From: Murray S. K. <ms...@se...> - 2007-05-17 22:21:06
|
A new version of dkim-milter is now available for download from SourceForge. This release contains a few minor changes and fixes, but is mainly a new feature release containing a lot of new stuff in the libdkim library. The main new additions include a couple of new signing options (diagnostics, signature expirations, absent header protection) and a set of callbacks that can be used by the caller to receive, analyze and prioritize signatures before the library begins the work of performing a signature verification. This latter enhancement is the first major step toward adding full capacity to handle messages bearing multiple signatures. The SourceForge package now contains, in addition to the source tarball, a file containing the MD5 signature you should expect to get after download. The formal release notes entry: 0.8.0 2007/05/17 Add a dkim-stats(8) man page. Contributed by Mike Markley. Add "SignatureTTL", "Diagnostics" and "AlwaysSignHeaders" options to the configuration file and man page. Add _FFR_ZTAGS for optionally saving diagonstic information when a signature fails if the signature contained a "z=" tag. Still more minor fixes in _FFR_STATS related to DB versions. Feature request #SF1473129: Split configuration file details into their own man page. LIBDKIM: Still more minor fixes in _FFR_QUERY_CACHE related to DB versions. Reported by Ben Lentz. LIBDKIM: Remove dkim_getidentity(), as the function it provides isn't part of DKIM. Instead, provide that functionality in dkim-filter. LIBDKIM: Add a new option DKIM_OPTS_ALWAYSHDRS which allows specification of a list of header names which should always be included in signature header lists whether or not the headers were actually present, preventing them from being added downstream before verification. LIBDKIM: Add a new option DKIM_OPTS_SIGNATURETTL which allows the caller to assert a time-to-live on signatures generated. This causes the "x=" tag to appear in signatures. LIBDKIM: Add a new library flag DKIM_LIBFLAGS_ZTAGS which causes signatures generated to include the original header set encoded for transport so the verifier can use it to diagnose verification failures. This causes the "z=" tag to appear in signatures. LIBDKIM: Add dkim_ohdrs() which extracts the sender's set of headers if a "z=" tag was present in the signature. This can then be used by the caller to diagnose verification failures for signatures which contain them. LIBDKIM: Add the first large (and yet not the smallest) change to support multiple signatures. There's now a method via a few callbacks to give the caller access to the signatures discovered by the end-of-headers callback. The caller can analyze the signatures, reorder them, or flag some to be ignored. After reordering, the library still simply runs with the first that appears to be syntactically valid; actual processing of multiple signatures after the re-ordering will be in an upcoming release. LIBDKIM: _FFR_QUERY_CACHE now only covers DNS key lookups, not all key lookups. LIBDKIM: Move the method-specific policy lookup functions into their own new files, dkim-policy.c and dkim-policy.h. LIBDKIM: Slightly nicer wrapping of "h=" in dkim_getsighdr(). LIBDKIM: Add dkim_set_signer() for specifying the message's signer for signature generation. BUILD: More unit tests. Activate the following FFRs: _FFR_QUARANTINE _FFR_REPORTINFO Please use the trackers and mailing lists on SourceForge to report problems or make comments or other suggestions. -- Murray S. Kucherawy ========================================= ms...@se... Senior Software Engineer Sendmail, Inc. Emeryville, CA, USA (510) 594-5400 http://www.sendmail.com |