LIBDKIM: At the end of dkim_eoh_verify(), don't overwrite any existing
descriptive error text before returning on verification
errors. Problem noted by Andy Fiddaman.
LIBDKIM: Remove redundant assertion of length limits in
dkim_canon_bodychunk(). The code in dkim_canon_write() has it
correct, so use that instead. Problem noted by Mark Martinec.
LIBDKIM: Fix bug #SF1777332: Fix "relaxed" body canonicalization.
Some code from the older implementation was still present
conflicting with the newer code. Reported by Andrey Chernov.
Fix type mismatches regarding restricted lengths. Problems noted
by Jukka Salmi.
Fix bug #SF1743896 (reopened): Don't crash if a From: header with no
domain is found. Patch from Andy Fiddaman.
Fix bug #SF1771520: Return an error from dkim_policy() if the
sender's domain name could not be determined. Patch from
Andy Fiddaman.
Update to new (draft version 06) Authentication-Results: header format.
Do an SSP query for any message that didn't either succeed verification
or cause some kind of internal error, not just those that
failed to verify.
Tighten up the logic used when checking header space allocation.
Heavy cleanup of dkim_eoh() and dkim_eom() via patches from Chris
Behrens of Concentric Network Corporation.
LIBDKIM: Add more fine-grained state control enforcing the order in
which the message processing functions are called. There was
previously a hole which would allow, for example, more headers
to be submitted after a call to dkim_eoh() if a prescreen
callback returned a "tryagain" result.
LIBDKIM: Add dkim_sig_getidentity().
LIBDKIM: Fix bug #SF1769270: Use the default query type to retrieve
signing policy for unsigned messages.
LIBDKIM: Fix bug #SF1769445: Return the correct policy result from
dkim_get_policy_dns() rather than always returning an empty
string. Patch by Andy Fiddaman.
LIBDKIM: Amend dkim_sig_getcanonlen() to include a parameter which
receives the signature length limit, if any.
LIBDKIM: Restore proper value to dkim_bodylen. Problem noted by
Jukka Salmi.
LIBDKIM: Don't inexplicably clear sig_signalg. Problem noted by
Jukka Salmi.
Feature request #SF1761475: Add "ClockDrift" configuration option
for tolerating out-of-synch clocks. Suggested by Kaspar Brand.
Feature request #SF1761481: Add "SyslogSuccess" configuration option
for logging successful operations rather than just errors
or other informational messages. Suggested by Kaspar Brand.
Feature request #SF1769888: Amend dkim_policy() to be able to return
the policy type retrieved from the sending domain. Also
add dkim_getpresult() and associated other code to get
additional policy evaluation information. Requested
by Andy Fiddaman.
shipping with dkim-milter) instead of libresolv. Enabled by default
because verifying fails with the bind resolver if the lookup returns
a CNAME, causing dkim-milter to fail with
dkim=permerror (verification error: key DNS reply corrupt)
2.0.2 2007/08/03
Fix bug #SF1766313: Make configuration handling 64-bit friendly.
Other 64-bit portability issues also addressed. Problems
noted by Chris Box.
Add _FFR_DNS_UPGRADE which establishes a second libar instance
in TCP mode for handling truncated UDP replies. Also make
some minor fixes in the key and policy DNS lookup functions
to provide more consistent handling of such responses.
Problems noted by Kaspar Brand; code is still experimental.
are already in pkgsrc, but since they changed quite a bit I think it's
less invasive to test them first in pkgsrc-wip. The main reason for
this is that dkim-milter requires OpenSSL >=0.9.8 to obey RFC 4871,
but that's not yet available in pkgsrc. I'll import an updated OpenSSL
package to pkgsrc-wip shortly...
which plugs in to Sendmail to provide DomainKeys Identified Mail service, and a
library (libdkim) which can be used to build DKIM-compliant applications or
MTAs.
adapted from mail/dk-milter
