From ca5c132adacf024c8140446b7cb402dd923bc4c3 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 26 Mar 2018 15:59:25 +0100 Subject: ARC: cutthrough delivery may not be used with ARC signing --- doc/doc-txt/ChangeLog | 1 + doc/doc-txt/experimental-spec.txt | 4 ++++ src/src/verify.c | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9a05c3471..61fd30bf8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -163,6 +163,7 @@ PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset, JH/34 Re-introduce enforcement of no cutthrough delivery on transports having transport-filters or DKIM-signing. The restriction was lost in the consolidation of verify-callout and delivery SMTP handling. + Extend the restriction to also cover ARC-signing. Exim version 4.90 diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 0828e9b67..4e8e59148 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -819,6 +819,10 @@ Caveats: should try to stick to one ADMD, so pick a primary domain and use that for AR headers and outbound signing. +Signing is not compatible with cutthrough delivery; any (before expansion) +value set for the option will result in cutthrough delivery not being +used via the transport in question. + -------------------------------------------------------------- diff --git a/src/src/verify.c b/src/src/verify.c index 1df856604..1555838ac 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1033,10 +1033,10 @@ no_conn: cutthrough.delivery= FALSE; HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n"); } - if (ob->dkim.dkim_domain) + if (ob->dkim.dkim_domain || ob->arc_sign) { cutthrough.delivery= FALSE; - HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n"); + HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM or ARC signing\n"); } } -- cgit v1.2.3