-
Right now, On-NoSignature action gets blindly applied by the verifier even so there is no policy reord available for the author domain and thus may lead to RFC breakage/unwanted results. Thus
On-NoSignature action should be used ONLY when there is a policy record available.
That means, since "all" and "discardable" checks have already passed the code in question, right now "unknown" aka...
2009-06-29 05:08:19 UTC in dkim-milter
-
Since neither RFC 4871 nor ssp|adsp says, that it is an error or suspicious condition, if an MTA submits a mail with the same author signature domain, for which the receiving MTA is (as well) responsible, this unecessary check and misleading log message should be avoided (or better: don't try to turn dkim-filter into a multi-purpose milter)!
suggested patch attached.
2009-06-29 03:19:41 UTC in dkim-milter
-
Right now, dkimf_libstatus status uses the On-BadSignature action, if the reputation data returned from a query are corrupt/truncated/expired/unexpected or there was an error in transit (DKIM_STAT_CANTVRFY). However, this is completely different than having a bad signature - the signature might be completely ok/valid and most admins probably do not want reject mails, just because the "check...
2009-06-29 03:01:28 UTC in dkim-milter
-
RFC 4871, section 3.6.1 says, that if the tag-list in the DNS record contains a flag value of 'y' (i.e. t="y[:s]"), the "Verifiers MUST NOT treat messages from signers in testing mode differently from unsigned email, even should the signature fail to verify.". However, dkim-filter rejects mail. E.g.
----- The following addresses had permanent fatal errors -----
...
2009-06-27 00:00:10 UTC in dkim-milter
-
Since t-signperf/t-verifyperf do not check the return state of libdkim ops, several tests are usually skipped (return immediately with none 0 result) and thus produces invalid (much "better") results than it should be.
Suggested patches are attached.
2009-06-26 23:11:44 UTC in dkim-milter
-
Actually t-test117.c produces wrong results (FAIL), when envvar DKIM_TMPDIR is set to different value than the default.
Suggested fix is attached.
2009-06-26 23:07:03 UTC in dkim-milter
-
Right now, dkim-filter.8 and dkim-filter.conf.5 state, that the signing algorithm depends on openssl 0.9.8. However this is wrong, since e.g. even openssl 0.9.7 can be enhanced to use arbitrary mechanisms, digests, ciphers (BTW: not only in theory, I actually did that for solaris 10).
Instead the man pages should refer to 'dkim-filer -V' to see what algorithms are available and give a hint...
2009-06-26 23:03:00 UTC in dkim-milter
-
It turns out, that that dkim.h needs to include limits.h (SunOS 5.10 Generic_139556-08 aka S10u7)
2009-06-20 07:25:22 UTC in dkim-milter
-
elkner.idev dkim-milter-2.8.3/obj.SunOS.5.10.i86pc/libdkim > ./t-test100 *** exercise dkim_minbody()
res=18446744073709551615 , max= 4294967295
Assertion failed: x == y, file t-test100.c, line 141
Abort (core dumped)
t-test100 was modified to show the problem as follows:
x = dkim_minbody(dkim);
y = ULONG_MAX;
fprintf(stderr,"res=%lu , max= %lu\n", x, y);...
2009-06-20 05:54:45 UTC in dkim-milter
-
One may use the ant concat task and than compress using yuicompressor. E.g.:
2008-05-26 16:06:05 UTC in YUI Library
