Mail::DKIM::Policy - abstract base class for originator "signing" policies

Mail-DKIM documentation Contained in the Mail-DKIM distribution.

Index

Code Index:

NAME

Top

Mail::DKIM::Policy - abstract base class for originator "signing" policies

SYNOPSIS

Top

  # get all policies that apply to a verified message
  foreach my $policy ($dkim->policies)
  {

      # the name of this policy
      my $name = $policy->name;

      # the location in DNS where this policy was found
      my $location = $policy->location;

      # apply this policy to the message being verified
      my $result = $policy->apply($dkim);

  }

DESCRIPTION

Top

Between the various versions of the DomainKeys/DKIM standards, several different forms of sender "signing" policies have been defined. In order for the Mail::DKIM library to support these different policies, it uses several different subclasses. All subclasses support this general interface, so that a program using Mail::DKIM can support any and all policies found for a message.

METHODS

Top

These methods are supported by all classes implementing the Mail::DKIM::Policy interface.

apply()

Apply the policy to the results of a DKIM verifier.

  my $result = $policy->apply($dkim_verifier);

The caller must provide an instance of Mail::DKIM::Verifier, one which has already been fed the message being verified.

Possible results are:

accept

The message is approved by the sender signing policy.

reject

The message is rejected by the sender signing policy.

neutral

The message is neither approved nor rejected by the sender signing policy. It can be considered suspicious.

as_string()

The policy as a string.

Note that the string returned by this method will not necessarily have the tags ordered the same as the text record found in DNS.

is_implied_default_policy()

Is this policy implied?

  my $is_implied = $policy->is_implied_default_policy;

If you fetch the policy for a particular domain, but that domain does not have a policy published, then the "default policy" is in effect. Use this method to detect when that happens.

location()

Where the policy was fetched from.

This is generally a domain name, the domain name where the policy was published.

If nothing is published for the domain, and the default policy was returned instead, the location will be undef.

name()

Identify what type of policy this is.

This currently returns strings like "sender", "author", and "ADSP". It is subject to change in the next version of Mail::DKIM.

SEE ALSO

Top

Mail::DKIM::DkPolicy - for RFC4870(historical) DomainKeys sender signing policies

Mail::DKIM::DkimPolicy - for early draft DKIM sender signing policies

Mail::DKIM::AuthorDomainPolicy - for Author Domain Signing Practices (ADSP)

AUTHOR

Top

Jason Long, <jlong@messiah.edu>

COPYRIGHT AND LICENSE

Top

Copyright (C) 2006-2009 by Messiah College

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.

Mail-DKIM documentation Contained in the Mail-DKIM distribution. 
#!/usr/bin/perl

# Copyright 2005-2007 Messiah College.
# Jason Long <jlong@messiah.edu>

# Copyright (c) 2004 Anthony D. Urso. All rights reserved.
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.

use strict;
use warnings;

package Mail::DKIM::Policy;

use Mail::DKIM::DNS;


sub fetch
{
	my $class = shift;
	my $waiter = $class->fetch_async(@_);
	return $waiter->();
}

sub fetch_async
{
	my $class = shift;
	my %prms = @_;

	($prms{'Protocol'} eq "dns")
		or die "invalid protocol '$prms{Protocol}'\n";

	my $host = $class->get_lookup_name(\%prms);
	my %callbacks = %{$prms{Callbacks} || {}};
	my $on_success = $callbacks{Success} || sub { $_[0] };
	$callbacks{Success} = sub {
			my $resp = shift;
			unless ($resp)
			{
				# no response => NXDOMAIN, use default policy
				return $on_success->($class->default);
			}

			my $strn;
			foreach my $ans ($resp) {
				next unless $ans->type eq "TXT";
				$strn = join "", $ans->char_str_list;
			}

			unless ($strn)
			{
				# empty record found in DNS, use default policy
				return $on_success->($class->default);
			}

			my $self = $class->parse(
					String => $strn,
					Domain => $prms{Domain},
					);
			return $on_success->($self);
		};

	#
	# perform DNS query for domain policy...
	#
	my $waiter = Mail::DKIM::DNS::query_async(
			$host, "TXT",
			Callbacks => \%callbacks,
			);
	return $waiter;
}

sub parse
{
	my $class = shift;
	my %prms = @_;

	my $text = $prms{"String"};
	my %tags;
	foreach my $tag (split /;/, $text)
	{
		# strip whitespace
		$tag =~ s/^\s+|\s+$//g;

		my ($tagname, $value) = split /=/, $tag, 2;
		unless (defined $value)
		{
			die "policy syntax error\n";
		}

		$tagname =~ s/\s+$//;
		$value =~ s/^\s+//;
		$tags{$tagname} = $value;
	}

	$prms{tags} = \%tags;
	return bless \%prms, $class;	
}


sub apply
{
	my $self = shift;
	my ($dkim) = @_;

	my $first_party;
	foreach my $signature ($dkim->signatures)
	{
		next if $signature->result ne "pass";

		my $oa = $dkim->message_sender->address;
		if ($signature->identity_matches($oa))
		{
			# found a first party signature
			$first_party = 1;
			last;
		}
	}

	return "accept" if $first_party;
	return "reject" if ($self->signall && !$self->testing);
	return "neutral";
}


sub as_string
{
       my $self = shift;

       return join("; ", map { "$_=" . $self->{tags}->{$_} }
               keys %{$self->{tags}});
}


sub is_implied_default_policy
{
	my $self = shift;
	my $default_policy = ref($self)->default;
	return ($self == $default_policy);
}


sub location
{
	my $self = shift;
	return $self->{Domain};
}


1;