summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt7
-rw-r--r--src/src/dkim.c19
-rw-r--r--test/confs/45203
-rw-r--r--test/log/45208
-rw-r--r--test/scripts/4500-DKIM/45207
-rw-r--r--test/stderr/45074
6 files changed, 39 insertions, 9 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index aa6da73d3..b6d283b95 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -38579,7 +38579,8 @@ The domain(s) you want to sign with.
After expansion, this can be a list.
Each element in turn is put into the &%$dkim_domain%& expansion variable
while expanding the remaining signing options.
-If it is empty after expansion, DKIM signing is not done.
+If it is empty after expansion, DKIM signing is not done,
+and no error will result even if &%dkim_strict%& is set.
.option dkim_selector smtp string list&!! unset
This sets the key selector string.
@@ -38587,7 +38588,8 @@ After expansion, which can use &$dkim_domain$&, this can be a list.
Each element in turn is put in the expansion
variable &%$dkim_selector%& which may be used in the &%dkim_private_key%&
option along with &%$dkim_domain%&.
-If the option is empty after expansion, DKIM signing is not done for this domain.
+If the option is empty after expansion, DKIM signing is not done for this domain,
+and no error will result even if &%dkim_strict%& is set.
.option dkim_private_key smtp string&!! unset
This sets the private key to use.
@@ -38604,7 +38606,6 @@ be "0", "false" or the empty string, in which case the message will not
be signed. This case will not result in an error, even if &%dkim_strict%&
is set.
.endlist
-If the option is empty after expansion, DKIM signing is not done.
.option dkim_hash smtp string&!! sha256
Can be set alternatively to &"sha1"& to use an alternate hash
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 746a7a6b7..8c03d48ce 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -540,8 +540,12 @@ switch (what)
}
-/* Generate signatures for the given file, returning a string.
+/* Generate signatures for the given file.
If a prefix is given, prepend it to the file for the calculations.
+
+Return:
+ NULL: error; error string written
+ string: signature header(s), or a zero-length string (not an error)
*/
gstring *
@@ -711,9 +715,15 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, NULL, 0)))
}
}
}
+if (!ctx.sig)
+ {
+ DEBUG(D_transport) debug_printf("DKIM: no viable signatures to use\n");
+ sigbuf = string_get(1); /* return a zero-len string */
+ goto CLEANUP;
+ }
-if (prefix)
- pdkim_feed(&ctx, prefix, Ustrlen(prefix));
+if (prefix && (pdkim_feed(&ctx, prefix, Ustrlen(prefix))) != PDKIM_OK)
+ goto pk_bad;
if (lseek(fd, off, SEEK_SET) < 0)
sread = -1;
@@ -738,9 +748,8 @@ if ((pdkim_rc = pdkim_feed_finish(&ctx, &sig, errstr)) != PDKIM_OK)
for (sigbuf = NULL; sig; sig = sig->next)
sigbuf = string_append(sigbuf, 2, US sig->signature_header, US"\r\n");
-(void) string_from_gstring(sigbuf);
-
CLEANUP:
+ (void) string_from_gstring(sigbuf);
store_pool = old_pool;
errno = save_errno;
return sigbuf;
diff --git a/test/confs/4520 b/test/confs/4520
index 8515d050d..9092c74dc 100644
--- a/test/confs/4520
+++ b/test/confs/4520
@@ -62,5 +62,8 @@ send_to_server:
.ifdef VALUE
dkim_hash = VALUE
.endif
+.ifdef STRICT
+ dkim_strict = STRICT
+.endif
# End
diff --git a/test/log/4520 b/test/log/4520
index 4a6502bb6..593cd6692 100644
--- a/test/log/4520
+++ b/test/log/4520
@@ -22,6 +22,9 @@
1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbL-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00"
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbN-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
@@ -83,3 +86,8 @@
1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbL-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: <d@test.ex> R=server_dump
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
+1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbO-0005vi-00 data acl: dkim status
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbN-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <a@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
diff --git a/test/scripts/4500-DKIM/4520 b/test/scripts/4500-DKIM/4520
index 1bc4c6030..406db39a5 100644
--- a/test/scripts/4500-DKIM/4520
+++ b/test/scripts/4500-DKIM/4520
@@ -65,6 +65,13 @@ From: nobody@example.com
content
****
#
+# check that an empty dkim_privatekey overrides dkim_strict
+exim -DOPT=From -DSTRICT=true -DSELECTOR=none -odf a@test.ex
+From: nobody@example.com
+
+content
+****
+#
millisleep 500
killdaemon
no_msglog_check
diff --git a/test/stderr/4507 b/test/stderr/4507
index 56fe4e977..8a4dd6bff 100644
--- a/test/stderr/4507
+++ b/test/stderr/4507
@@ -14,10 +14,12 @@
>>> end of inline ACL: ACCEPT
>>> host in ignore_fromline_hosts? no (option unset)
>>> using ACL "check_dkim"
->>> processing "accept"
+>>> processing "warn"
>>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
>>> = signer: test.ex bits: 1024
LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024
+>>> warn: condition test succeeded in ACL "check_dkim"
+>>> processing "accept"
>>> accept: condition test succeeded in ACL "check_dkim"
>>> end of ACL "check_dkim": ACCEPT
LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded]