"dkim" authentication method is useless

ikedas commented 2 years ago

Version

6.1a.1 and later, i.e. all versions this feature is implemented.

Installation method

Any.

Expected behavior

"dkim" authntication method in scenario would work as described.

Actual behavior

It turned out that this feature is ineffective: It always fails (see below for detail).

Possible Solution

"dkim" authentication method, which has obviously never been used, may be simply removed.
However, the result of this method can be used for the other feature (e.g.: It is referenced when the dkim_signature_apply_on parameter contains dkim_authenticated_messages). Such things should be replaced by another properly working implementation.

Context

If we dare to correct it, it may be done as following:

--- a/src/lib/Sympa/Message.pm
+++ b/src/lib/Sympa/Message.pm
@@ -682,7 +682,7 @@ sub check_dkim_signature {

     #FIXME: Identity of signatures would be checked.
     foreach my $signature ($dkim->signatures) {
-        if ($signature->result_detail eq 'pass') {
+        if ($signature->result eq 'pass') {
             $self->{'dkim_pass'} = 1;
             return;
         }

In above, result() method returns keywords such as 'pass', while result_detail() returns human-readable description of the result.

The relevant code has been inappropriate since it was first added: See also the history.

ikedas commented 2 years ago

In the first place, since DKIM basically authenticates the sender's domain, I think it is not considered appropriate as a authentication method of sender identity.

ikedas commented 2 years ago

Report by mistake. check_dkim_signature was working properly.

In any case, the dkim authentication method should be deprecated.

Thjs report is withdrawn.

sympa-community / sympa