After expansion, this can be a list.
Each element in turn is put into the &%$dkim_domain%& expansion variable
while expanding the remaining signing options.
-If it is empty after expansion, DKIM signing is not done.
+If it is empty after expansion, DKIM signing is not done,
+and no error will result even if &%dkim_strict%& is set.
.option dkim_selector smtp string list&!! unset
This sets the key selector string.
Each element in turn is put in the expansion
variable &%$dkim_selector%& which may be used in the &%dkim_private_key%&
option along with &%$dkim_domain%&.
-If the option is empty after expansion, DKIM signing is not done for this domain.
+If the option is empty after expansion, DKIM signing is not done for this domain,
+and no error will result even if &%dkim_strict%& is set.
.option dkim_private_key smtp string&!! unset
This sets the private key to use.
be signed. This case will not result in an error, even if &%dkim_strict%&
is set.
.endlist
-If the option is empty after expansion, DKIM signing is not done.
.option dkim_hash smtp string&!! sha256
Can be set alternatively to &"sha1"& to use an alternate hash
}
-/* Generate signatures for the given file, returning a string.
+/* Generate signatures for the given file.
If a prefix is given, prepend it to the file for the calculations.
+
+Return:
+ NULL: error; error string written
+ string: signature header(s), or a zero-length string (not an error)
*/
gstring *
}
}
}
+if (!ctx.sig)
+ {
+ DEBUG(D_transport) debug_printf("DKIM: no viable signatures to use\n");
+ sigbuf = string_get(1); /* return a zero-len string */
+ goto CLEANUP;
+ }
-if (prefix)
- pdkim_feed(&ctx, prefix, Ustrlen(prefix));
+if (prefix && (pdkim_feed(&ctx, prefix, Ustrlen(prefix))) != PDKIM_OK)
+ goto pk_bad;
if (lseek(fd, off, SEEK_SET) < 0)
sread = -1;
for (sigbuf = NULL; sig; sig = sig->next)
sigbuf = string_append(sigbuf, 2, US sig->signature_header, US"\r\n");
-(void) string_from_gstring(sigbuf);
-
CLEANUP:
+ (void) string_from_gstring(sigbuf);
store_pool = old_pool;
errno = save_errno;
return sigbuf;
.ifdef VALUE
dkim_hash = VALUE
.endif
+.ifdef STRICT
+ dkim_strict = STRICT
+.endif
# End
1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbL-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00"
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbN-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbL-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: <d@test.ex> R=server_dump
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
+1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbO-0005vi-00 data acl: dkim status
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbN-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <a@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
exim -d-all+acl -DOPT=From -DSELECTOR=sel_bad -odf d@test.ex
From: nobody@example.com
+content
+****
+#
+# check that an empty dkim_privatekey overrides dkim_strict
+exim -DOPT=From -DSTRICT=true -DSELECTOR=none -odf a@test.ex
+From: nobody@example.com
+
content
****
#
>>> end of inline ACL: ACCEPT
>>> host in ignore_fromline_hosts? no (option unset)
>>> using ACL "check_dkim"
->>> processing "accept"
+>>> processing "warn"
>>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
>>> = signer: test.ex bits: 1024
LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024
+>>> warn: condition test succeeded in ACL "check_dkim"
+>>> processing "accept"
>>> accept: condition test succeeded in ACL "check_dkim"
>>> end of ACL "check_dkim": ACCEPT
LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded]
git://git.exim.org / exim.git / commitdiff