature with its 'd' tag matching the domain
in a From header field you could use an adsp_override rule,
but since they don't, you need something like the following
in your SpamAssassin configuration file local.cf:
full __L_DKIM_VALID_TWITTER eval:check_dkim_valid(twitter.com)
header __L_FROM_TWITTER From:addr =~ /[\@.]twitter\.com$/mi
meta L_FAKE_TWITTER __L_FROM_TWITTER&& !__L_DKIM_VALID_TWITTER
score L_FAKE_TWITTER 5
In addition, with or without ADSP, never assume valid DKIM signatures
correspond with the From header being displayed or used for sorting. :^(
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html