From 1b7cf216d933b395dee691f05becca4dd44b26f7 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Wed, 4 Oct 2017 22:25:45 +0200 Subject: Check for proper output separator in expanding ${addresses:STRING} (Closes 2171) Better yet would be to force setting the output separator literally, and not after expansion of the STRING. But this would be an incompatible change. --- doc/doc-docbook/spec.xfpt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'doc/doc-docbook/spec.xfpt') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4a8e1d06e..c14094515 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -10118,7 +10118,15 @@ character. For example: .code ${addresses:>& Chief , sec@base.ment (dogsbody)} .endd -expands to &`ceo@up.stairs&&sec@base.ment`&. Compare the &*address*& (singular) +expands to &`ceo@up.stairs&&sec@base.ment`&. The string is expanded +first, so if the expanded string starts with >, it may change the output +separator unintentionally. This can be avoided by setting the output +separator explicitly: +.code +${addresses:>:$h_from:} +.endd + +Compare the &*address*& (singular) expansion item, which extracts the working address from a single RFC2822 address. See the &*filter*&, &*map*&, and &*reduce*& items for ways of processing lists. -- cgit v1.2.3 From 01cb5bdb47499f0d89e55e8ea973f75e143e3b4b Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 18 Oct 2017 22:34:12 +0100 Subject: Docs: note that } chars in a RE are also needing escaping for ${sg } --- doc/doc-docbook/spec.xfpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/doc-docbook/spec.xfpt') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c14094515..29d0d900e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -9967,7 +9967,7 @@ a regular expression, and a substitution string. For example: ${sg{abcdefabcdef}{abc}{xyz}} .endd yields &"xyzdefxyzdef"&. Because all three arguments are expanded before use, -if any $ or \ characters are required in the regular expression or in the +if any $, } or \ characters are required in the regular expression or in the substitution string, they have to be escaped. For example: .code ${sg{abcdef}{^(...)(...)\$}{\$2\$1}} -- cgit v1.2.3 From 9db451e0dcb29fea639a88ec7da266b5790fda51 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 22 Oct 2017 20:40:11 +0100 Subject: Docs: expand TFO information --- doc/doc-docbook/spec.xfpt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'doc/doc-docbook/spec.xfpt') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 29d0d900e..f91a4af96 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -24147,7 +24147,7 @@ This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. BDAT will not be used in conjunction with a transport filter. -.option hosts_try_fastopen smtp "host list!!" unset +.option hosts_try_fastopen smtp "host list&!!" unset .cindex "fast open, TCP" "enabling, in client" .cindex "TCP Fast Open" "enabling, in client" .cindex "RFC 7413" "TCP Fast Open" @@ -24163,6 +24163,9 @@ as the initiator must present a cookie in the SYN segment. On (at least some) current Linux distributions the facility must be enabled in the kernel by the sysadmin before the support is usable. +There is no option for control of the server side; if the system supports +it it is always enebled. Note that legthy operations in the connect ACL, +such as DNSBL lookups, will still delay the emission of the SMTP banner. .option hosts_try_prdr smtp "host list&!!" * .cindex "PRDR" "enabling, optional in client" -- cgit v1.2.3 From 970424a5fbfce9c2cc353a39fd26cd85e4fb6da0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 25 Oct 2017 10:58:18 +0100 Subject: DKIM: add builtin macro with default list of headers for signing --- doc/doc-docbook/spec.xfpt | 8 +++++--- doc/doc-txt/NewStuff | 1 + src/OS/Makefile-Base | 4 ++++ src/src/dkim.c | 18 ++++++++++++++++-- src/src/macro_predef.c | 23 +++++++++++++++++++---- src/src/macro_predef.h | 1 + src/src/pdkim/pdkim.c | 8 -------- src/src/pdkim/pdkim.h | 9 +++++++++ test/confs/4520 | 2 +- test/log/4520 | 4 ++++ test/log/4523 | 1 + test/log/4524 | 1 + 12 files changed, 62 insertions(+), 18 deletions(-) (limited to 'doc/doc-docbook/spec.xfpt') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f91a4af96..d030ee238 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23806,7 +23806,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_private_key smtp string&!! unset .option dkim_canon smtp string&!! unset .option dkim_strict smtp string&!! unset -.option dkim_sign_headers smtp string&!! unset +.option dkim_sign_headers smtp string&!! per RFC .option dkim_hash smtp string&!! sha256 .option dkim_identity smtp string&!! unset DKIM signing options. For details see section &<>&. @@ -38591,11 +38591,13 @@ either "1" or "true", Exim will defer. Otherwise Exim will send the message unsigned. You can use the &%$dkim_domain%& and &%$dkim_selector%& expansion variables here. -.option dkim_sign_headers smtp string&!! unset -If set, this option must expand to (or be specified as) a colon-separated +.option dkim_sign_headers smtp string&!! see below +If set, this option must expand to a colon-separated list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be used. +The default list is available for the expansion in the macro +"_DKIM_SIGN_HEADERS". .section "Verifying DKIM signatures in incoming mail" "SECID514" diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 39fce1eab..6d875d5f4 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -53,6 +53,7 @@ Version 4.90 13. DKIM support for multiple signing, by domain and/or key-selector. DKIM support for multiple hashes, and for alternate-identity tags. + Builtin macro with default list of signed headers. 14. Exipick understands -C|--config for an alternative Exim configuration file. diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 67ac082ba..60c97c210 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -135,6 +135,7 @@ OBJ_MACRO = macro_predef.o \ macro-manualroute.o macro-queryprogram.o macro-redirect.o \ macro-auth-spa.o macro-cram_md5.o macro-cyrus_sasl.o macro-dovecot.o macro-gsasl_exim.o \ macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-tls.o\ + macro-dkim.o $(OBJ_MACRO): $(MACRO_HSRC) @@ -222,6 +223,9 @@ macro-spa.o : auths/spa.c macro-tls.o: auths/tls.c @echo "$(CC) -DMACRO_PREDEF auths/tls.c" $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/tls.c +macro-dkim.o: dkim.c + @echo "$(CC) -DMACRO_PREDEF dkim.c" + $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ dkim.c macro_predef: $(OBJ_MACRO) @echo "$(LNCC) -o $@" diff --git a/src/src/dkim.c b/src/src/dkim.c index 038adb8b9..41540b39d 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -12,7 +12,20 @@ #ifndef DISABLE_DKIM -#include "pdkim/pdkim.h" +# include "pdkim/pdkim.h" + +# ifdef MACRO_PREDEF +# include "macro_predef.h" + +void +dkim_params(void) +{ +builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS); +} +# else /*!MACRO_PREDEF*/ + + + int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; @@ -661,4 +674,5 @@ expand_bad: goto bad; } -#endif +# endif /*!MACRO_PREDEF*/ +#endif /*!DISABLE_DKIM*/ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index 6b3157fbe..1b5cf4795 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -21,7 +21,7 @@ uschar * syslog_facility_str; /******************************************************************************/ void -builtin_macro_create(const uschar * name) +builtin_macro_create_var(const uschar * name, const uschar * val) { printf ("static macro_item p%d = { ", mp_index); if (mp_index == 0) @@ -29,12 +29,20 @@ if (mp_index == 0) else printf(".next=&p%d,", mp_index-1); -printf(" .command_line=FALSE, .namelen=%d, .replen=1," - " .name=US\"%s\", .replacement=US\"y\" };\n", - Ustrlen(name), CS name); +printf(" .command_line=FALSE, .namelen=%d, .replen=%d," + " .name=US\"%s\", .replacement=US\"%s\" };\n", + Ustrlen(name), Ustrlen(val), CS name, CS val); mp_index++; } + +void +builtin_macro_create(const uschar * name) +{ +builtin_macro_create_var(name, US"y"); +} + + void spf(uschar * buf, int len, const uschar * fmt, ...) { @@ -265,6 +273,12 @@ options_transports(); options_auths(); } +static void +params(void) +{ +dkim_params(); +} + int main(void) @@ -272,6 +286,7 @@ main(void) printf("#include \"exim.h\"\n"); features(); options(); +params(); printf("macro_item * macros = &p%d;\n", mp_index-1); printf("macro_item * mlast = &p0;\n"); diff --git a/src/src/macro_predef.h b/src/src/macro_predef.h index 1d3ba7f74..aece28cc7 100644 --- a/src/src/macro_predef.h +++ b/src/src/macro_predef.h @@ -9,6 +9,7 @@ extern void spf(uschar *, int, const uschar *, ...); extern void builtin_macro_create(const uschar *); +extern void builtin_macro_create_var(const uschar *, const uschar *); extern void options_from_list(optionlist *, unsigned, const uschar *, uschar *); extern void options_main(void); diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 06d455d7d..1420b1a79 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -51,14 +51,6 @@ #define PDKIM_MAX_HEADERS 512 #define PDKIM_MAX_BODY_LINE_LEN 16384 #define PDKIM_DNS_TXT_MAX_NAMELEN 1024 -#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ - "Message-ID:To:Cc:MIME-Version:Content-Type:"\ - "Content-Transfer-Encoding:Content-ID:"\ - "Content-Description:Resent-Date:Resent-From:"\ - "Resent-Sender:Resent-To:Resent-Cc:"\ - "Resent-Message-ID:In-Reply-To:References:"\ - "List-Id:List-Help:List-Unsubscribe:"\ - "List-Subscribe:List-Post:List-Owner:List-Archive" /* -------------------------------------------------------------------------- */ struct pdkim_stringlist { diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index a34999ad8..067c574f2 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -26,6 +26,15 @@ #include "../blob.h" #include "../hash.h" +#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ + "Message-ID:To:Cc:MIME-Version:Content-Type:"\ + "Content-Transfer-Encoding:Content-ID:"\ + "Content-Description:Resent-Date:Resent-From:"\ + "Resent-Sender:Resent-To:Resent-Cc:"\ + "Resent-Message-ID:In-Reply-To:References:"\ + "List-Id:List-Help:List-Unsubscribe:"\ + "List-Subscribe:List-Post:List-Owner:List-Archive" + /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt callback function. This should match the maximum RDLENGTH from DNS. */ diff --git a/test/confs/4520 b/test/confs/4520 index 897c1a675..8fa3c38c8 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -9,7 +9,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_rcpt = accept +acl_smtp_rcpt = accept logwrite = macro: _DKIM_SIGN_HEADERS acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames DDIR=DIR/aux-fixed/dkim diff --git a/test/log/4520 b/test/log/4520 index 8daa636c0..b0ddcd64e 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -13,22 +13,26 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex diff --git a/test/log/4523 b/test/log/4523 index d1e5ebba3..5c07fa5a2 100644 --- a/test/log/4523 +++ b/test/log/4523 @@ -4,6 +4,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive diff --git a/test/log/4524 b/test/log/4524 index a6d687c83..e0dde322a 100644 --- a/test/log/4524 +++ b/test/log/4524 @@ -4,6 +4,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 h=From:To:Subject -- cgit v1.2.3 From d29c160fa7939ba75adbc4b16e208fc56972384f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 25 Oct 2017 15:54:31 +0100 Subject: Docs: clarify DKIM default signing. Bug 2179 --- doc/doc-docbook/spec.xfpt | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'doc/doc-docbook/spec.xfpt') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d030ee238..a9a048ecb 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23806,7 +23806,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_private_key smtp string&!! unset .option dkim_canon smtp string&!! unset .option dkim_strict smtp string&!! unset -.option dkim_sign_headers smtp string&!! per RFC +.option dkim_sign_headers smtp string&!! "per RFC" .option dkim_hash smtp string&!! sha256 .option dkim_identity smtp string&!! unset DKIM signing options. For details see section &<>&. @@ -38591,13 +38591,17 @@ either "1" or "true", Exim will defer. Otherwise Exim will send the message unsigned. You can use the &%$dkim_domain%& and &%$dkim_selector%& expansion variables here. -.option dkim_sign_headers smtp string&!! see below +.option dkim_sign_headers smtp string&!! "see below" If set, this option must expand to a colon-separated -list of header names. Headers with these names will be included in the message -signature. -When unspecified, the header names recommended in RFC4871 will be used. +list of header names. +.new +Headers with these names, or the absence or such a header, will be included +in the message signature. +When unspecified, the header names listed in RFC4871 will be used, +whether or not each header is present in the message. The default list is available for the expansion in the macro "_DKIM_SIGN_HEADERS". +.wen .section "Verifying DKIM signatures in incoming mail" "SECID514" -- cgit v1.2.3