diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-11-07 19:01:42 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-11-07 19:01:42 +0000 |
commit | a79d883474c84fa2a286b7797a7664b599912fcd (patch) | |
tree | dba2c8be5c8c9f90504ad157c2e2623f142de1a4 | |
parent | ba86e143c7aeb0d70ea4c9d73a617a98f06f6baa (diff) |
DKIM: Allow the DKIM ACL to override verification results. Bug 2186
This provides generic support, though is covers the need introduced
by https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/?include_text=1
(deprecating sha-1 and RSA keys shorter than 1024 bits).
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 17 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 1 | ||||
-rw-r--r-- | src/src/acl.c | 51 | ||||
-rw-r--r-- | src/src/dkim.c | 193 | ||||
-rw-r--r-- | src/src/dkim.h | 2 | ||||
-rw-r--r-- | src/src/expand.c | 4 | ||||
-rw-r--r-- | src/src/globals.c | 2 | ||||
-rw-r--r-- | src/src/globals.h | 2 | ||||
-rw-r--r-- | src/src/receive.c | 9 | ||||
-rw-r--r-- | test/confs/4500 | 16 | ||||
-rw-r--r-- | test/log/4500 | 13 | ||||
-rw-r--r-- | test/log/4501 | 4 | ||||
-rw-r--r-- | test/log/4502 | 8 | ||||
-rw-r--r-- | test/log/4503 | 2 | ||||
-rw-r--r-- | test/log/4506 | 8 | ||||
-rw-r--r-- | test/log/4520 | 17 | ||||
-rw-r--r-- | test/log/4523 | 3 | ||||
-rw-r--r-- | test/log/4524 | 3 | ||||
-rw-r--r-- | test/log/4550 | 2 | ||||
-rw-r--r-- | test/scripts/4500-DKIM/4500 | 38 | ||||
-rw-r--r-- | test/stderr/4507 | 10 |
21 files changed, 281 insertions, 124 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7a0841cb2..98986e032 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -38731,6 +38731,19 @@ available in &%$dkim_verify_reason%&. &%pass%&: The signature passed verification. It is valid. .endlist +.new +This variable can be overwritten using an ACL 'set' modifier. +This might, for instance, be done to enforce a policy restriction on +hash-method or key-size: +.code + warn condition = ${if eq {$dkim_algo}{rsa-sha1}} + condition = ${if eq {$dkim_verify_status}{pass}} + logwrite = NOTE: forcing dkim verify fail (was pass) + set dkim_verify_status = fail + set dkim_verify_reason = hash too weak +.endd +.wen + .vitem &%$dkim_verify_reason%& A string giving a little bit more detail when &%$dkim_verify_status%& is either "fail" or "invalid". One of @@ -38751,6 +38764,10 @@ re-written or otherwise changed in a way which is incompatible with DKIM verification. It may of course also mean that the signature is forged. .endlist +.new +This variable can be overwritten using an ACL 'set' modifier. +.wen + .vitem &%$dkim_domain%& The signing domain. IMPORTANT: This variable is only populated if there is an actual signature in the message for the current domain or identity (as diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 7e6971dde..aa2117e7e 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -55,6 +55,7 @@ Version 4.90 DKIM support for multiple hashes, and for alternate-identity tags. Builtin macro with default list of signed headers. Better syntax for specifying oversigning. + The DKIM ACL can override verification results. 14. Exipick understands -C|--config for an alternative Exim configuration file. diff --git a/src/src/acl.c b/src/src/acl.c index 640989997..739cd91ae 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -852,6 +852,26 @@ while ((s = (*func)()) != NULL) compatibility. */ if (c == ACLC_SET) +#ifndef DISABLE_DKIM + if ( Ustrncmp(s, "dkim_verify_status", 18) == 0 + || Ustrncmp(s, "dkim_verify_reason", 18) == 0) + { + uschar * endptr = s+18; + + if (isalnum(*endptr)) + { + *error = string_sprintf("invalid variable name after \"set\" in ACL " + "modifier \"set %s\" " + "(only \"dkim_verify_status\" or \"dkim_verify_reason\" permitted)", + s); + return NULL; + } + cond->u.varname = string_copyn(s, 18); + s = endptr; + while (isspace(*s)) s++; + } + else +#endif { uschar *endptr; @@ -2899,8 +2919,19 @@ for (; cb != NULL; cb = cb->next) if (cb->type == ACLC_SET) { - debug_printf("acl_%s ", cb->u.varname); - lhswidth += 5 + Ustrlen(cb->u.varname); +#ifndef DISABLE_DKIM + if ( Ustrcmp(cb->u.varname, "dkim_verify_status") == 0 + || Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0) + { + debug_printf("%s ", cb->u.varname); + lhswidth += 19; + } + else +#endif + { + debug_printf("acl_%s ", cb->u.varname); + lhswidth += 5 + Ustrlen(cb->u.varname); + } } debug_printf("= %s\n", cb->arg); @@ -3402,7 +3433,7 @@ for (; cb != NULL; cb = cb->next) #ifndef DISABLE_DKIM case ACLC_DKIM_SIGNER: - if (dkim_cur_signer != NULL) + if (dkim_cur_signer) rc = match_isinlist(dkim_cur_signer, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); else @@ -3410,7 +3441,7 @@ for (; cb != NULL; cb = cb->next) break; case ACLC_DKIM_STATUS: - rc = match_isinlist(dkim_exim_expand_query(DKIM_VERIFY_STATUS), + rc = match_isinlist(dkim_verify_status, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); break; #endif @@ -3609,12 +3640,22 @@ for (; cb != NULL; cb = cb->next) { int old_pool = store_pool; if ( cb->u.varname[0] == 'c' +#ifndef DISABLE_DKIM + || cb->u.varname[0] == 'd' +#endif #ifndef DISABLE_EVENT || event_name /* An event is being delivered */ #endif ) store_pool = POOL_PERM; - acl_var_create(cb->u.varname)->data.ptr = string_copy(arg); +#ifndef DISABLE_DKIM /* Overwriteable dkim result variables */ + if (Ustrcmp(cb->u.varname, "dkim_verify_status") == 0) + dkim_verify_status = string_copy(arg); + else if (Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0) + dkim_verify_reason = string_copy(arg); + else +#endif + acl_var_create(cb->u.varname)->data.ptr = string_copy(arg); store_pool = old_pool; } break; diff --git a/src/src/dkim.c b/src/src/dkim.c index d31cae9c7..9a13e2a80 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -134,67 +134,35 @@ store_pool = dkim_verify_oldpool; } -void -dkim_exim_verify_finish(void) +/* Log the result for the given signature */ +static void +dkim_exim_verify_log_sig(pdkim_signature * sig) { -pdkim_signature * sig = NULL; -int rc; -gstring * g = NULL; -const uschar * errstr; - -store_pool = POOL_PERM; - -/* Delete eventual previous signature chain */ - -dkim_signers = NULL; -dkim_signatures = NULL; - -if (dkim_collect_error) - { - log_write(0, LOG_MAIN, - "DKIM: Error during validation, disabling signature verification: %.100s", - dkim_collect_error); - dkim_disable_verify = TRUE; - goto out; - } - -dkim_collect_input = FALSE; - -/* Finish DKIM operation and fetch link to signatures chain */ - -rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr); -if (rc != PDKIM_OK) - { - log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc), - errstr ? ": " : "", errstr ? errstr : US""); - goto out; - } - -for (sig = dkim_signatures; sig; sig = sig->next) - { - uschar * s; - gstring * logmsg; - - /* Log a line for each signature */ - - if (!(s = sig->domain)) s = US"<UNSET>"; - logmsg = string_append(NULL, 2, "d=", s); - if (!(s = sig->selector)) s = US"<UNSET>"; - logmsg = string_append(logmsg, 2, " s=", s); - logmsg = string_append(logmsg, 7, - " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - " a=", dkim_sig_to_a_tag(sig), - string_sprintf(" b=" SIZE_T_FMT, - (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0)); - if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s); - if (sig->created > 0) logmsg = string_cat(logmsg, - string_sprintf(" t=%lu", sig->created)); - if (sig->expires > 0) logmsg = string_cat(logmsg, - string_sprintf(" x=%lu", sig->expires)); - if (sig->bodylength > -1) logmsg = string_cat(logmsg, - string_sprintf(" l=%lu", sig->bodylength)); - +gstring * logmsg = string_catn(NULL, "DKIM: ", 6); +uschar * s; + +if (!(s = sig->domain)) s = US"<UNSET>"; +logmsg = string_append(logmsg, 2, "d=", s); +if (!(s = sig->selector)) s = US"<UNSET>"; +logmsg = string_append(logmsg, 2, " s=", s); +logmsg = string_append(logmsg, 7, +" c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", +"/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", +" a=", dkim_sig_to_a_tag(sig), +string_sprintf(" b=" SIZE_T_FMT, + (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0)); +if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s); +if (sig->created > 0) logmsg = string_cat(logmsg, + string_sprintf(" t=%lu", sig->created)); +if (sig->expires > 0) logmsg = string_cat(logmsg, + string_sprintf(" x=%lu", sig->expires)); +if (sig->bodylength > -1) logmsg = string_cat(logmsg, + string_sprintf(" l=%lu", sig->bodylength)); + +if ( !dkim_verify_status + || ( dkim_verify_status == dkim_exim_expand_query(DKIM_VERIFY_STATUS) + && dkim_verify_reason == dkim_exim_expand_query(DKIM_VERIFY_REASON) + ) ) switch (sig->verify_status) { case PDKIM_VERIFY_NONE: @@ -207,7 +175,7 @@ for (sig = dkim_signatures; sig; sig = sig->next) { case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: logmsg = string_cat(logmsg, - "public key record (currently?) unavailable]"); + "public key record (currently?) unavailable]"); break; case PDKIM_VERIFY_INVALID_BUFFER_SIZE: @@ -219,13 +187,13 @@ for (sig = dkim_signatures; sig; sig = sig->next) logmsg = string_cat(logmsg, "syntax error in public key record]"); break; - case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: - logmsg = string_cat(logmsg, "signature tag missing or invalid]"); - break; + case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: + logmsg = string_cat(logmsg, "signature tag missing or invalid]"); + break; - case PDKIM_VERIFY_INVALID_DKIM_VERSION: - logmsg = string_cat(logmsg, "unsupported DKIM version]"); - break; + case PDKIM_VERIFY_INVALID_DKIM_VERSION: + logmsg = string_cat(logmsg, "unsupported DKIM version]"); + break; default: logmsg = string_cat(logmsg, "unspecified problem]"); @@ -233,8 +201,7 @@ for (sig = dkim_signatures; sig; sig = sig->next) break; case PDKIM_VERIFY_FAIL: - logmsg = - string_cat(logmsg, " [verification failed - "); + logmsg = string_cat(logmsg, " [verification failed - "); switch (sig->verify_ext_status) { case PDKIM_VERIFY_FAIL_BODY: @@ -256,18 +223,74 @@ for (sig = dkim_signatures; sig; sig = sig->next) logmsg = string_cat(logmsg, " [verification succeeded]"); break; } +else + logmsg = string_append(logmsg, 5, + US" [", dkim_verify_status, US" - ", dkim_verify_reason, US"]"); + +log_write(0, LOG_MAIN, string_from_gstring(logmsg)); +return; +} + + +/* Log a line for "the current" signature */ +void +dkim_exim_verify_log_item(void) +{ +dkim_exim_verify_log_sig(dkim_cur_sig); +} + + +/* Log a line for each signature */ +void +dkim_exim_verify_log_all(void) +{ +pdkim_signature * sig; +for (sig = dkim_signatures; sig; sig = sig->next) dkim_exim_verify_log_sig(sig); +} - log_write(0, LOG_MAIN, "DKIM: %s", string_from_gstring(logmsg)); - /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ +void +dkim_exim_verify_finish(void) +{ +pdkim_signature * sig; +int rc; +gstring * g = NULL; +const uschar * errstr; - if (sig->domain) - g = string_append_listele(g, ':', sig->domain); +store_pool = POOL_PERM; - if (sig->identity) - g = string_append_listele(g, ':', sig->identity); +/* Delete eventual previous signature chain */ - /* Process next signature */ +dkim_signers = NULL; +dkim_signatures = NULL; + +if (dkim_collect_error) + { + log_write(0, LOG_MAIN, + "DKIM: Error during validation, disabling signature verification: %.100s", + dkim_collect_error); + dkim_disable_verify = TRUE; + goto out; + } + +dkim_collect_input = FALSE; + +/* Finish DKIM operation and fetch link to signatures chain */ + +rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr); +if (rc != PDKIM_OK) + { + log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc), + errstr ? ": " : "", errstr ? errstr : US""); + goto out; + } + +/* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ + +for (sig = dkim_signatures; sig; sig = sig->next) + { + if (sig->domain) g = string_append_listele(g, ':', sig->domain); + if (sig->identity) g = string_append_listele(g, ':', sig->identity); } if (g) dkim_signers = g->s; @@ -309,6 +332,12 @@ for (sig = dkim_signatures; sig; sig = sig->next) dkim_signing_domain = US sig->domain; dkim_signing_selector = US sig->selector; dkim_key_length = sig->sighash.len * 8; + + /* These two return static strings, so we can compare the addr + later to see if the ACL overwrote them. Check that when logging */ + + dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS); + dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON); return; } } @@ -365,12 +394,12 @@ switch (what) } case DKIM_CANON_HEADERS: - switch (dkim_cur_sig->canon_headers) - { - case PDKIM_CANON_RELAXED: return US"relaxed"; - case PDKIM_CANON_SIMPLE: - default: return US"simple"; - } + switch (dkim_cur_sig->canon_headers) + { + case PDKIM_CANON_RELAXED: return US"relaxed"; + case PDKIM_CANON_SIMPLE: + default: return US"simple"; + } case DKIM_COPIEDHEADERS: return dkim_cur_sig->copiedheaders diff --git a/src/src/dkim.h b/src/src/dkim.h index 735a1162a..f32aa6635 100644 --- a/src/src/dkim.h +++ b/src/src/dkim.h @@ -10,6 +10,8 @@ gstring * dkim_exim_sign(int, off_t, uschar *, struct ob_dkim *, const uschar ** void dkim_exim_verify_init(BOOL); void dkim_exim_verify_feed(uschar *, int); void dkim_exim_verify_finish(void); +void dkim_exim_verify_log_item(void); +void dkim_exim_verify_log_all(void); void dkim_exim_acl_setup(uschar *); uschar *dkim_exim_expand_query(int); diff --git a/src/src/expand.c b/src/src/expand.c index 782467ff7..f44ddf8b8 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -508,8 +508,8 @@ static var_entry var_table[] = { { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING }, { "dkim_selector", vtype_stringptr, &dkim_signing_selector }, { "dkim_signers", vtype_stringptr, &dkim_signers }, - { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON }, - { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS}, + { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason }, + { "dkim_verify_status", vtype_stringptr, &dkim_verify_status }, #endif #ifdef EXPERIMENTAL_DMARC { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header }, diff --git a/src/src/globals.c b/src/src/globals.c index 2a53835e9..5df84bd10 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -668,6 +668,8 @@ uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; uschar *dkim_verify_signers = US"$dkim_signers"; +uschar *dkim_verify_status = NULL; +uschar *dkim_verify_reason = NULL; #endif #ifdef EXPERIMENTAL_DMARC BOOL dmarc_has_been_checked = FALSE; diff --git a/src/src/globals.h b/src/src/globals.h index 62336c275..37d4cada3 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -393,6 +393,8 @@ extern uschar *dkim_signers; /* Expansion variable, holds colon-separa extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */ extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for each of which we call the DKIM ACL */ +extern uschar *dkim_verify_status; /* result for this signature */ +extern uschar *dkim_verify_reason; /* result for this signature */ #endif #ifdef EXPERIMENTAL_DMARC extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */ diff --git a/src/src/receive.c b/src/src/receive.c index 31402925d..f181f1a51 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3405,8 +3405,8 @@ else else { int sep = 0; - const uschar *ptr = dkim_verify_signers_expanded; - uschar *item = NULL; + const uschar * ptr = dkim_verify_signers_expanded; + uschar * item = NULL; gstring * seen_items = NULL; /* Default to OK when no items are present */ @@ -3452,6 +3452,7 @@ else dkim_exim_acl_setup(item); rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg); + dkim_exim_verify_log_item(); if (rc != OK) { @@ -3467,7 +3468,7 @@ else { recipients_count = 0; blackholed_by = US"DKIM ACL"; - if (log_msg != NULL) + if (log_msg) blackhole_log_msg = string_sprintf(": %s", log_msg); } else if (rc != OK) @@ -3481,6 +3482,8 @@ else } } } + else + dkim_exim_verify_log_all(); } #endif /* DISABLE_DKIM */ diff --git a/test/confs/4500 b/test/confs/4500 index bf4f1f6ad..f2e44beff 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -9,9 +9,23 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- acl_smtp_rcpt = accept -acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length +acl_smtp_dkim = check_dkim queue_only queue_run_in_order + +begin acl + +check_dkim: +.ifdef OPTION + warn condition = ${if eq {$dkim_algo}{rsa-sha1}} + condition = ${if eq {$dkim_verify_status}{pass}} + logwrite = NOTE: forcing dkim verify fail (was pass) + set dkim_verify_status = fail + set dkim_verify_reason = hash too weak +.endif + accept + logwrite = signer: $dkim_cur_signer bits: $dkim_key_length + # End diff --git a/test/log/4500 b/test/log/4500 index ec8ef088e..347e03683 100644 --- a/test/log/4500 +++ b/test/log/4500 @@ -1,15 +1,20 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=simple/simple a=rsa-sha1 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=simple/simple a=rsa-sha1 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=ses_sha1 c=simple/simple a=rsa-sha1 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=ses_sha1 c=simple/simple a=rsa-sha1 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbB-0005vi-00 NOTE: forcing dkim verify fail (was pass) +1999-03-02 09:44:33 10HmbB-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [fail - hash too weak] +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4501 b/test/log/4501 index 153f6f242..654431459 100644 --- a/test/log/4501 +++ b/test/log/4501 @@ -1,9 +1,9 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= fail@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4502 b/test/log/4502 index b7e4a8ddd..9aef5cb30 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -1,15 +1,15 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4503 b/test/log/4503 index 7ec93a1f5..55374fa33 100644 --- a/test/log/4503 +++ b/test/log/4503 @@ -1,6 +1,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha512 b=1024 [verification failed - signature did not verify (headers probably modified in transit)] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4506 b/test/log/4506 index 027169df0..07b3ee8ce 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -1,18 +1,18 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: validation error: RSA_LONG_LINE 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] 1999-03-02 09:44:33 10HmbB-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmbB-0005vi-00 DKIM: d=test.ex s=ses_sha256 c=simple/simple a=rsa-sha1 b=512 [verification failed - unspecified reason] 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4520 b/test/log/4520 index 7bee5d786..4617326db 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -26,51 +26,52 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <b@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <b10@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=X-mine:X-mine:From +1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <b12@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbG-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbG-0005vi-00 signer: test.ex bits: 1024 h=X-Mine +1999-03-02 09:44:33 10HmbG-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbF-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbG-0005vi-00 => :blackhole: <b20@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbI-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbI-0005vi-00 signer: test.ex bits: 1024 h=X-mine:X-mine:X-Mine +1999-03-02 09:44:33 10HmbI-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbH-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: <b22@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbK-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmbK-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbK-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmbK-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbK-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbJ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbK-0005vi-00 => :blackhole: <c@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbM-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbM-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbM-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbL-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: <d@test.ex> R=server_dump 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed diff --git a/test/log/4523 b/test/log/4523 index 5c07fa5a2..92bf9478f 100644 --- a/test/log/4523 +++ b/test/log/4523 @@ -5,9 +5,10 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/4524 b/test/log/4524 index e0dde322a..f6e75458f 100644 --- a/test/log/4524 +++ b/test/log/4524 @@ -5,9 +5,8 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 h=From:To:Subject +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <c@test.ex> R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/4550 b/test/log/4550 index 0d826ab32..bbe9841c0 100644 --- a/test/log/4550 +++ b/test/log/4550 @@ -8,8 +8,8 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<baduser@test.ex> refusal 1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<okuser@test.ex> acceptance 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/scripts/4500-DKIM/4500 b/test/scripts/4500-DKIM/4500 index 6b3ff5fcf..3999d4988 100644 --- a/test/scripts/4500-DKIM/4500 +++ b/test/scripts/4500-DKIM/4500 @@ -136,5 +136,43 @@ QUIT # # killdaemon +# +# A verifier that refuses sha1 +exim -DSERVER=server -DOPTION -bd -oX PORT_D +**** +# +# This should fail despite being a passing submission above (with the unlimited verifier). +# - sha1, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b= + PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8 + 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo + 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI= +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: <qwerty1234@disco-zombie.net> +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +killdaemon +# no_stdout_check no_msglog_check diff --git a/test/stderr/4507 b/test/stderr/4507 index 1df9537ea..4a5d4d2fa 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -13,10 +13,12 @@ >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) -LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] +>>> using ACL "check_dkim" >>> processing "accept" ->>> check logwrite = signer: test.ex bits: 1024 +>>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length +>>> = signer: test.ex bits: 1024 LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 ->>> accept: condition test succeeded in inline ACL ->>> end of inline ACL: ACCEPT +>>> accept: condition test succeeded in ACL "check_dkim" +>>> end of ACL "check_dkim": ACCEPT +LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] LOG: 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net |