From: Murray S. K. <ms...@se...> - 2008-03-07 06:30:11
|
A new version of dkim-milter is now available for download from SourceForge. This is a major release, adding a number of feature requests and making some changes in line with recent changes to relevant IETF specifications. In particular, one configuration file item has been renamed. Please me familiar with the changes as described below before upgrading. The formal release notes entry: 2.5.0 2008/03/06 Add "AutoRestartCount" and "AutoRestartRate" configuration parameters to limit runaway restart loops. Feature request #SF1735573: Add "AlwaysAddARHeader" option, which will add an Authentication-Results of "none" for unsigned messages from domains without a "strict" policy. Feature request #SF1807748: Reload the configuration file on receipt of SIGUSR1. Requested by Florian Sager. Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a "BodyLengthDBFile" feature, allowing a per-recipient decision on whether or not to use an "l=" tag when signing. Patch contributed by Daniel Black. Feature request #SF1841955: Add an "Include" facility to the configuration file. Feature request #SF1876941: Make the syslog facility selectable. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the job ID to be included as part of the "authserv-id" in Authentication-Results: headers. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1890581: Attempt to clean up a UNIX domain socket in the non-AutoRestart case as well. Requested by Daniel Black. Add "MilterDebug" configuration file option for requesting debugging output from the filter. Add "FixCRLF" configuration file option which activates the DKIM_LIBFLAGS_FIXCRLF flag (see below). Update to draft-ietf-dkim-ssp-03. In doing so, rename the "UseSSPDeny" configuration option to "UseASPDiscard". Handle an error from dkim_getsighdr() properly in mlfi_eom(). When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh() between dk_verify() and dk_eoh() or a segmentation fault below dk_body() could result. LIBDKIM: Feature request #SF1823059: Export key, signature and policy syntax checking capability via the API. Based on a patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Assert defaults for "c" and "q" tags when parsing signature headers. Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Better handling of truncated DNS replies; instead of just giving up if the "tc" (truncated) bit is set in the reply, see if there was enough of a reply returned to be able to complete the request. LIBDKIM: Fix recycling bug in header canonicalizations which was causing signatures other than the first one to fail in most cases. LIBDKIM: Add new dkim_chunk() interface. LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there were no valid signatures. LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked" CRs and LFs be converted to CRLFs during canonicalization when signing. LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs(). LIBAR: Eliminate a possible race condition in ar_dispatcher(). LIBAR: Timeouts passed to select() can't be bigger than 10^8. Problem noted by S. Moonesamy of Eland Systems. BUILD: Feature request #SF1876242: Install the filter in EBINDIR and everything else in UBINDIR. Please use the trackers and mailing lists on SourceForge to report problems or make comments or other suggestions. -- Murray S. Kucherawy ========================================= ms...@se... Principal Engineer Sendmail, Inc. Emeryville, CA, USA (510) 594-5400 http://www.sendmail.com |