From: Jeremy Harris Date: Sat, 6 Jan 2018 14:48:35 +0000 (+0000) Subject: Logging: disable the verbose DKIM verification line by default; add a tag to <= lines. X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/2c47372fad0f829ddfa29d04095f57a70206469c Logging: disable the verbose DKIM verification line by default; add a tag to <= lines. New log_selector controls "dkim" and "dkim_verbose". --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 844178fca..aa6da73d3 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -36058,6 +36058,7 @@ the following table: &` `& command list for &"no mail in SMTP session"& &`CV `& certificate verification status &`D `& duration of &"no mail in SMTP session"& +&`DKIM`& domain verified in incoming message &`DN `& distinguished name from peer certificate &`DS `& DNSSEC secured lookups &`DT `& on &`=>`& lines: time taken for a delivery @@ -36127,6 +36128,12 @@ A delivery set up by a router configured with .endd failed. The delivery was discarded. .endlist olist +.next +.new +.cindex DKIM "log line" +&'DKIM: d='&&~&~Verbose results of a DKIM verification attempt, if enabled for +logging and the message has a DKIM signature header. +.wen .endlist ilist @@ -36154,6 +36161,8 @@ selection marked by asterisks: &`*delay_delivery `& immediate delivery delayed &` deliver_time `& time taken to perform delivery &` delivery_size `& add &`S=`&&'nnn'& to => lines +&`*dkim `& DKIM verified domain on <= lines +&` dkim_verbose `& separate full DKIM verification result line, per signature &`*dnslist_defer `& defers of DNS list (aka RBL) lookups &` dnssec `& DNSSEC secured lookups &`*etrn `& ETRN commands @@ -36260,6 +36269,17 @@ precision, eg. &`DT=0.304`&. &%delivery_size%&: For each delivery, the size of message delivered is added to the &"=>"& line, tagged with S=. .next +.new +.cindex log "DKIM verification" +.cindex DKIM "verification logging" +&%dkim%&: For message acceptance log lines, when an DKIM signture in the header +verifies successfully a tag of DKIM is added, with one of the verified domains. +.next +.cindex log "DKIM verification" +.cindex DKIM "verification logging" +&%dkim_verbose%&: A log entry is written for each attempted DKIM verification. +.wen +.next .cindex "log" "dnslist defer" .cindex "DNS list" "logging defer" .cindex "black list (DNS)" diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index cfa44b713..15722e114 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -20,6 +20,11 @@ Version 4.91 4. SPF support is promoted from Experimental to mainline status. The template src/EDITME makefile does not enable its inclusion. + 5 Logging control for DKIM verification. The existing DKIM log line is + controlled by a "dkim_verbose" selector which is _not_ enabled by default. + A new tag "DKIM=" is added to <= lines by default, controlled by + a "dkim" log_selector. + Version 4.90 ------------ diff --git a/src/src/dkim.c b/src/src/dkim.c index 9731a63d9..746a7a6b7 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -146,6 +146,15 @@ uschar * s; if (!sig) return; +if ( !dkim_verify_overall + && dkim_verify_status + ? Ustrcmp(dkim_verify_status, US"pass") == 0 + : sig->verify_status == PDKIM_VERIFY_PASS + ) + dkim_verify_overall = string_copy(sig->domain); + +if (!LOGGING(dkim_verbose)) return; + logmsg = string_catn(NULL, US"DKIM: ", 6); if (!(s = sig->domain)) s = US""; logmsg = string_append(logmsg, 2, "d=", s); diff --git a/src/src/globals.c b/src/src/globals.c index 346bb0744..303c8025c 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -667,6 +667,7 @@ int dkim_key_length = 0; uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; +uschar *dkim_verify_overall = NULL; uschar *dkim_verify_signers = US"$dkim_signers"; uschar *dkim_verify_status = NULL; uschar *dkim_verify_reason = NULL; @@ -858,6 +859,7 @@ int log_default[] = { /* for initializing log_selector */ Li_acl_warn_skipped, Li_connection_reject, Li_delay_delivery, + Li_dkim, Li_dnslist_defer, Li_etrn, Li_host_lookup_failed, @@ -892,6 +894,10 @@ bit_table log_options[] = { /* must be in alphabetical order */ BIT_TABLE(L, delay_delivery), BIT_TABLE(L, deliver_time), BIT_TABLE(L, delivery_size), +#ifndef DISABLE_DKIM + BIT_TABLE(L, dkim), + BIT_TABLE(L, dkim_verbose), +#endif BIT_TABLE(L, dnslist_defer), BIT_TABLE(L, dnssec), BIT_TABLE(L, etrn), @@ -904,7 +910,7 @@ bit_table log_options[] = { /* must be in alphabetical order */ BIT_TABLE(L, outgoing_interface), BIT_TABLE(L, outgoing_port), BIT_TABLE(L, pid), -#if defined(SUPPORT_PROXY) || defined (SUPPORT_SOCKS) +#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS) BIT_TABLE(L, proxy), #endif BIT_TABLE(L, queue_run), diff --git a/src/src/globals.h b/src/src/globals.h index 0c1b6ccbc..1715a3df5 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -392,6 +392,7 @@ extern int dkim_key_length; /* Expansion variable, length of signing extern uschar *dkim_signers; /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */ extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */ extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */ +extern uschar *dkim_verify_overall; /* First successful domain verified, or null */ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for each of which we call the DKIM ACL */ extern uschar *dkim_verify_status; /* result for this signature */ extern uschar *dkim_verify_reason; /* result for this signature */ diff --git a/src/src/macros.h b/src/src/macros.h index 764c65b8d..20e345573 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -459,6 +459,8 @@ enum { Li_arguments, Li_deliver_time, Li_delivery_size, + Li_dkim, + Li_dkim_verbose, Li_dnssec, Li_ident_timeout, Li_incoming_interface, diff --git a/src/src/receive.c b/src/src/receive.c index 84552dc1c..d79b282fb 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3984,6 +3984,11 @@ if (LOGGING(8bitmime)) g = string_append(g, 2, US" M8S=", big_buffer); } +#ifndef DISABLE_DKIM +if (LOGGING(dkim) && dkim_verify_overall) + g = string_append(g, 2, US" DKIM=", dkim_verify_overall); +#endif + if (*queue_name) g = string_append(g, 2, US" Q=", queue_name); diff --git a/test/confs/0900 b/test/confs/0900 index e02380f73..9a856899a 100644 --- a/test/confs/0900 +++ b/test/confs/0900 @@ -26,7 +26,12 @@ acl_smtp_data = check_data trusted_users = CALLER queue_only smtp_receive_timeout = 2s + +.ifdef _HAVE_DKIM +log_selector = +received_recipients +dkim_verbose +.else log_selector = +received_recipients +.endif .ifdef _OPT_MAIN_TLS_CERTIFICATE tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} diff --git a/test/confs/0906 b/test/confs/0906 index 0c7b83d5e..8bb0a9e26 100644 --- a/test/confs/0906 +++ b/test/confs/0906 @@ -19,7 +19,13 @@ primary_hostname = testhost.test.ex domainlist local_domains = @ : test.ex acl_smtp_rcpt = acl_r + +.ifdef _HAVE_DKIM +log_selector = +received_recipients +dkim_verbose +.else log_selector = +received_recipients +.endif + .ifdef _OPT_MAIN_TLS_CERTIFICATE tls_certificate = DIR/aux-fixed/cert1 diff --git a/test/confs/4500 b/test/confs/4500 index b53dff5b7..871e0cd22 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -11,6 +11,8 @@ primary_hostname = myhost.test.ex acl_smtp_rcpt = accept acl_smtp_dkim = check_dkim +log_selector = +dkim_verbose + queue_only queue_run_in_order @@ -28,7 +30,10 @@ check_dkim: set dkim_verify_status = fail set dkim_verify_reason = hash too weak .endif - accept + warn logwrite = signer: $dkim_cur_signer bits: $dkim_key_length +.ifndef STRICT + accept +.endif # End diff --git a/test/confs/4520 b/test/confs/4520 index 3127d13b3..8515d050d 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -18,6 +18,7 @@ dkim_verify_signers = $dkim_signers : FAKE DDIR=DIR/aux-fixed/dkim +log_selector = -dkim +dkim_verbose # ----- Routers diff --git a/test/confs/4550 b/test/confs/4550 index 3693d89a6..15178f363 100644 --- a/test/confs/4550 +++ b/test/confs/4550 @@ -14,6 +14,7 @@ acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_lengt acl_smtp_data_prdr = accept local_parts = okuser prdr_enable +log_selector = +dkim_verbose # ----- Routers diff --git a/test/log/4500 b/test/log/4500 index 347e03683..47b81b982 100644 --- a/test/log/4500 +++ b/test/log/4500 @@ -3,16 +3,16 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=simple/simple a=rsa-sha1 b=512 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 512 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=ses_sha1 c=simple/simple a=rsa-sha1 b=512 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmbB-0005vi-00 NOTE: forcing dkim verify fail (was pass) 1999-03-02 09:44:33 10HmbB-0005vi-00 signer: test.ex bits: 1024 diff --git a/test/log/4501 b/test/log/4501 index 654431459..482ba917a 100644 --- a/test/log/4501 +++ b/test/log/4501 @@ -3,7 +3,7 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= fail@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4502 b/test/log/4502 index 9aef5cb30..efe78d2f0 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -3,13 +3,13 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=564CFC9B.1040905@yahoo.com 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4506 b/test/log/4506 index 995dbde98..1c39568c0 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -1,23 +1,27 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: validation error: RSA_LONG_LINE -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbB-0005vi-00 signer: test.ex bits: 512 -1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: validation error: RSA_LONG_LINE +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbC-0005vi-00 unknown -1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 0 -1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbD-0005vi-00 unknown +1999-03-02 09:44:33 10HmbD-0005vi-00 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmbD-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaX-0005vi-00 H=(xxx) [127.0.0.1] rejected DKIM diff --git a/test/log/4521 b/test/log/4521 index 3eaa19eb0..9424b8ba9 100644 --- a/test/log/4521 +++ b/test/log/4521 @@ -8,6 +8,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex diff --git a/test/log/4522 b/test/log/4522 index c0b414b02..abbf1c486 100644 --- a/test/log/4522 +++ b/test/log/4522 @@ -2,6 +2,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net for a@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net for a@test.ex diff --git a/test/log/4530 b/test/log/4530 index f4ff0117c..519119688 100644 --- a/test/log/4530 +++ b/test/log/4530 @@ -9,13 +9,13 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 port 1225 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp S=sss for z@test.ex 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss for z@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex for z@test.ex 1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL 1999-03-02 09:44:33 10HmaZ-0005vi-00 => z@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 6nn byte chunk, total 6nn\\n250 OK id=10HmaX-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss for y@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss for y@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss DKIM=test.ex for y@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 no immediate delivery: queued by ACL 1999-03-02 09:44:33 10HmbA-0005vi-00 => y@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 6nn byte chunk, total 6nn\\n250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/4550 b/test/log/4550 index bbe9841c0..05d1dea5a 100644 --- a/test/log/4550 +++ b/test/log/4550 @@ -12,7 +12,7 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= refusal 1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= acceptance -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss DKIM=test.ex id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/rejectlog/4506 b/test/rejectlog/4506 new file mode 100644 index 000000000..2d843ee52 --- /dev/null +++ b/test/rejectlog/4506 @@ -0,0 +1,17 @@ + +******** SERVER ******** +1999-03-02 09:44:33 10HmaX-0005vi-00 H=(xxx) [127.0.0.1] rejected DKIM +Envelope-from: +Envelope-to: +P Received: from [127.0.0.1] (helo=xxx) + by myhost.test.ex with smtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 + DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; +F From: mrgus@text.ex +T To: bakawolf@yahoo.com + Date: Tue, 2 Mar 1999 09:44:33 +0000 +I Message-ID: + Subject: simple test diff --git a/test/scripts/4500-DKIM/4506 b/test/scripts/4500-DKIM/4506 index 4499315d2..1f4a9d60a 100644 --- a/test/scripts/4500-DKIM/4506 +++ b/test/scripts/4500-DKIM/4506 @@ -204,5 +204,41 @@ QUIT # # killdaemon +# +# +# A deny return from the dkim ACL should reject the message +exim -DSERVER=server -DSTRICT=y -bd -oX PORT_D +**** +# This should fail verify (missing header hash in sig header) +# - sha1, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: +Subject: simple test + +This is a simple test. +. +??? 550 +QUIT +??? 221 +**** +# +# +killdaemon no_stdout_check no_msglog_check diff --git a/test/stderr/4507 b/test/stderr/4507 index 4a5d4d2fa..56fe4e977 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -21,4 +21,4 @@ LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 >>> accept: condition test succeeded in ACL "check_dkim" >>> end of ACL "check_dkim": ACCEPT LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] -LOG: 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +LOG: 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net