da48d52528
Take advantage of some more features that were introduced with
milter v2 in sendmail 8.14.0:
o If all canonicalizations are satisfied in terms of
length limits, advise the MTA to stop sending the
message body to reduce unneeded I/O.
o Turn off as many unnecessary SMTP protocol steps as
possible.
o Fail option negotiation if any of the milter features
required are not available.
o If specific MTA macros are to be used for making the
sign vs. verify decision, explicitly request them.
Prevent corruption in Authentication-Results: headers caused
by signatures that have explicit "i=" values.
Report "hardfail" instead of "fail" on authentication failures,
in compliance with the Authentication-Results: draft.
Amend the "-M" command line option and "MacroList" configuration
options to allow a list of possible values for each
macro.
Add _FFR_SELECTOR_HEADER, adding the means to choose which selector
(and thus which key) is used to sign based on the value
found in a particular header. Requested by Steve Jones
of Bank of America.
Add dkimf_dstring*() (dynamic string) functions and clean up some
code by making use of it.
Skip all the userid and group changes when either "-u" or "UserID"
is in use if the requested user is the same as the
executing user.
Fix use of "UseSSPDeny" to include handling of unsigned messages.
Fix bug #SF1834701: Log a warning and temp-fail the message if
a key list is in use that didn't match the sender for a
message which should be signed. Problem noted by Jim
Hermann.
Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do
substring replacement before signing to anticipate things
like the MTA "masquerade" and "genericstable" functions.
Requires further development.
Replace "gentxt.csh" with more robust "dkim-genkey" utility.
Feature request #SF1811962: Add new utilities "dkim-testkey" which
verifies that a public key is readable and properly formatted
and matches the locally-provided private key, and
"dkim-testssp" which retrieves a domain's sender signing
practises record and prints it in a human-readable form.
Based on code contributed by Daniel Black.
Feature request #SF1817253: Add "UMask" configuration file option.
Suggested by Daniel Black.
Feature request #SF1818863: Add a section to site.config.m4.dist
to request a build of the shared object version of libdkim.
Requested by Chris Behrens of Concentric Network Corporation.
Feature request #SF1834748: Use a more meaningful SMTP reply when
rejecting a message at the SMTP level due to SSP. Suggested
by S. Moonesamy of Eland Systems.
LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer
count comes back zero, rather than DKIM_STAT_CANTVRFY.
Problem noted by Chris Behrens of Concentric Network
Corporation.
LIBDKIM: Plug a memory leak in dkim_get_key(). Problem noted by
Chris Behrens of Concentric Network Corporation.
LIBDKIM: Replace a dicey memcpy() call with memmove(). Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback
return codes, and DKIM_STAT_CBERROR return code. Suggested
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add dkim_minbody() to determine how much more body text
is required to satisfy canonicalizations.
LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for
translation of SSP handling and policy codes into printable
strings.
LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can
be used to detect that the timestamp on a signature and the
value of the Date: header wildly differ. Incomplete.
LIBDKIM: If a message comes in with no properly-formed sender headers,
dkim_eoh() now renders the DKIM handle unusable by later
data processing calls.
LIBDKIM: Fix arithmetic in dkim_sig_expired().
LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return
from rfc2822_mailbox_split() (was previously only checking
for an error code or NULL domain). Problem noted by Chris
Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1819489: Fix signature header name check in
dkim_header(). Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Fix bug #SF1819559: Fix key granularity processing.
LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys.
LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up to 64 bits
since RFC4871 requires at least 40.
LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag.
LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated
list of values to parse.
LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable
so do appropriate decoding.
LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must
contain at least CRLF.
LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly
malformed signature headers. Problem noted by Chris Behrens
of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code
to use the draft-ietf-dkim-ssp-01 algorithm. Problem noted
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle
error returns from the subordinate lookup functions. Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822331: Use consistent return codes in
dkim_get_policy_dns(). Problem noted by Chris Behrens of
Concentric Network Corporation.
LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize
during verification, disregard spaces between the header name
and the colon (":") character. Problem noted by James
Sargent of AOL.
LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing
key and policy flags. Problems noted by Marc Martinec.
LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor
function for dkim_domain. Requested by Chris Behrens of
Concentric Network Corporation.
Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and
_FFR_SELECT_SIGN_HEADERS.
|
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||
| TODO | ||