Fix support for DKIM signing when forwarding and aliasing is enabled

[X-Ryl669]

This partially solve DMARC failing and forwarded message considered as spam.
Fixes #2774

The other requirement are out of haraka's repository. One must enable SRS plugin (or use my alias_forward plugin which does both).

[msimerson]

Should this be a compound conditional? Does something else set txn.notes.forward?

[X-Ryl669]

The alias forwarding plugins sets them (at least mine does). See here

[msimerson]

I understand that, but why make that a compound conditional? (those tend to increase in complexity over time.). Why not simply do this?

if (txn.notes.forward) return domain; // forwarding, only use the Envelope

[X-Ryl669]

Sure that's possible if you prefer.

[msimerson]

Sure that's possible if you prefer.

Simpler is better, and that's simpler. Anyone can glance at that and know exactly when it'll execute.

[msimerson]

Forgive me if any of these are dumb questions. You're the most recent person to think through this issue so I'm asking now.

There's several cases here and I'd like someone to be confident that this change does The Right Thing in all of these cases:

1. typical outbound (From header, then ENV FROM)
2. forwarding (?)
3. aliasing (?)
4. forwarding and aliasing (ENV FROM)

[X-Ryl669]

• typical outbound (From header, then ENV FROM)

As previously.

• forwarding (?)

If you forward a mail without any modification, you don't need to sign it since any previous signature remains valid. You might need to use SRS if the source domain is using SPF.
I'm not sure what is the difference here with plain relaying. For me, this situation is a bit strange since I don't think of any reason a SMTP server would connect to your domain to send an email to another domain (it should connect to the other domain directly, shouldn't it?)

• aliasing (?)

Aliasing only means you are the recipient SMTP server (typically, you received test@domain.com and you alias to bob@domain.com) so you'll never enable DKIM sign here but DKIM verify (so this change does not apply).

• forwarding and aliasing (ENV FROM)

This PR, no need to explain further.

[msimerson]

For me, this situation is a bit strange since I don't think of any reason a SMTP server would connect to your domain to send an email to another domain (it should connect to the other domain directly, shouldn't it?)

This is a very frequent use of a SMTP server. The typical description for a MTA like Haraka/Postfix/Sendmail/Exim serving in this role is a Message Submission Agent.

You keep equating a mail server with a domain and that's too narrow. Many (most?) MTAs serve more than one domain. My own Haraka instance accepts and relays mail for many domains.

[X-Ryl669]

Ok. If you forward but don't set notes.forward to true, then nothing is going to change from previous behavior. Do you have rcpt_to.alias_forward in your plugin list ?

[msimerson]

Ok. If you forward but don't set notes.forward to true, then nothing is going to change from previous behavior. Do you have rcpt_to.alias_forward in your plugin list?

I don't. I have some aliases I want to move into Haraka but have yet to do it.

[X-Ryl669]

Here's the adapted code. To answer the question about forwarding only, in case you are using a Haraka as a MSA, if I understand correctly, the client should provide a mail_from value, so domain will be set. If you don't enable aliasing, then no change to the previous behavior will be done. If you enable aliasing then only mail who are accepted by the aliasing plugin will have their transaction modified to include forward = true, as expected.

If you intend to implement aliasing please check the 2 tutorials I've written here as it is easier to copy & modify than trying to understand each plugin specificity (DKIM_sign is a real pain to set up right since it implies so many external steps).

[msimerson]

I've looked at the adapted code, looks the same as before. Am I missing something?

[X-Ryl669]

Ahem*... Cough... Well sorry, forgot to commit my changes before amending. Should be ok now.