- /* Finish DKIM operation and fetch link to signatures chain */
- if (pdkim_feed_finish(dkim_verify_ctx,&dkim_signatures) != PDKIM_OK) return;
-
- sig = dkim_signatures;
- while (sig != NULL) {
- int size = 0;
- int ptr = 0;
- /* Log a line for each signature */
- uschar *logmsg = string_append(NULL, &size, &ptr, 5,
-
- string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
- sig->domain,
- sig->selector,
- (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
- (sig->canon_body == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
- (sig->algo == PDKIM_ALGO_RSA_SHA256)?"rsa-sha256":"rsa-sha1"
- ),
- ((sig->identity != NULL)?
- string_sprintf("i=%s ", sig->identity)
- :
- US""
- ),
- ((sig->created > 0)?
- string_sprintf("t=%lu ", sig->created)
- :
- US""
- ),
- ((sig->expires > 0)?
- string_sprintf("x=%lu ", sig->expires)
- :
- US""
- ),
- ((sig->bodylength > -1)?
- string_sprintf("l=%lu ", sig->bodylength)
- :
- US""
- )
- );
-
- switch(sig->verify_status) {
- case PDKIM_VERIFY_NONE:
- logmsg = string_append(logmsg, &size, &ptr, 1, "[not verified]");
+dkim_collect_input = FALSE;
+
+/* Finish DKIM operation and fetch link to signatures chain */
+
+rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr);
+if (rc != PDKIM_OK)
+ {
+ log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc),
+ errstr ? ": " : "", errstr ? errstr : US"");
+ goto out;
+ }
+
+for (sig = dkim_signatures; sig; sig = sig->next)
+ {
+ int size = 0, ptr = 0;
+ uschar * logmsg = NULL, * s;
+
+ /* Log a line for each signature */
+
+ if (!(s = sig->domain)) s = US"<UNSET>";
+ logmsg = string_append(logmsg, &size, &ptr, 2, "d=", s);
+ if (!(s = sig->selector)) s = US"<UNSET>";
+ logmsg = string_append(logmsg, &size, &ptr, 2, " s=", s);
+ logmsg = string_append(logmsg, &size, &ptr, 7,
+ " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ " a=", sig->algo == PDKIM_ALGO_RSA_SHA256
+ ? "rsa-sha256"
+ : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
+ string_sprintf(" b=%d",
+ (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0));
+ if ((s= sig->identity)) string_append(logmsg, &size, &ptr, 2, " i=", s);
+ if (sig->created > 0) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" t=%lu", sig->created));
+ if (sig->expires > 0) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" x=%lu", sig->expires));
+ if (sig->bodylength > -1) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" l=%lu", sig->bodylength));
+
+ switch (sig->verify_status)
+ {
+ case PDKIM_VERIFY_NONE:
+ logmsg = string_append(logmsg, &size, &ptr, 1, " [not verified]");