Logging: disable the verbose DKIM verification line by default; add a tag to <= lines.

New log_selector controls "dkim" and "dkim_verbose".

5 files changed, 24 insertions, 1 deletions

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 9731a63d9..746a7a6b7 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -146,6 +146,15 @@ uschar * s;
 
 if (!sig) return;
 
+if (  !dkim_verify_overall
+   && dkim_verify_status
+      ? Ustrcmp(dkim_verify_status, US"pass") == 0
+      : sig->verify_status == PDKIM_VERIFY_PASS
+   )
+  dkim_verify_overall = string_copy(sig->domain);
+
+if (!LOGGING(dkim_verbose)) return;
+
 logmsg = string_catn(NULL, US"DKIM: ", 6);
 if (!(s = sig->domain)) s = US"<UNSET>";
 logmsg = string_append(logmsg, 2, "d=", s);
diff --git a/src/src/globals.c b/src/src/globals.c
index 346bb0744..303c8025c 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -667,6 +667,7 @@ int     dkim_key_length          = 0;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
 uschar *dkim_verify_status	 = NULL;
 uschar *dkim_verify_reason	 = NULL;
@@ -858,6 +859,7 @@ int     log_default[]          = { /* for initializing log_selector */
   Li_acl_warn_skipped,
   Li_connection_reject,
   Li_delay_delivery,
+  Li_dkim,
   Li_dnslist_defer,
   Li_etrn,
   Li_host_lookup_failed,
@@ -892,6 +894,10 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, delay_delivery),
   BIT_TABLE(L, deliver_time),
   BIT_TABLE(L, delivery_size),
+#ifndef DISABLE_DKIM
+  BIT_TABLE(L, dkim),
+  BIT_TABLE(L, dkim_verbose),
+#endif
   BIT_TABLE(L, dnslist_defer),
   BIT_TABLE(L, dnssec),
   BIT_TABLE(L, etrn),
@@ -904,7 +910,7 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, outgoing_interface),
   BIT_TABLE(L, outgoing_port),
   BIT_TABLE(L, pid),
-#if defined(SUPPORT_PROXY) || defined (SUPPORT_SOCKS)
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
   BIT_TABLE(L, proxy),
 #endif
   BIT_TABLE(L, queue_run),
diff --git a/src/src/globals.h b/src/src/globals.h
index 0c1b6ccbc..1715a3df5 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -392,6 +392,7 @@ extern int     dkim_key_length;        /* Expansion variable, length of signing
 extern uschar *dkim_signers;           /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */
 extern uschar *dkim_signing_domain;    /* Expansion variable, domain used for signing a message. */
 extern uschar *dkim_signing_selector;  /* Expansion variable, selector used for signing a message. */
+extern uschar *dkim_verify_overall;    /* First successful domain verified, or null */
 extern uschar *dkim_verify_signers;    /* Colon-separated list of domains for each of which we call the DKIM ACL */
 extern uschar *dkim_verify_status;     /* result for this signature */
 extern uschar *dkim_verify_reason;     /* result for this signature */
diff --git a/src/src/macros.h b/src/src/macros.h
index 764c65b8d..20e345573 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -459,6 +459,8 @@ enum {
   Li_arguments,
   Li_deliver_time,
   Li_delivery_size,
+  Li_dkim,
+  Li_dkim_verbose,
   Li_dnssec,
   Li_ident_timeout,
   Li_incoming_interface,
diff --git a/src/src/receive.c b/src/src/receive.c
index 84552dc1c..d79b282fb 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3984,6 +3984,11 @@ if (LOGGING(8bitmime))
   g = string_append(g, 2, US" M8S=", big_buffer);
   }
 
+#ifndef DISABLE_DKIM
+if (LOGGING(dkim) && dkim_verify_overall)
+  g = string_append(g, 2, US" DKIM=", dkim_verify_overall);
+#endif
+
 if (*queue_name)
   g = string_append(g, 2, US" Q=", queue_name);