-/* $Cambridge: exim/src/src/dkim.c,v 1.1.2.12 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/dkim.c,v 1.1.2.13 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
void dkim_exim_verify_finish(void) {
+ int dkim_signing_domains_size = 0;
+ int dkim_signing_domains_ptr = 0;
+ dkim_signing_domains = NULL;
/* Delete eventual previous signature chain */
dkim_signatures = NULL;
/* Finish DKIM operation and fetch link to signatures chain */
if (pdkim_feed_finish(dkim_verify_ctx,&dkim_signatures) != PDKIM_OK) return;
- /* Log a line for each signature */
+
while (dkim_signatures != NULL) {
int size = 0;
int ptr = 0;
+ /* Log a line for each signature */
uschar *logmsg = string_append(NULL, &size, &ptr, 5,
string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
(dkim_signatures->canon_body == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
(dkim_signatures->algo == PDKIM_ALGO_RSA_SHA256)?"rsa-sha256":"rsa-sha1"
),
-
((dkim_signatures->identity != NULL)?
string_sprintf("i=%s ", dkim_signatures->identity)
:
logmsg[ptr] = '\0';
log_write(0, LOG_MAIN, (char *)logmsg);
- /* Log next signature */
+ /* Build a colon-separated list of signing domains in dkim_signing_domains */
+ dkim_signing_domains = string_append(dkim_signing_domains,
+ &dkim_signing_domains_size,
+ &dkim_signing_domains_ptr,
+ 2,
+ dkim_signatures->domain,
+ ":")
+ );
+
+ /* Process next signature */
dkim_signatures = dkim_signatures->next;
}
+
+ /* Chop the last colon from the domain list */
+ if ((dkim_signing_domains != NULL) &&
+ (Ustrlen(dkim_signing_domains) > 0))
+ dkim_signing_domains[strlen(dkim_signing_domains)-1] = '\0';
}
-/* $Cambridge: exim/src/src/expand.c,v 1.97.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.97.2.2 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#ifndef DISABLE_DKIM
{ "dkim_domain", vtype_stringptr, &dkim_signing_domain },
{ "dkim_selector", vtype_stringptr, &dkim_signing_selector },
+ { "dkim_signing_domains",vtype_stringptr, &dkim_signing_domains },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_matched", vtype_stringptr, &dnslist_matched },
sprintf(CS var_buffer, "%d", inodes);
}
return var_buffer;
+
}
}
-/* $Cambridge: exim/src/src/globals.c,v 1.81.2.4 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.81.2.5 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
uschar *acl_smtp_auth = NULL;
uschar *acl_smtp_connect = NULL;
uschar *acl_smtp_data = NULL;
+#ifndef DISABLE_DKIM
+uschar *acl_smtp_dkim = NULL;
+#endif
uschar *acl_smtp_etrn = NULL;
uschar *acl_smtp_expn = NULL;
uschar *acl_smtp_helo = NULL;
US"MAIL",
US"PREDATA",
US"MIME",
+ US"DKIM",
US"DATA",
US"non-SMTP",
US"AUTH",
US"550", /* MAIL */
US"550", /* PREDATA */
US"550", /* MIME */
+ US"550", /* DKIM */
US"550", /* DATA */
US"0", /* not SMTP; not relevant */
US"503", /* AUTH */
BOOL disable_logging = FALSE;
#ifndef DISABLE_DKIM
+uschar *dkim_signing_domains = NULL;
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
-uschar *dkim_verify_domains = US"@dkim_signed";
+uschar *dkim_verify_domains = US"$dkim_signing_domains";
BOOL dkim_collect_input = FALSE;
BOOL dkim_disable_verify = FALSE;
#endif
-/* $Cambridge: exim/src/src/globals.h,v 1.62.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/globals.h,v 1.62.2.4 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern uschar *acl_smtp_auth; /* ACL run for AUTH */
extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */
extern uschar *acl_smtp_data; /* ACL run after DATA received */
+#ifndef DISABLE_DKIM
+extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */
+#endif
extern uschar *acl_smtp_etrn; /* ACL run for ETRN */
extern uschar *acl_smtp_expn; /* ACL run for EXPN */
extern uschar *acl_smtp_helo; /* ACL run for HELO/EHLO */
extern BOOL disable_logging; /* Disables log writing when TRUE */
#ifndef DISABLE_DKIM
-extern uschar *dkim_signing_domain; /* Domain used for signing a message. */
-extern uschar *dkim_signing_selector; /* Selector used for signing a message. */
-extern uschar *dkim_verify_domains; /* Colon-separated list of domains for each of which we call the DKIM ACL */
-extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
-extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
+extern uschar *dkim_signing_domains; /* Expansion variable, holds colon-separated list of domains that have signed a message */
+extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */
+extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */
+extern uschar *dkim_verify_domains; /* Colon-separated list of domains for each of which we call the DKIM ACL */
+extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
+extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
#endif
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
-/* $Cambridge: exim/src/src/macros.h,v 1.37 2008/09/29 11:41:07 nm4 Exp $ */
+/* $Cambridge: exim/src/src/macros.h,v 1.37.2.1 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
ACL_WHERE_MAIL, /* ) */
ACL_WHERE_PREDATA, /* ) There are several tests for "in message", */
ACL_WHERE_MIME, /* ) implemented by <= WHERE_NOTSMTP */
+ ACL_WHERE_DKIM, /* ) */
ACL_WHERE_DATA, /* ) */
ACL_WHERE_NOTSMTP, /* ) */
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.16 2009/05/20 14:30:15 tom Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.17 2009/05/27 17:26:55 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
#define PDKIM_MAX_HEADER_LEN 65536
#define PDKIM_MAX_HEADERS 512
-#define PDKIM_MAX_BODY_LINE_LEN 1024
+#define PDKIM_MAX_BODY_LINE_LEN 16384
#define PDKIM_DNS_TXT_MAX_NAMELEN 1024
#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
"Message-ID:To:Cc:MIME-Version:Content-Type:"\
-/* $Cambridge: exim/src/src/readconf.c,v 1.35.2.1 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/readconf.c,v 1.35.2.2 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
{ "acl_smtp_auth", opt_stringptr, &acl_smtp_auth },
{ "acl_smtp_connect", opt_stringptr, &acl_smtp_connect },
{ "acl_smtp_data", opt_stringptr, &acl_smtp_data },
+#ifndef DISABLE_DKIM
+ { "acl_smtp_dkim", opt_stringptr, &acl_smtp_dkim },
+#endif
{ "acl_smtp_etrn", opt_stringptr, &acl_smtp_etrn },
{ "acl_smtp_expn", opt_stringptr, &acl_smtp_expn },
{ "acl_smtp_helo", opt_stringptr, &acl_smtp_helo },
-/* $Cambridge: exim/src/src/receive.c,v 1.45.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/receive.c,v 1.45.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
{
#ifndef DISABLE_DKIM
- if (!dkim_disable_verify) dkim_exim_verify_finish();
-#endif
+ if (!dkim_disable_verify)
+ {
+ /* Finish verification, this will log individual signature results to
+ the mainlog */
+ dkim_exim_verify_finish();
+
+ /* Check if we must run the DKIM ACL */
+ if ((acl_smtp_dkim != NULL) &&
+ (dkim_verify_domains != NULL) &&
+ (dkim_verify_domains[0] != '\0'))
+ {
+ uschar *dkim_verify_domains_expanded =
+ expand_string(dkim_verify_domains);
+ if (dkim_verify_domains_expanded == NULL)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "expansion of dkim_verify_domains option failed: %s",
+ expand_string_message);
+ }
+ else
+ {
+ int sep = 0;
+ uschar *ptr = dkim_verify_domains_expanded;
+ uschar *item = NULL;
+ uschar itembuf[256];
+ while ((item = string_nextinlist(&ptr, &sep,
+ itembuf,
+ sizeof(itembuf))) != NULL)
+ {
+
+
+ rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg);
+ if (rc != OK) break;
+ }
+
+ add_acl_headers(US"DKIM");
+ }
+ }
+ }
+#endif /* DISABLE_DKIM */
#ifdef WITH_CONTENT_SCAN
if (acl_smtp_mime != NULL &&
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.63.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.63.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
bmi_verdicts = NULL;
#endif
#ifndef DISABLE_DKIM
+dkim_signing_domains = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif
-/* $Cambridge: exim/src/src/spool_in.c,v 1.23.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/src/src/spool_in.c,v 1.23.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#endif
#ifndef DISABLE_DKIM
+dkim_signing_domains = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif
git://git.exim.org / users / jgh / exim.git / commitdiff