Looks like the first step in dkim_policy, where the validity of the signature is checked, is never executed.
The parameter pstate was added to dkim_policy in 2.4.1, it's set to NULL when mlfi_eom calls dkim_policy and doesn't change until it's tested to see whether a valid signature exists:
** 1. If a valid Originator Signature exists, the message is
** not Suspicious, and the algorithm terminates.
if (pstate != NULL && pstate->ps_state < 1)
With dkim=strict and no "t" tag it falls through to step 10 and the message is considered suspicious.
Log in to post a comment.