From dfbcb5ac660065b097b0ad0cb2c26357899f0c64 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 18 Feb 2018 00:33:28 +0000 Subject: [PATCH 1/1] Expansions: new ${authresults {mch}} for an Authentication-Results header --- doc/doc-docbook/spec.xfpt | 25 +++++++++++ doc/doc-txt/NewStuff | 3 ++ src/src/dkim.c | 92 ++++++++++++++++++++++++++++++++++----- src/src/expand.c | 48 ++++++++++++++++++++ src/src/functions.h | 8 ++++ src/src/pdkim/pdkim.h | 1 + src/src/smtp_in.c | 17 ++++++++ src/src/spf.c | 12 +++++ test/confs/3403 | 1 + test/confs/4500 | 1 + test/confs/4600 | 3 ++ test/log/4500 | 5 +++ test/log/4501 | 2 + test/log/4502 | 4 ++ test/log/4503 | 1 + test/log/4504 | 1 + test/log/4506 | 6 +++ test/log/4600 | 2 + test/mail/3403.userx | 2 + test/stderr/4507 | 7 +++ 20 files changed, 230 insertions(+), 11 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index bb7e2cf97..675b0f146 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -9137,6 +9137,31 @@ the expansion result is an empty string. If the ACL returns defer the result is a forced-fail. Otherwise the expansion fails. +.new +.vitem "&*${authresults{*&<&'authserv-id&>&*}}*&" +.cindex authentication "results header" +.cindex headers "authentication-results:" +This item returns a string suitable for insertion as an +&'Authentication-Results"'& +header line. +The given <&'authserv-id'&> is included in the result; typically this +will ba a domain name identifying the system performing the authentications. +Methods that may be present in the result include: +.code +none +iprev +auth +spf +dkim +.endd + +Example use (as an ACL modifier): +.code + add_header = :at_start:${authresults {$primary_hostname}} +.endd +.wen + + .vitem "&*${certextract{*&<&'field'&>&*}{*&<&'certificate'&>&*}&&& {*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&" .cindex "expansion" "extracting certificate fields" diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 180f4b8a7..37f53bf89 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -41,6 +41,9 @@ Version 4.91 11. "exim -bP macro " returns caller-usable status. +12. Expansion item ${authresults {}} for creating an + Authentication-Results: header. + Version 4.90 ------------ diff --git a/src/src/dkim.c b/src/src/dkim.c index 423aad49c..571586130 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -151,6 +151,12 @@ uschar * s; if (!sig) return; +if ( dkim_verify_status + && ( dkim_verify_status != dkim_exim_expand_query(DKIM_VERIFY_STATUS) + || dkim_verify_reason != dkim_exim_expand_query(DKIM_VERIFY_REASON) + ) ) + sig->verify_status |= PDKIM_VERIFY_POLICY; + if ( !dkim_verify_overall && dkim_verify_status ? Ustrcmp(dkim_verify_status, US"pass") == 0 @@ -166,9 +172,9 @@ logmsg = string_append(logmsg, 2, "d=", s); if (!(s = sig->selector)) s = US""; logmsg = string_append(logmsg, 2, " s=", s); logmsg = string_append(logmsg, 7, -" c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", -"/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", -" a=", dkim_sig_to_a_tag(sig), + " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + " a=", dkim_sig_to_a_tag(sig), string_sprintf(" b=" SIZE_T_FMT, (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0)); if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s); @@ -179,10 +185,10 @@ if (sig->expires > 0) logmsg = string_cat(logmsg, if (sig->bodylength > -1) logmsg = string_cat(logmsg, string_sprintf(" l=%lu", sig->bodylength)); -if ( !dkim_verify_status - || ( dkim_verify_status == dkim_exim_expand_query(DKIM_VERIFY_STATUS) - && dkim_verify_reason == dkim_exim_expand_query(DKIM_VERIFY_REASON) - ) ) +if (sig->verify_status & PDKIM_VERIFY_POLICY) + logmsg = string_append(logmsg, 5, + US" [", dkim_verify_status, US" - ", dkim_verify_reason, US"]"); +else switch (sig->verify_status) { case PDKIM_VERIFY_NONE: @@ -233,7 +239,7 @@ if ( !dkim_verify_status logmsg = string_cat(logmsg, US"signature did not verify " "(headers probably modified in transit)]"); - break; + break; default: logmsg = string_cat(logmsg, US"unspecified reason]"); @@ -244,9 +250,6 @@ if ( !dkim_verify_status logmsg = string_cat(logmsg, US" [verification succeeded]"); break; } -else - logmsg = string_append(logmsg, 5, - US" [", dkim_verify_status, US" - ", dkim_verify_reason, US"]"); log_write(0, LOG_MAIN, "%s", string_from_gstring(logmsg)); return; @@ -771,5 +774,72 @@ expand_bad: goto bad; } + + + +gstring * +authres_dkim(gstring * g) +{ +pdkim_signature * sig; + +for (sig = dkim_signatures; sig; sig = sig->next) + { + g = string_catn(g, US";\\n\\tdkim=", 10); + + if (sig->verify_status & PDKIM_VERIFY_POLICY) + g = string_append(g, 5, + US"policy (", dkim_verify_status, US" - ", dkim_verify_reason, US")"); + else switch(sig->verify_status) + { + case PDKIM_VERIFY_NONE: g = string_cat(g, US"none"); break; + case PDKIM_VERIFY_INVALID: + switch (sig->verify_ext_status) + { + case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: + g = string_cat(g, US"tmperror (pubkey unavailable)"); break; + case PDKIM_VERIFY_INVALID_BUFFER_SIZE: + g = string_cat(g, US"permerror (overlong public key record)"); break; + case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: + case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: + g = string_cat(g, US"neutral (syntax error in public key record)"); + break; + case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: + g = string_cat(g, US"neutral (signature tag missing or invalid)"); + break; + case PDKIM_VERIFY_INVALID_DKIM_VERSION: + g = string_cat(g, US"neutral (unsupported DKIM version)"); + break; + default: + g = string_cat(g, US"permerror (unspecified problem)"); break; + } + break; + case PDKIM_VERIFY_FAIL: + switch (sig->verify_ext_status) + { + case PDKIM_VERIFY_FAIL_BODY: + g = string_cat(g, + US"fail (body hash mismatch; body probably modified in transit)"); + break; + case PDKIM_VERIFY_FAIL_MESSAGE: + g = string_cat(g, + US"fail (signature did not verify; headers probably modified in transit)"); + break; + default: + g = string_cat(g, US"fail (unspecified reason)"); + break; + } + break; + case PDKIM_VERIFY_PASS: g = string_cat(g, US"pass"); break; + default: g = string_cat(g, US"permerror"); break; + } + if (sig->domain) g = string_append(g, 2, US" header.d=", sig->domain); + if (sig->identity) g = string_append(g, 2, US" header.i=", sig->identity); + if (sig->selector) g = string_append(g, 2, US" header.s=", sig->selector); + g = string_append(g, 2, US" header.a=", dkim_sig_to_a_tag(sig)); + } +return g; +} + + # endif /*!MACRO_PREDEF*/ #endif /*!DISABLE_DKIM*/ diff --git a/src/src/expand.c b/src/src/expand.c index c7ebf9870..44e8e1ba0 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -103,6 +103,7 @@ alphabetical order. */ static uschar *item_table[] = { US"acl", + US"authresults", US"certextract", US"dlfunc", US"env", @@ -133,6 +134,7 @@ static uschar *item_table[] = { enum { EITEM_ACL, + EITEM_AUTHRESULTS, EITEM_CERTEXTRACT, EITEM_DLFUNC, EITEM_ENV, @@ -1656,6 +1658,24 @@ return yield; +/* Append an "iprev" element to an Autherntication-Results: header +if we have attempted to get the calling host's name. +*/ + +static gstring * +authres_iprev(gstring * g) +{ +if (sender_host_name) + return string_append(g, 3, US";\\n\\tiprev=pass (", sender_host_name, US")"); +if (host_lookup_deferred) + return string_catn(g, US";\\n\\tiprev=temperror", 21); +if (host_lookup_failed) + return string_catn(g, US";\\n\\tiprev=fail", 15); +return g; +} + + + /************************************************* * Return list of recipients * *************************************************/ @@ -4100,6 +4120,34 @@ while (*s != 0) } } + case EITEM_AUTHRESULTS: + /* ${authresults {mysystemname}} */ + { + uschar *sub_arg[1]; + + switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name, + &resetok)) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + + yield = string_append(yield, 3, + US"Authentication-Results: ", sub_arg[0], US"; none"); + yield->ptr -= 6; + + yield = authres_iprev(yield); + yield = authres_smtpauth(yield); +#ifdef SUPPORT_SPF + yield = authres_spf(yield); +#endif +#ifndef DISABLE_DKIM + yield = authres_dkim(yield); +#endif + continue; + } + /* Handle conditionals - preserve the values of the numerical expansion variables in case they get changed by a regular expression match in the condition. If not, they retain their external settings. At the end diff --git a/src/src/functions.h b/src/src/functions.h index 6dc3e4973..8a45ae48d 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -104,6 +104,14 @@ extern void auth_show_supported(FILE *); extern uschar *auth_xtextencode(uschar *, int); extern int auth_xtextdecode(uschar *, uschar **); +extern gstring *authres_smtpauth(gstring *); +#ifdef SUPPORT_SPF +extern gstring *authres_spf(gstring *); +#endif +#ifndef DISABLE_DKIM +extern gstring *authres_dkim(gstring *); +#endif + extern uschar *b64encode(uschar *, int); extern int b64decode(const uschar *, uschar **); extern int bdat_getc(unsigned); diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 1a7a0c8d0..775581be7 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -57,6 +57,7 @@ #define PDKIM_VERIFY_INVALID 1 #define PDKIM_VERIFY_FAIL 2 #define PDKIM_VERIFY_PASS 3 +#define PDKIM_VERIFY_POLICY BIT(31) #define PDKIM_VERIFY_FAIL_BODY 1 #define PDKIM_VERIFY_FAIL_MESSAGE 2 diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index f54838991..1b7df5c30 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -5743,6 +5743,23 @@ while (done <= 0) return done - 2; /* Convert yield values */ } + + +gstring * +authres_smtpauth(gstring * g) +{ +if (!sender_host_authenticated) + return g; + +g = string_append(g, 4, US";\\n\\tauth=pass" + " (", sender_host_authenticated, US") smtp.auth=", authenticated_id); +if (authenticated_sender) + g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender); +return g; +} + + + /* vi: aw ai sw=2 */ /* End of smtp_in.c */ diff --git a/src/src/spf.c b/src/src/spf.c index 9fdc0baec..a2f93b0ce 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -146,4 +146,16 @@ while ((spf_result_id = string_nextinlist(&list, &sep, NULL, 0))) return FAIL; } + + +gstring * +authres_spf(gstring * g) +{ +if (!spf_result) return g; + +return string_append(g, 4, US";\\n\\tspf=", spf_result, + US" smtp.mailfrom=", expand_string(US"$sender_address_domain")); +} + + #endif diff --git a/test/confs/3403 b/test/confs/3403 index 813b3b941..79fb73fe1 100644 --- a/test/confs/3403 +++ b/test/confs/3403 @@ -7,6 +7,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- acl_smtp_rcpt = accept +acl_smtp_data = accept add_header = :at_start:${authresults {$primary_hostname}} # ----- Authentication ----- diff --git a/test/confs/4500 b/test/confs/4500 index 871e0cd22..a952758ae 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -10,6 +10,7 @@ primary_hostname = myhost.test.ex acl_smtp_rcpt = accept acl_smtp_dkim = check_dkim +acl_smtp_data = accept logwrite = ${authresults {$primary_hostname}} log_selector = +dkim_verbose diff --git a/test/confs/4600 b/test/confs/4600 index d93b683d9..2934bf160 100644 --- a/test/confs/4600 +++ b/test/confs/4600 @@ -17,6 +17,7 @@ check_rcpt: logwrite = spf_header_comment $spf_header_comment logwrite = spf_smtp_comment $spf_smtp_comment logwrite = spf_received $spf_received + logwrite = ${authresults {$primary_hostname}} accept hosts = 127.0.0.1 spf = pass : softfail : neutral @@ -24,11 +25,13 @@ check_rcpt: logwrite = spf_header_comment $spf_header_comment logwrite = spf_smtp_comment $spf_smtp_comment logwrite = spf_received $spf_received + logwrite = ${authresults {$primary_hostname}} deny logwrite = spf_result $spf_result logwrite = spf_header_comment $spf_header_comment logwrite = spf_smtp_comment $spf_smtp_comment logwrite = spf_received $spf_received + logwrite = ${authresults {$primary_hostname}} # End diff --git a/test/log/4500 b/test/log/4500 index 47b81b982..bc4ff5263 100644 --- a/test/log/4500 +++ b/test/log/4500 @@ -3,18 +3,23 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=simple/simple a=rsa-sha1 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=ses header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=ses_sha1 c=simple/simple a=rsa-sha1 b=512 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=ses_sha1 header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmbB-0005vi-00 NOTE: forcing dkim verify fail (was pass) 1999-03-02 09:44:33 10HmbB-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [fail - hash too weak] +1999-03-02 09:44:33 10HmbB-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=policy (fail - hash too weak) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4501 b/test/log/4501 index 482ba917a..b4f8d3a74 100644 --- a/test/log/4501 +++ b/test/log/4501 @@ -3,7 +3,9 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= fail@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4502 b/test/log/4502 index dbbaa7420..b5dcd81c8 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -3,14 +3,18 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=564CFC9B.1040905@yahoo.com 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 PDKIM: d=test.ex s=sel_bad [failed key import] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (syntax error in public key record) header.d=test.ex header.s=sel_bad header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4503 b/test/log/4503 index 2693a947c..3a502a1fe 100644 --- a/test/log/4503 +++ b/test/log/4503 @@ -4,4 +4,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (signature did not verify; headers probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha512 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4504 b/test/log/4504 index b67852209..43389c8a2 100644 --- a/test/log/4504 +++ b/test/log/4504 @@ -4,4 +4,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: validation error: Public key signature verification has failed. 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel2 c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (signature did not verify; headers probably modified in transit) header.d=test.ex header.s=sel2 header.a=rsa-sha512 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4506 b/test/log/4506 index 62cea9db4..55bad6163 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -3,23 +3,29 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: validation error: LONG_LINE 1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: Error during validation, disabling signature verification: LONG_LINE +1999-03-02 09:44:33 10HmbB-0005vi-00 Authentication-Results: myhost.test.ex 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] +1999-03-02 09:44:33 10HmbC-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (unspecified reason) header.d=test.ex header.s=ses_sha256 header.a=rsa-sha1 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmbD-0005vi-00 unknown 1999-03-02 09:44:33 10HmbD-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmbD-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmbD-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid) header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 diff --git a/test/log/4600 b/test/log/4600 index 9c07c1791..3eb81ad43 100644 --- a/test/log/4600 +++ b/test/log/4600 @@ -5,8 +5,10 @@ 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: domain of example.com does not designate ip4.ip4.ip4.ip4 as permitted sender 1999-03-02 09:44:33 spf_smtp_comment Please see http://www.openspf.org/Why?id=a%40example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism 1999-03-02 09:44:33 spf_received Received-SPF: fail (myhost.test.ex: domain of example.com does not designate ip4.ip4.ip4.ip4 as permitted sender) client-ip=ip4.ip4.ip4.ip4; envelope-from=a@example.com; helo=testclient; +1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n\tspf=fail smtp.mailfrom=example.com 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F= rejected RCPT 1999-03-02 09:44:33 spf_result pass 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed. 1999-03-02 09:44:33 spf_smtp_comment 1999-03-02 09:44:33 spf_received Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=b@example.com; helo=testclient; +1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n\tspf=pass smtp.mailfrom=example.com diff --git a/test/mail/3403.userx b/test/mail/3403.userx index d8a0676d6..c344d9b70 100644 --- a/test/mail/3403.userx +++ b/test/mail/3403.userx @@ -1,4 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Authentication-Results: myhost.test.ex; + auth=pass (plain1) smtp.auth=userx Received: from CALLER (helo=testing.ex) by myhost.test.ex with local-esmtpa (Exim x.yz) (envelope-from ) diff --git a/test/stderr/4507 b/test/stderr/4507 index 8a4dd6bff..42dd96980 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -23,4 +23,11 @@ LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 >>> accept: condition test succeeded in ACL "check_dkim" >>> end of ACL "check_dkim": ACCEPT LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] +>>> processing "accept" +>>> check logwrite = Authentication-Results: myhost.test.ex;\n\tdkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 +>>> = Authentication-Results: myhost.test.ex; +>>> dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 +LOG: 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 +>>> accept: condition test succeeded in inline ACL +>>> end of inline ACL: ACCEPT LOG: 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net -- 2.30.2