dk-milter happily signs mail from subdomains, but fails to
verify it's own emails signed in such a manner.
The first part of this patch addresses the comparison of
the domain of the sender address to the domain in the
domainkey header. At the moment it compares a
substring of the sender domain to the sender domain,
instead of comparing it to the domain specified in the
signature. This patch fixes that.
The second part deals with overwriting dk->dk_domain
with the part after @ in the sender -- it doesn't make
sense to do this if we already found the domain to use
in the domainkey-signature header...
Log in to post a comment.