From: Murray S. Kucherawy <msk@se...> - 2007-05-17 22:21:06
A new version of dkim-milter is now available for download from SourceForge.
This release contains a few minor changes and fixes, but is mainly a new
feature release containing a lot of new stuff in the libdkim library.
The main new additions include a couple of new signing options
(diagnostics, signature expirations, absent header protection) and a set
of callbacks that can be used by the caller to receive, analyze and
prioritize signatures before the library begins the work of performing a
signature verification. This latter enhancement is the first major step
toward adding full capacity to handle messages bearing multiple
The SourceForge package now contains, in addition to the source tarball, a
file containing the MD5 signature you should expect to get after download.
The formal release notes entry:
Add a dkim-stats(8) man page. Contributed by Mike Markley.
Add "SignatureTTL", "Diagnostics" and "AlwaysSignHeaders" options to
the configuration file and man page.
Add _FFR_ZTAGS for optionally saving diagonstic information when a
signature fails if the signature contained a "z=" tag.
Still more minor fixes in _FFR_STATS related to DB versions.
Feature request #SF1473129: Split configuration file details
into their own man page.
LIBDKIM: Still more minor fixes in _FFR_QUERY_CACHE related to DB
versions. Reported by Ben Lentz.
LIBDKIM: Remove dkim_getidentity(), as the function it provides
isn't part of DKIM. Instead, provide that functionality
LIBDKIM: Add a new option DKIM_OPTS_ALWAYSHDRS which allows
specification of a list of header names which should always
be included in signature header lists whether or not
the headers were actually present, preventing them from
being added downstream before verification.
LIBDKIM: Add a new option DKIM_OPTS_SIGNATURETTL which allows
the caller to assert a time-to-live on signatures generated.
This causes the "x=" tag to appear in signatures.
LIBDKIM: Add a new library flag DKIM_LIBFLAGS_ZTAGS which causes
signatures generated to include the original header set
encoded for transport so the verifier can use it to
diagnose verification failures. This causes the "z=" tag to
appear in signatures.
LIBDKIM: Add dkim_ohdrs() which extracts the sender's set of headers
if a "z=" tag was present in the signature. This can then
be used by the caller to diagnose verification failures
for signatures which contain them.
LIBDKIM: Add the first large (and yet not the smallest) change to
support multiple signatures. There's now a method via
a few callbacks to give the caller access to the
signatures discovered by the end-of-headers callback.
The caller can analyze the signatures, reorder them,
or flag some to be ignored. After reordering, the library
still simply runs with the first that appears to be
syntactically valid; actual processing of multiple
signatures after the re-ordering will be in an upcoming
LIBDKIM: _FFR_QUERY_CACHE now only covers DNS key lookups, not all
LIBDKIM: Move the method-specific policy lookup functions into
their own new files, dkim-policy.c and dkim-policy.h.
LIBDKIM: Slightly nicer wrapping of "h=" in dkim_getsighdr().
LIBDKIM: Add dkim_set_signer() for specifying the message's
signer for signature generation.
BUILD: More unit tests.
Activate the following FFRs:
Please use the trackers and mailing lists on SourceForge to report problems or
make comments or other suggestions.
Murray S. Kucherawy ========================================= msk@...
Senior Software Engineer Sendmail, Inc. Emeryville, CA, USA
(510) 594-5400 http://www.sendmail.com