-pdkim_signature * sig = NULL;
-int dkim_signers_size = 0, dkim_signers_ptr = 0, rc;
-const uschar * errstr;
-
-store_pool = POOL_PERM;
-
-/* Delete eventual previous signature chain */
-
-dkim_signers = NULL;
-dkim_signatures = NULL;
-
-if (dkim_collect_error)
- {
- log_write(0, LOG_MAIN,
- "DKIM: Error during validation, disabling signature verification: %.100s",
- dkim_collect_error);
- dkim_disable_verify = TRUE;
- goto out;
- }
-
-dkim_collect_input = FALSE;
-
-/* Finish DKIM operation and fetch link to signatures chain */
-
-rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr);
-if (rc != PDKIM_OK)
- {
- log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc),
- errstr ? ": " : "", errstr ? errstr : US"");
- goto out;
- }
-
-for (sig = dkim_signatures; sig; sig = sig->next)
- {
- int size = 0, ptr = 0;
- uschar * logmsg = NULL, * s;
-
- /* Log a line for each signature */
-
- if (!(s = sig->domain)) s = US"<UNSET>";
- logmsg = string_append(logmsg, &size, &ptr, 2, "d=", s);
- if (!(s = sig->selector)) s = US"<UNSET>";
- logmsg = string_append(logmsg, &size, &ptr, 2, " s=", s);
- logmsg = string_append(logmsg, &size, &ptr, 7,
- " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- " a=", sig->algo == PDKIM_ALGO_RSA_SHA256
- ? "rsa-sha256"
- : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
- string_sprintf(" b=%d",
- (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0));
- if ((s= sig->identity)) logmsg = string_append(logmsg, &size, &ptr, 2, " i=", s);
- if (sig->created > 0) logmsg = string_append(logmsg, &size, &ptr, 1,
- string_sprintf(" t=%lu", sig->created));
- if (sig->expires > 0) logmsg = string_append(logmsg, &size, &ptr, 1,
- string_sprintf(" x=%lu", sig->expires));
- if (sig->bodylength > -1) logmsg = string_append(logmsg, &size, &ptr, 1,
- string_sprintf(" l=%lu", sig->bodylength));
-
+gstring * logmsg;
+uschar * s;
+
+if (!sig) return;
+
+logmsg = string_catn(NULL, US"DKIM: ", 6);
+if (!(s = sig->domain)) s = US"<UNSET>";
+logmsg = string_append(logmsg, 2, "d=", s);
+if (!(s = sig->selector)) s = US"<UNSET>";
+logmsg = string_append(logmsg, 2, " s=", s);
+logmsg = string_append(logmsg, 7,
+" c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+"/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+" a=", dkim_sig_to_a_tag(sig),
+string_sprintf(" b=" SIZE_T_FMT,
+ (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0));
+if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s);
+if (sig->created > 0) logmsg = string_cat(logmsg,
+ string_sprintf(" t=%lu", sig->created));
+if (sig->expires > 0) logmsg = string_cat(logmsg,
+ string_sprintf(" x=%lu", sig->expires));
+if (sig->bodylength > -1) logmsg = string_cat(logmsg,
+ string_sprintf(" l=%lu", sig->bodylength));
+
+if ( !dkim_verify_status
+ || ( dkim_verify_status == dkim_exim_expand_query(DKIM_VERIFY_STATUS)
+ && dkim_verify_reason == dkim_exim_expand_query(DKIM_VERIFY_REASON)
+ ) )