DKIM-MILTER RELEASE NOTES $Id: RELEASE_NOTES,v 1.526 2009/06/01 01:49:30 msk Exp $ This listing shows the versions of the dkim-milter package, the date of release, and a summary of the changes in that release. Bug and feature request (RFE) numbers that start with "SF" were logged via Sourceforge (http://www.sourceforge.net) trackers. Those not so labeled were logged internally at Sendmail, Inc. 2.8.3 2009/05/31 Close the configuration file after reading it, plugging a descriptor leak. Release memory associated with old configuration nodes (i.e. strings) as well as the nodes themselves. Connect the configuration handle to its allocated data so cleanup can actually be thorough. Fix an error message reported inside _FFR_REPLACE_RULES. Plug a memory leak in mlfi_header() tripped when errors occur. Since ADSP has not yet been registered by IANA, adjust its method label in Authentication-Results accordingly. Include selector, domain and other text if possible when logging key retrieval failures. Add _FFR_SENDER_HEADERS, allowing user control over which header fields are used to make the sign/verify decision and perform key selection. LIBDKIM: Initialize canon_lastchar in dkim_add_canon(). LIBDKIM: Clean up any compiled regular expressions in dkim_close(). LIBDKIM: Fix some type-related compiler warnings. 2.8.2 2009/02/17 Request a signature with an "i=" tag if signing for subdomains and a keylist entry matches. Previously this only occurred when using an explicit domain list. Problem noted by S. Moonesamy of Eland Systems. Fixes in and around dkim_socket_cleanup(). Problem noted by S. Moonesamy of Eland Systems. LIBDKIM: When logging a d2i_PUBKEY_bio() or EVP_PKEY_get1_RSA() failure, also log the selector and domain involved so manual diagnostics are possible. LIBDKIM/LIBAR: Feature request #SF2380508: Add new test for WITHOUT_LIBSM which removes references to libsm's sm_strl*() functions, so that libdkim and libar can stand on their own on systems which provide the strl*() functions. Requested by Frederik Pettai. LIBDKIM: Report DKIM_STAT_NOSIG if the caller commands that all signatures should be ignored. LIBDKIM: Plug a memory leak caused when responding to a malloc() failure. LIBDKIM: New signature error code DKIM_SIGERROR_KEYDECODE, used if d2i_PUBKEY_BIO() or EVP_PKEY_get1_RSA fails in dkim_sig_process(). LIBAR: Make reference to the "_res" structure more thread-safe. BUILD: Make use of conf_dkim_filter_ENVDEF since site.config.m4.dist refers to it. Problem noted by S. Moonesamy of Eland Systems. 2.8.1 2009/01/16 LIBDKIM: Fix bug #SF2508602: Add a translation string for DKIM_SIGERROR_KEYREVOKED and fix dkim_eom_verify() so it returns DKIM_STAT_REVOKED when appropriate. Problem noted by Mike Markley of Bank of America. 2.8.0 2009/01/08 Add configuration option "EnableCoredumps" which makes an explicit kernel request for cores on crashes. Currently only meaningful on Linux. Add configuration option "AuthServID" which sets the "authserv-id" token to use when generating Authentication-Results header fields. Report "fail" instead of "hardfail" on authentication failures, in compliance with the Authentication-Results: draft. Add _FFR_REPORT_INTERVALS, experimental support for the "ri" tag extension to DKIM policy and key records for specifying reporting intervals. Feature request #SF1985886: Add _FFR_MULTIPLE_SIGNATURES, allowing one instance of the filter to add multiple signatures. Suggested by Dave Crocker. Add "TemporaryDirectory" configuration file option for requesting that libdkim use an alternate directory for creating temporary files, and "KeepTemporaryFiles" for requesting that libdkim not delete those files for debugging purposes. Add optional support for the "unbound" asynchronous resolver library as it is DNSSEC-aware. Adds four new configuration file items: "BogusKey", "BogusPolicy", "InsecureKey" and "InsecurePolicy". Also add dkim_sig_getdnssec() and dkim_policy_getdnssec() to libdkim so callers can tell what the DNSSEC evaluation result was for each query. Based on a patch from John Dickinson. Add "BaseDirectory" configuration file option for specifying the desired current directory of the process. Make use of the key and policy "rs" tag, if present, when doing SMTP rejections. Use MTA macro "$j" as the hostname in generated reports instead of the output of gethostname() since on some systems the latter may not be fully-qualified. Remove ANTICIPATE_SENDMAIL_MUNGE, replacing it with a runtime check for the milter v2 feature which suppresses the addition of spaces in headers. Add _FFR_COMMAIZE which attempts to predict the reformatting the MTA will do to certain header fields to reduce verification failures. Add _FFR_DKIM_REPUTATION enabling a function used to query an open DKIM reputation service regarding the signing user and signing domain. The service's URL is http://www.dkim-reputation.org. (EXPERIMENTAL) Fix preloading of configuration defaults. Fix bug #SF2236040: Quote all of the POSIX regular expression special characters, not just some of them. Reported by Mark Martinec. When possible, log the selector and domain of the signature evaluated along with any errors in the libcrypto stack. LIBDKIM: Add "smtpbuf", "smtplen" and "interval" parameters to dkim_sig_getreportinfo() and dkim_policy_getreportinfo(). Also, remove the assertion that "addr" be non-NULL. LIBDKIM: Add DKIM_LIBFLAGS_ACCEPTDK which enables compatibility with DomainKeys-formatted key records. LIBDKIM: Adjust signature formatting for legibility. LIBDKIM: Check return status from dkim_canon_getfinal() to avoid bad dereferences. Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Render the DKIM handle unusable in dkim_eoh_sign() if a required header was absent. Activate _FFR_REQUIRED_HEADERS. 2.7.2 2008/09/02 Avoid memory leaks and infinite loops when releasing thread-specific memory. Reported by Jeff Earickson. 2.7.1 2008/08/27 Set up required callbacks for OpenSSL thread-safety. Problem noted by Zbigniew Szalbot. Disallow empty "t=" and "x=" tags. Return DKIM_STAT_KEYFAIL for various DNS key retrieval failures instead of DKIM_STAT_INTERNAL. 2.7.0 2008/07/23 Update to draft-ietf-dkim-ssp-04. In doing so, rename "ASPDiscard" to "ADSPDiscard", "ASPNoSuchDomain" to "ADSPNoSuchDomain" and "SendASPReports" to "SendADSPReports" in the configuration file. Feature request #29738: Add "TrustSignaturesFrom" configuration file item allowing fine-grained control over third-party signature handling. Feature request #SF2018848: Add "LocalADSP" feature allowing policy assertions from domains known to have specific policies but which don't publish ADSP records. Suggested by Bruno Kraychete da Costa. LIBDKIM: Fix an off-by-one overrun check in key and policy record decoding. Problem noted by John Dickinson. 2.6.0 2008/06/11 Remove "signaturemissing" as an old-style configuration action as it has been superseded by "ASPDiscard" and related functions. Add "SendASPReports" configuration option which generates ASP failure reports if requested by the sending domain. Update report generation for verification failures to use the new Abuse Reporting Format (ARF) and DKIM Reporting draft proposals. Add "MustBeSigned" configuration option, requiring signatures to cover specific headers if present. Rename "UseASPDiscard" to "ASPDiscard". Add "ASPNoSuchDomain" configuration option which rejects mail that appears to come from nonexistent domains as reported by the Author Signing Practises check. Add "ReportAddress" configuration option, used for defining the From: header of reports mailed out. Yet another compatibility fix with respect to Sleepycat DB. Fix processing of "LogWhy" configuration parameter. Problem noted by Erik Lotspeich. Add "-n" command line flag which parses the command line arguments and configuration file(s), then exits with an appropriate status code. Report DKIM and ASP results separately via the same Authentication-Results header field. Previous versions would alter the DKIM result based on ASP. Fix bug #SF1976931: Restore function of "nosignature" old-style action configuration, connected to "AlwaysAddARHeader". Problem noted by Lucas Brasilino. Feature request #SF1940233: Add "DontSignMailTo" configuration option, allowing a list of recipient patterns whose mail should not be signed. Requested by Don Hughes. LIBDKIM: Rename dkim_reportinfo() to dkim_sig_getreportinfo(), and add dkim_policy_getreportinfo(). LIBDKIM: Add several more signature error codes covering various key-related errors. LIBDKIM: Add dkim_sig_hdrsigned() utility, DKIM_OPTS_MUSTBESIGNED option, and DKIM_SIGERROR_MBSFAILED error code. LIBDKIM: Fix a bug in the computation of the result for dkim_canon_minbody(). LIBDKIM: Report corrupted base64 chunks instead of quietly tolerating them. LIBDKIM: Tidy up the cleanup code in dkim-canon.c. LIBDKIM: Properly handle "tag=" at the end of a data set (i.e. the tag exists and has an empty value). LIBDKIM: Use larger unsigned data types in dkim_sig_future() as was done elsewhere. LIBDKIM: Always populate a DKIM_SIGINFO with domain and selector before there's an opportunity for other parsing short-circuits. LIBDKIM: Fix bug #SF1984685: Remove the "margin" parameter from dkim_getsighdr(); make it controlled by a new function, dkim_set_margin(), so that the signed copy and the user-requested copy are identical. Activate _FFR_AUTHSERV_JOBID. 2.5.5 2008/04/25 Fix bug #SF1947301: Close up a logic problem in "UseASPDiscard" handling which could cause false rejections of mail from domains advertising "discardable" policies. Problem noted by Doug Kingston. LIBDKIM: Another compatibility fix with respect to Sleepycat DB. 2.5.4 2008/04/17 Skip signatures with errors in dkimf_authorsigok(). Avoid a NULL dereference in dkimf_config_reload() when starting without a configuration file. Fix an alignment problem in dkimf_checkip(). Problem reported by Jeff A. Earickson. LIBDKIM: Fix bug #SF1942387: Per RFC4871, disallow "l=" values that exceed the size of the canonicalized message body. 2.5.3 2008/04/14 Add "AllowSHA1Only" configuration option which permits operation of verifiers that only know about SHA1. Without this, a filter compiled with only SHA1 support will refuse to start in verifier mode. Add "LogWhy" configuration parameter and "-W" command line flag to request detailed logging about why a message was not signed by the filter. Intended for debugging; not intended for normal operation. Another tweak to parameters passed to db->open(). Based on patches from Jukka Salmi and S. Moonesamy. Fixes in ares_parse() to match the current syntax. In particular, deal with the fact that some of our tokens can legally appear in e-mail addresses. Problem noted by S. Moonesamy of Eland Systems. LIBDKIM: Evaluate key granularity against the "i=" value rather than the value of the From: header per RFC4871. Problem noted by Jason Long. LIBDKIM: Remove the chartable stuff from dkim-tables.c as it is not used anywhere. LIBDKIM: Fix bug #SF1940302: Perform stronger validation of the value of the "h=" tag. 2.5.2 2008/03/28 Preserve the sender's domain name outside of mlfi_eoh() as it's now needed in mlfi_eom(). Problem noted by Andy Fiddaman. Fix bug #SF1921873: Pass "-K" command line switch into the new configuration handling code. Problem noted by Al Smith. TOOLS: Fix flags portion of the TXT record output by dkim-genkey. Problem noted by Michael Carland. BUILD: Fix bug #SF1922422: Fix linker problems when POPAUTH is defined. 2.5.1 2008/03/20 Update for draft-kucherawy-sender-auth-header-14. Fix bug #SF1911328: Restore proper behaviour of SignHeaders and OmitHeaders, broken in the prior release's configuration overhaul. Problem reported by Jason Molzen. Fix bug #SF1912332: Fix parameters passed to db->open(). Problem reported by Tony Earnshaw. Fix bug #SF1912569: Initialize mutexes before entering test mode. Patch from Kaspar Brand. LIBDKIM: Add "subject" to "should_signhdrs" per RFC4871 section 5.5. LIBDKIM: More boundary checking fixes in dkim_canon_selecthdrs(). Problem noted by Warren Horvath. LIBDKIM: Fix bug #SF1820084: Return DKIM_STAT_MULTIDNSREPLY if a DNS query returns multiple records. 2.5.0 2008/03/06 Add "AutoRestartCount" and "AutoRestartRate" configuration parameters to limit runaway restart loops. Feature request #SF1735573: Add "AlwaysAddARHeader" option, which will add an Authentication-Results of "none" for unsigned messages from domains without a "strict" policy. Feature request #SF1807748: Reload the configuration file on receipt of SIGUSR1. Requested by Florian Sager. Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a "BodyLengthDBFile" feature, allowing a per-recipient decision on whether or not to use an "l=" tag when signing. Patch contributed by Daniel Black. Feature request #SF1841955: Add an "Include" facility to the configuration file. Feature request #SF1876941: Make the syslog facility selectable. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the job ID to be included as part of the "authserv-id" in Authentication-Results: headers. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1890581: Attempt to clean up a UNIX domain socket in the non-AutoRestart case as well. Requested by Daniel Black. Add "MilterDebug" configuration file option for requesting debugging output from the filter. Add "FixCRLF" configuration file option which activates the DKIM_LIBFLAGS_FIXCRLF flag (see below). Update to draft-ietf-dkim-ssp-03. In doing so, rename the "UseSSPDeny" configuration option to "UseASPDiscard". Handle an error from dkim_getsighdr() properly in mlfi_eom(). When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh() between dk_verify() and dk_eoh() or a segmentation fault below dk_body() could result. LIBDKIM: Feature request #SF1823059: Export key, signature and policy syntax checking capability via the API. Based on a patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Assert defaults for "c" and "q" tags when parsing signature headers. Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Better handling of truncated DNS replies; instead of just giving up if the "tc" (truncated) bit is set in the reply, see if there was enough of a reply returned to be able to complete the request. LIBDKIM: Fix recycling bug in header canonicalizations which was causing signatures other than the first one to fail in most cases. LIBDKIM: Add new dkim_chunk() interface. LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there were no valid signatures. LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked" CRs and LFs be converted to CRLFs during canonicalization when signing. LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs(). LIBAR: Eliminate a possible race condition in ar_dispatcher(). LIBAR: Timeouts passed to select() can't be bigger than 10^8. Problem noted by S. Moonesamy of Eland Systems. BUILD: Feature request #SF1876242: Install the filter in EBINDIR and everything else in UBINDIR. 2.4.4 2008/01/25 In mlfi_close(), don't assume the libmilter private context pointer is not NULL. Fail to start up if told to load a key list which resulted in no keys being loaded. When "AutoRestart" is in use, the parent will now wait for the child to terminate before exiting. Thus, something that signals the process ID in the pid file can also wait on that process to be gone before being sure that the service has actually shut down. Include the job ID when logging about Authentication-Results: headers that can't be parsed. Problem noted by S. Moonesamy. LIBDKIM: In dkim_policy(), skip invalid signatures during evaluation of step 1 of SSP as the signature handle may not have been fully populated. 2.4.3 2008/01/18 Request addition of an "i=" tag in the signature when signing for subdomains. Patch from Alin Nastac. TOOLS: Fix bug #SF1867259: "echo -n" is not portable. Problem noted by Gary Mills. TOOLS: Fix bug #SF1867869: Output of the "t=" value was incorrect with respect to the "s" flag. Reported by Geoff Adams. LIBAR: Further handling of the absence of "nameserver" lines in resolv.conf, this time in the manual processing code. LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c. Patch from Geoff Adams. LIBDKIM: Tighten up correctness of the first SSP test ("valid originator signature") in dkim_policy(). Problem noted by Alin Nastac. LIBDKIM: DKIM_SIGINFO handles are now initialized with an error code of DKIM_SIGERROR_UNKNOWN. The code only becomes DKIM_SIGERROR_OK after the cryptographic verification code returns a success result. BUILD: Fix bug #SF1818906: Update site.config.m4 to include a flag for installing libdkim when compiling static libraries, and installing dkim.h in either case. Requested by Chris Behrens of Concentric Network Corporation. 2.4.2 2008/01/02 Remove "-H" from the usage message. It was meant to be a command line interface to "AlwaysSignHeaders" but was never implemented. Problem noted by Jeff Anton. LIBDKIM: Make dkim_islwsp() into a macro to drastically reduce the number of function calls made during canonicalization. LIBDKIM: Fix bug #SF1857484: Fix logic problem in dkim_policy() with the new pstate checks. Problem noted by Werner Wiethege; patch from Chris Behrens of Concentric Network Corporation. 2.4.1 2007/12/20 Update for latest Authentication-Results: header draft. Avoid a NULL dereference in dkim_get_key(). Problem noted by Chris Behrens of Concentric Network Corporation. Fix bug #SF1842970: Make the overall header byte count check configurable, and increase the default. Also, add "On-Security" (configuration file) and "security" (command line) options for controlling the default reaction to such conditions. While we're at it, add an "On-Default" and "default" option for making a global action setting. Requested by Mark Martinec. LIBAR: Fix bug #SF1852618: Handle default case of no "nameserver" lines in /etc/resolv.conf. Problem noted by Mike Markley of Bank of America. LIBDKIM: Fix bug #SF1824876: Add "dkim_pstate" and make dkim_policy() re-entrant. Requested by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1843733, SF1843782: Tighten up header name matching in dkim_get_header() and dkim_get_sender(). Patches from Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1843788: Fix an off-by-one length bug in dkim_header(). Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1850973: Remove MAXHDRCNT; make the arrays it previously defined dynamic. Reported by Mike Markley of Bank of America. LIBDKIM: Feature request #SF1841974: Numerous performance enhancements from Chris Behrens of Concentric Network Corporation. 2.4.0 2007/11/30 Take advantage of some more features that were introduced with milter v2 in sendmail 8.14.0: o If all canonicalizations are satisfied in terms of length limits, advise the MTA to stop sending the message body to reduce unneeded I/O. o Turn off as many unnecessary SMTP protocol steps as possible. o Fail option negotiation if any of the milter features required are not available. o If specific MTA macros are to be used for making the sign vs. verify decision, explicitly request them. Prevent corruption in Authentication-Results: headers caused by signatures that have explicit "i=" values. Report "hardfail" instead of "fail" on authentication failures, in compliance with the Authentication-Results: draft. Amend the "-M" command line option and "MacroList" configuration options to allow a list of possible values for each macro. Add _FFR_SELECTOR_HEADER, adding the means to choose which selector (and thus which key) is used to sign based on the value found in a particular header. Requested by Steve Jones of Bank of America. Add dkimf_dstring*() (dynamic string) functions and clean up some code by making use of it. Skip all the userid and group changes when either "-u" or "UserID" is in use if the requested user is the same as the executing user. Fix use of "UseSSPDeny" to include handling of unsigned messages. Fix bug #SF1834701: Log a warning and temp-fail the message if a key list is in use that didn't match the sender for a message which should be signed. Problem noted by Jim Hermann. Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do substring replacement before signing to anticipate things like the MTA "masquerade" and "genericstable" functions. Requires further development. Replace "gentxt.csh" with more robust "dkim-genkey" utility. Feature request #SF1811962: Add new utilities "dkim-testkey" which verifies that a public key is readable and properly formatted and matches the locally-provided private key, and "dkim-testssp" which retrieves a domain's sender signing practises record and prints it in a human-readable form. Based on code contributed by Daniel Black. Feature request #SF1817253: Add "UMask" configuration file option. Suggested by Daniel Black. Feature request #SF1818863: Add a section to site.config.m4.dist to request a build of the shared object version of libdkim. Requested by Chris Behrens of Concentric Network Corporation. Feature request #SF1834748: Use a more meaningful SMTP reply when rejecting a message at the SMTP level due to SSP. Suggested by S. Moonesamy of Eland Systems. LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer count comes back zero, rather than DKIM_STAT_CANTVRFY. Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Plug a memory leak in dkim_get_key(). Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Replace a dicey memcpy() call with memmove(). Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback return codes, and DKIM_STAT_CBERROR return code. Suggested by Chris Behrens of Concentric Network Corporation. LIBDKIM: Add dkim_minbody() to determine how much more body text is required to satisfy canonicalizations. LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for translation of SSP handling and policy codes into printable strings. LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can be used to detect that the timestamp on a signature and the value of the Date: header wildly differ. Incomplete. LIBDKIM: If a message comes in with no properly-formed sender headers, dkim_eoh() now renders the DKIM handle unusable by later data processing calls. LIBDKIM: Fix arithmetic in dkim_sig_expired(). LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return from rfc2822_mailbox_split() (was previously only checking for an error code or NULL domain). Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1819489: Fix signature header name check in dkim_header(). Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1819559: Fix key granularity processing. LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys. LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up to 64 bits since RFC4871 requires at least 40. LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag. LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated list of values to parse. LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable so do appropriate decoding. LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must contain at least CRLF. LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly malformed signature headers. Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code to use the draft-ietf-dkim-ssp-01 algorithm. Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle error returns from the subordinate lookup functions. Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1822331: Use consistent return codes in dkim_get_policy_dns(). Problem noted by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize during verification, disregard spaces between the header name and the colon (":") character. Problem noted by James Sargent of AOL. LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing key and policy flags. Problems noted by Marc Martinec. LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor function for dkim_domain. Requested by Chris Behrens of Concentric Network Corporation. Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and _FFR_SELECT_SIGN_HEADERS. 2.3.2 2007/10/19 Fix bug #25896: Fix a bug in parsing of "RemoveARFrom". LIBDKIM: Fix a bug in the key reuse block of dkim_get_key() which assumed that a domain and selector match guaranteed a copied key and key tag list. LIBDKIM: Fix bug #SF1812687: Fix handling check in dkim_get_policy(). Patch from Daniel Black. 2.3.1 2007/10/12 Fix header loss problem in test mode. Fix bug #SF1808886: Handle missing or empty test inputs more gracefully. Based on a patch from Kaspar Brand. Fix bug #SF1808881: Check various integer conversions for negative, overflow or inappropriate values. Suggested by Kaspar Brand. Feature request #SF1809239: Restore performance of test mode on large messages. Requested by Kaspar Brand. Patch #SF1811132: Include in test.c for malloc() prototype. Patch from Daniel Black. BUILD: Patch #SF1810712: Correct default location for the Tre regular expression library. Suggested by Daniel Black. 2.3.0 2007/10/06 Add "UseSSPDeny" configuration option which causes the filter to reject messages which are determined to be suspicious according to the new draft-ietf-dkim-ssp-01, and whose sending domains advertise a recommended handling of "deny", and whose SSP records are not in "test" mode. Add "MaximumSignedBytes" configuration option limiting the number of bytes of the message body to be signed. Add "-t" command line option for reading an RFC2822-formatted message from a named file and attempting to evaluate it, "-F" command line option for using a fixed signing time, and "-v" command line option for requesting verbose output. Finally, new configuration option "StrictTestMode" asserts that all lines of input must be CRLF-terminated. Based on patches from Kaspar Brand. Add "TestPublicKeys" setting for instructing libdkim to read public keys from a file, for use during automated testing. Based on a patch from Jeff Barry. When using _FFR_QUERY_CACHE, periodically report cache activity statistics. Don't arbitrarily suppress signing of already-signed messages. Fix bug #25728: When "AutoRestart" is in use, try to remove the socket (if it's a UNIX domain socket) prior to trying to start the child. LIBDKIM: Add dkim_getmode() function. LIBDKIM: Fixes to policy evaluation in dkim_policy(). Based on a patch from Jeff Barry. LIBDKIM: Patch #SF1796687: Add DKIM_LIBFLAGS_ACCEPTV05 which causes the library to accept signatures with version strings of "0.5", i.e. those based on later versions of the DKIM draft specification. This does not change any other part of signature validation or canonicalization, only the version string test. Suggested by Jim Fenton of Cisco. LIBDKIM: When closing canonicalizations, flush the temporary files rather than closing them so that things like dkim_reportinfo() return useful descriptors. Close the temporary files in dkim_canon_free() only. Problem noted by Jeff Barry. LIBDKIM: Fix variable argument processing by merging dkim_error() and dkim_verror(). The previous code was causing segmentation faults on selected operating systems. Activate the following FFRs: _FFR_KEY_REUSE _FFR_SET_REPLY 2.2.1 2007/09/07 Insert VBR headers at the top rather than appending them to be sensitive to legacy DomainKeys operations. Patch from S. Moonesamy of Eland Systems. Discontinue use of MAXHOSTNAMELEN as the maximum size of a hostname since some vendors set it to 64 (maximum size of a DNS label) and some to 256 (maximum size of an FQDN). Instead, define and use DKIM_MAXHOSTNAMELEN (256). Problem noted by Jeff Barry. LIBDKIM: Rename and update the default_signhdrs and default_skiphdrs arrays to match what's in RFC4871 section 5.5 SHOULD and SHOULD NOT lists. LIBDKIM: Apply DKIM_OPTS_SKIPHDRS only when signing. LIBDKIM: Add missing entries to prv_results, and add a dkim_getresultstr() function for translating DKIM_STAT result codes. Patch from Kaspar Brand. Fix bug #SF1785624: Resolve build problem introduced in previous version when NETINET6 is in use. Reported by Andrew Benham. Fix bug #SF1786033: Resolve build problem introduced in previous version affecting later versions of Solaris. Reported by Andy Fiddaman. Fix bug #SF1787473: Initialize the default "-i" list properly (given changes made in the previous version) so that mail from localhost still gets signed. Reported by Graham Murray. 2.2.0 2007/08/30 Change format of the peerfile, internal and external host lists, etc. to allow exclusion entries. See the man page for additional details. Amend "-u" to include the ability to name a group into which the filter process should be placed. Feature request #SF1783155: Make keylist pattern matching case-insensitive. LIBDKIM: Handle CNAMEs properly when using the standard resolver. Problem noted by Jim Fenton of Cisco. LIBDKIM: Fix bug #SF1782076: Adjust signature header wrapping logic so that a "b=" against the margin gets wrapped consistently when signing and verifying. Reported by Kaspar Brand. 2.1.2 2007/08/22 LIBDKIM: At the end of dkim_eoh_verify(), don't overwrite any existing descriptive error text before returning on verification errors. Problem noted by Andy Fiddaman. LIBDKIM: Remove redundant assertion of length limits in dkim_canon_bodychunk(). The code in dkim_canon_write() has it correct, so use that instead. Problem noted by Mark Martinec. LIBDKIM: Fix bug #SF1777332: Fix "relaxed" body canonicalization. Some code from the older implementation was still present conflicting with the newer code. Reported by Andrey Chernov. 2.1.1 2007/08/13 Fix bug #SF1743896 (reopened): Don't crash if a From: header with no domain is found. Patch from Andy Fiddaman. LIBDKIM: Fix type mismatches regarding restricted lengths. Problems noted by Jukka Salmi. LIBDKIM: Fix bug #SF1771520: Return an error from dkim_policy() if the sender's domain name could not be determined. Patch from Andy Fiddaman. 2.1.0 2007/08/10 Update to new (draft version 06) Authentication-Results: header format. Do an SSP query for any message that didn't either succeed verification or cause some kind of internal error, not just those that failed to verify. Tighten up the logic used when checking header space allocation. LIBDKIM: Heavy cleanup of dkim_eoh() and dkim_eom() via patches from Chris Behrens of Concentric Network Corporation. LIBDKIM: Add more fine-grained state control enforcing the order in which the message processing functions are called. There was previously a hole which would allow, for example, more headers to be submitted after a call to dkim_eoh() if a prescreen callback returned a "tryagain" result. LIBDKIM: Add dkim_sig_getidentity(). LIBDKIM: Fix bug #SF1769270: Use the default query type to retrieve signing policy for unsigned messages. LIBDKIM: Fix bug #SF1769445: Return the correct policy result from dkim_get_policy_dns() rather than always returning an empty string. Patch by Andy Fiddaman. LIBDKIM: Amend dkim_sig_getcanonlen() to include a parameter which receives the signature length limit, if any. LIBDKIM: Restore proper value to dkim_bodylen. Problem noted by Jukka Salmi. LIBDKIM: Don't inexplicably clear sig_signalg. Problem noted by Jukka Salmi. Feature request #SF1761475: Add "ClockDrift" configuration option for tolerating out-of-synch clocks. Suggested by Kaspar Brand. Feature request #SF1761481: Add "SyslogSuccess" configuration option for logging successful operations rather than just errors or other informational messages. Suggested by Kaspar Brand. Feature request #SF1769888: Amend dkim_policy() to be able to return the policy type retrieved from the sending domain. Also add dkim_getpresult() and associated other code to get additional policy evaluation information. Requested by Andy Fiddaman. 2.0.2 2007/08/03 Fix bug #SF1766313: Make configuration handling 64-bit friendly. Other 64-bit portability issues also addressed. Problems noted by Chris Box. Add _FFR_DNS_UPGRADE which establishes a second libar instance in TCP mode for handling truncated UDP replies. Also make some minor fixes in the key and policy DNS lookup functions to provide more consistent handling of such responses. Problems noted by Kaspar Brand; code is still experimental. 2.0.1 2007/08/02 Fix bug #SF1760481: Make header space allocations fully dynamic rather that establishing compile-time per-header limits. There is still an overall cap, however. Suggested by Ralf Hildebrandt. LIBDKIM: Fixes inside _FFR_KEY_REUSE. 2.0.0 2007/07/27 Remove all support for versions older than RFC4871. Older statistics databases will not be incompatible with the new code since version information is no longer included in the record format. Add "Resent-Sender" and "Resent-From" to the list of headers checked to determine whether or not the message should be signed or verified. Report an authentication result of "permerror" when the message can't be verified for syntax or other non-crypto reasons. New configuration file item "RemoveARFrom" allows specification of hostnames/domains whose existing Authentication-Results: headers should be removed. Also add "RemoveARAll" which allows selection of whether all such headers should be removed or only those containing a DKIM result. New configuration file item "RemoveOldSignatures" deletes existing signatures when signing. Fix bug #SF1743896: Don't crash if a From: header with no domain is found. Patch from Andy Fiddaman. Fix bug #SF1743964: Remove the pid file on shutdown or startup failure. Patch from Mike Markley. LIBAR: Plug descriptor and memory leaks in ar_shutdown(). LIBDKIM: Rework _FFR_VBR code to prepare it for extraction into an independent library. LIBDKIM: The key and policy lookup callbacks must now return a DKIM_CBSTAT constant so that they can have their corresponding libdkim functions return DKIM_STAT_CBTRYAGAIN if desired. Suggested by Chris Behrens of Concentric Network Corporation. LIBDKIM: Add _FFR_DIFFHEADERS which adds dkim_diffheaders() to enable the caller to search for headers that may have been munged in transit thus causing a verification failure. LIBDKIM: Feature request #SF1473131: Overhaul data structures, functions and documentation to allow fine-grained handling of messages bearing multiple signatures. This included the following changes: o Extend draft-ietf-dkim-ssp-00 support to cover multiply-signed messags. o Introduce DKIM_SIGERROR type/constants for associating an error code with each individual signature. o New libary flag DKIM_LIBFLAG_DELAYSIGPROC delays all signature processing until dkim_eom(). o New libary flag DKIM_LIBFLAG_EOHCHECK causes dkim_eoh() to return an error if it was unable to find any valid signatures when verifying. o Add new DKIM_CANON data type, referring to a parallel canonicalization required for signature generation or verification. o New function dkim_getsiglist() retrieves an array of DKIM_SIGINFO handles referring to all of the signatures discovered on a message. o New function dkim_getsignature() retrieves a single DKIM_SIGINFO handle which is the one libdkim will use to return its final result. o New function dkim_sig_getflags() to retrieve flags attached to a signature handle after processing. o New function dkim_sig_geterror() to retrieve the error code associated with a signature handle after processing. o New function dkim_sig_getbh() to retrieve the body hash test result on a signature after processing. o New function dkim_set_final() sets a user-provided callback called by dkim_eom() to do any final processing the caller may desire. o New function dkim_sig_process() manually executes verification of a signature, for use from within the prescreen or final callbacks. o Rename dkim_getcanonlen() to dkim_sig_getcanonlen(), dkim_getsigntime() to dkim_sig_getsigntime(), dkim_getselector() to dkim_sig_getselector(), dkim_getsigndomain() to dkim_sig_getdomain(), dkim_getsignalg() to dkim_sig_getsignalg() and dkim_getkeysize() to dkim_sig_getkeysize() as they now act on a specific signature rather than on an entire message. o The user-provided key and policy lookup functions must now accept a DKIM_SIGINFO handle as an additional parameter. o dkim_reportinfo() and dkim_ohdrs() now also require a DKIM_SIGINFO handle as an additional parameter. LIBDKIM: Fix signal logic in dkim_cache_read_unlock(). Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Add _FFR_KEY_REUSE which avoids doing duplicate key lookups if the same key is used on two signatures in the same message. Suggested by Chris Behrens of Concentric Network Corporation. LIBDKIM: Changed prototype for dkim_policy() to reflect the new code. Remove _FFR_FLUSH_HEADERS. The functionality it provided is now accessed via the new configuration options described above. Activate _FFR_HASH_BUFFERING. BUILD: More unit tests. 1.2.0 2007/06/26 Update sender signing policy (SSP) code to match the new draft-ietf-dkim-ssp-00 specification syntax. In doing so, remove _FFR_ALLMAN_SSP_02. If "-u" is specified, call initgroups() and setgid() as well. Reported by Mike Markley; based on a patch from S. Moonesamy of Eland Systems. Fix bug #SF1738354: Add "L" data to CMDLINEOPTS. Reported by Andrey Chernov. 1.1.0 2007/06/15 Add a new option to "-L" and "Minimum" allowing a specific maximum number of bytes of appended, unsigned text. Suggested by Philip Guenther. Documentation and build patches from Gregory Shapiro, and documentation patches from Steve Jones of Bank of America. Under _FFR_VBR, if dkim_vbr_query() returns an error, report the error and then don't add the header. Reported by S. Moonesamy of Eland Systems. Fix bug #24586: Allow "-?" just to get the usage message; also hint at such if the filter is invoked with no arguments. LIBDKIM: Define DKIM_STAT_CBTRYAGAIN and DKIM_CBSTAT_TRYAGAIN. BUILD: More unit tests. 1.0.0 2007/05/23 First release after DKIM issued as a standard (RFC4871). Remove the "-v" command line option and "Version" configuration file item, which permitted selection of the signing version. Remove "nowsp" canonicalization option. LIBDKIM: Define DKIM_VERSION_RFC4871 and make it the default signing version. LIBDKIM: Remove DKIM_CANON_NOWSP and DKIM_VERSION_ALLMAN_BASE_00 which defined it. Gradually, support for old versions will be phased out. 0.8.1 2007/05/22 Portability fixes for Solaris. LIBDKIM: Define DKIM_CBSTAT_* constants which are to be used as return values from callbacks. Also define new status values DKIM_STAT_CBREJECT and DKIM_STAT_CBINVALID indicating results from callbacks back to the calling applications. Suggested by James Sargent of AOL. LIBDKIM: Slightly nicer wrapping of "b=", "bh=" and "z=" in dkim_getsighdr(). LIBDKIM: Define callbacks with respect to the DKIM library handle rather than each signing/verifying instance. Suggested by James Sargent of AOL. BUILD: Reference libssl and libcrypto in dkim-filter/Makefile.m4 rather than in the template site.config.m4 file since it's always required anyway. BUILD: Fix man page entry in dkim-filter/Makefile.m4. 0.8.0 2007/05/17 Add a dkim-stats(8) man page. Contributed by Mike Markley. Add "SignatureTTL", "Diagnostics" and "AlwaysSignHeaders" options to the configuration file and man page. Add _FFR_ZTAGS for optionally saving diagonstic information when a signature fails if the signature contained a "z=" tag. Still more minor fixes in _FFR_STATS related to DB versions. Feature request #SF1473129: Split configuration file details into their own man page. LIBDKIM: Still more minor fixes in _FFR_QUERY_CACHE related to DB versions. Reported by Ben Lentz. LIBDKIM: Remove dkim_getidentity(), as the function it provides isn't part of DKIM. Instead, provide that functionality in dkim-filter. LIBDKIM: Add a new option DKIM_OPTS_ALWAYSHDRS which allows specification of a list of header names which should always be included in signature header lists whether or not the headers were actually present, preventing them from being added downstream before verification. LIBDKIM: Add a new option DKIM_OPTS_SIGNATURETTL which allows the caller to assert a time-to-live on signatures generated. This causes the "x=" tag to appear in signatures. LIBDKIM: Add a new library flag DKIM_LIBFLAGS_ZTAGS which causes signatures generated to include the original header set encoded for transport so the verifier can use it to diagnose verification failures. This causes the "z=" tag to appear in signatures. LIBDKIM: Add dkim_ohdrs() which extracts the sender's set of headers if a "z=" tag was present in the signature. This can then be used by the caller to diagnose verification failures for signatures which contain them. LIBDKIM: Add the first large (and yet not the smallest) change to support multiple signatures. There's now a method via a few callbacks to give the caller access to the signatures discovered by the end-of-headers callback. The caller can analyze the signatures, reorder them, or flag some to be ignored. After reordering, the library still simply runs with the first that appears to be syntactically valid; actual processing of multiple signatures after the re-ordering will be in an upcoming release. LIBDKIM: _FFR_QUERY_CACHE now only covers DNS key lookups, not all key lookups. LIBDKIM: Move the method-specific policy lookup functions into their own new files, dkim-policy.c and dkim-policy.h. LIBDKIM: Slightly nicer wrapping of "h=" in dkim_getsighdr(). LIBDKIM: Add dkim_set_signer() for specifying the message's signer for signature generation. BUILD: More unit tests. Activate the following FFRs: _FFR_QUARANTINE _FFR_REPORTINFO 0.7.1 2007/05/09 More minor fixes in _FFR_STATS related to DB versions. Based on a patch by Graham Murray. LIBDKIM: More minor fixes in _FFR_QUERY_CACHE related to DB versions. LIBDKIM: Use read-write locks instead of a mutex in _FFR_QUERY_CACHE when appropriate. LIBDKIM: When using _FFR_QUERY_CACHE with recent enough versions of the DB library, tell the library to use the same temporary directory as libdkim is using. BUILD: Fix bug #SF1715265: Correct a typo which caused libdkim to fail to build against the asynchronous resolver library. Reported by Andy Fiddaman. 0.7.0 2007/05/03 Several more fixes in _FFR_STATS related to DB versions. LIBDKIM: Add support for optional callbacks to do key and policy lookups using an API provided by the caller rather than using DNS directly. New functions dkim_set_key_lookup() and dkim_set_policy_lookup() set these callbacks. Also add dkim_getdomain() and dkim_getselector() utility functions so those callbacks can extract the data required to make the queries. Note that these will probably change slightly when support for multiple signatures is finally added. Suggested by James Sargent of AOL. LIBDKIM: Fix bug #SF1708756: Set dkim_partial earlier during signing so that the "l=" portion is included in the canonicalized signature header. Reported by Andrey Chernov. LIBDKIM: Algorithm and initialization fixes in policy retrieval found by the new unit tests. LIBDKIM: Several more fixes in _FFR_QUERY_CACHE related to DB versions. LIBDKIM: Fix bug #SF1706248: Rewrite dkim_getidentity() so it returns a more sane value for the sender in all cases. Another utility function will be added later for obtaining the signer's identity. Reported by Andrey Chernov. BUILD: Overhaul the build scripts so that all the user editing is done in devtools/Site/site.config.m4 rather than in each individual directory's Makefile.m4. Include a template for this purpose. BUILD: Begin a collection of automated unit tests. Activate the following FFRs: _FFR_LOG_SSL_ERRORS _FFR_MULTIPLE_KEYS _FFR_OMIT_HEADERS _FFR_QUERY_FILE _FFR_SET_DNS_CALLBACK (Feature request #SF1473171) 0.6.6 2007/04/25 Update _FFR_SELECT_CANONICALIZATION for split canonicalization methods. Add _FFR_STATS, creating an optional database for storing pass/fail statistics per domain over time, and a command-line tool for querying the database contents. Requires Sleepycat DB. LIBDKIM: Patch #SF1705155: Fixes in "relaxed" header canonicalization code. Problem noted by Ben Lentz. LIBDKIM: Add _FFR_HASH_BUFFERING, experimental code that adds a layer of buffering in front of dkim_canonwrite() so the SHA hashing functions are called less often. LIBDKIM: Only call dkim_flush_blanks() when it will actually do something. LIBDKIM: Fix bug #SF1706530: Call EVP_cleanup() in dkim_close(). Suggested by Andy Fiddaman. LIBDKIM: Inside _FFR_QUERY_CACHE, fix cursor operations when compiled against very old versions of Sleepycat DB. LIBDKIM: When opening the database with _FFR_QUERY_CACHE, make sure the library is allowed to create the database. 0.6.5 2007/04/20 Further fixes in POPAUTH code for backward-compatibility with older versions of Sleepycat DB. Memory corruption fixes inside _FFR_MULTIPLE_KEYS. Reported by S. Moonesamy of Eland Systems. Re-implement _FFR_OMIT_HEADERS using the new libdkim option (see below). Return DKIM_STAT_SYNTAX from dkim_eoh() if an empty "d", "s" or "b" tag is discovered on a signature. Export most internal header lists so callers can use them. Fix bug #SF1702708: Don't start in signing mode without at least one key and selector specified. Reported by Andrey Chernov. Feature request #SF1675359: Add _FFR_QUERY_CACHE, allowing optional caching on-disk of key and policy records retrieved via DNS to reduce the number of round trips to the nameserver. Requires Sleepycat DB. Requested by Jim Popovitch. Portability fixes for Solaris. LIBDKIM: Enforce mandatory headers in dkim_eoh(). LIBDKIM: Add dkim_close() for library shutdown. LIBDKIM: Add option DKIM_OPTS_SKIPHDRS to skip headers that should not be signed or verified. LIBDKIM: Initialize dkiml_fixedtime. 0.6.4 2007/04/16 Further fixes in POPAUTH code. Based on patches from John Merriam. Modify the output of "-V" further so it also includes active code options (as opposed to just FFRs). When linked against libdk, get additional forensic data from dk_geterror() whenever possible. Changes to _FFR_MULTIPLE_KEYS: Add a domain field in the file, and try a couple of filename extensions before giving up when reading private keys. Add more calls to dkim_error() for additional diagnostic information around the DNS queries. Fix bug #SF1700333: Remove the dkim_sig_signerok() check as it actually detects (and rejects) third-party signatures. The code is still there, just disabled, in case we want to use it after SSP addresses that question. Reported by James Sargent of AOL. Add _FFR_CAPTURE_UNKNOWN_ERRORS which quarantines jobs that cause unexpected results from dkim_eom() to allow more detailed analysis. LIBAR: Fix bug #SF1537476: Update to support IPv6 nameservers. 0.6.3 2007/04/06 Avoid deadlock errors in the POPAUTH code by protecting that code with a mutex as well. Also, "l_end" should be "l_len". Problems noted by John Merriam. Fix bug #SF1693248: Add support for sendmail 8.14.x and its "preserve leading spaces" option. Based on a patch from Andy Fiddaman. Fix bug #SF1693249: If dkim_eoh() returns DKIM_STAT_NOSIG and then the caller calls dkim_eom() to get policy (which the documentation says is acceptable), assertion failures were tripped because the SHA hash(es) weren't initialized and dkim_domain wasn't set. Reported by Andy Fiddaman. LIBDKIM: Add _FFR_QUERY_FILE for getting keys and policies from a flat text file rather than DNS for offline or automated testing. Based on a patch from Jeff Barry. LIBDKIM: New option DKIM_OPTS_FIXEDTIME to use a specific time when generating signatures, to be used for offline or automated testing. Based on a patch from Jeff Barry. LIBDKIM: Fix bug #SF1691659: Fix a type mismatch so that RSA_sign() returns reasonable results on 64-bit platforms. Reported by Andy Fiddaman. LIBAR: Fix bug #SF1694130: Block signals that should be caught and handled elsewhere, such as in libmilter. Patch by Andy Fiddaman. 0.6.2 2007/03/30 Don't start if you're in signing mode and no selector was chosen on the command line or in the configuration file. Don't start if the version of OpenSSL used to compile libdkim is not the same as the one used to compile the filter. Print the version of OpenSSL in use when "-V" is used on the command line. Add _FFR_VBR, enabling optional support for the Vouch By Reference domain reputation proposal. Add "BodyLengths" configuration file option which adds the "l=" parameter when signing messages so re-mailers (e.g. MLMs) which append text to the message won't interfere with successful verification. Fix bug #SF1689101: Fix a minor error in argv processing when _FFR_OMIT_HEADERS was in use. LIBDKIM: Change DKIM_SIGN_DEFAULT to point to "rsa-sha256" if it's available. LIBDKIM: Add dkim_ssl_version(). LIBDKIM: Fix bug #SF1681632: Fix a bug in header selection when signing. Messages verified just fine, but some headers could accidentally be omitted during signing. From a patch for bug #SF1541490 for dk-milter, reported by Mark Martinec; essentially the same bug existed in libdkim. 0.6.1 2007/03/07 Load the -C values from the configuration file if -C wasn't present on the command line. Previously, they were ignored. Fix bug #SF1477211: Add an appropriate Authentication-Results: header when a signature uses a hash which the matching key does not authorize. Feature request #SF1497802: Add _FFR_QUARANTINE, allowing optional quarantining of messages which fail verification or policy checks. Feature request #SF1605766: To reduce spurious logging, don't set mctx_status to DKIMF_STATUS_NOSIGNATURE unless the signature was missing on a message from a domain that claims it signs everything. LIBDKIM: Fix a verification version auto-detection bug that was causing some false negatives. LIBDKIM: Fix bug #SF1672787: Fix an additional corruption bug in dkim_getsighdr(). LIBDKIM: Select the correct signature to replay into canonicalization, rather than always using the first one. Problem noted by James Sargent of AOL. 0.6.0 2007/03/01 Bring up to currency with "ietf-base-10" which is probably the version that the IETF will issue as an RFC. This includes: - signature "q=" option delimiter is now "/", and the default value is now "dns/txt" - if both "t=" and "x=" are present in a signature, make sure the former is less than the latter - disregard signatures that appear to have been generated in the future - support for draft and final versions of "v=" tags in both keys and signatures Activate _FFR_VERIFY_DOMAINKEYS. Complete support for DKIM_QUERY_FILE for use in debugging and testing. Fix a number of minor bugs in signature header generation which could cause corruption and thus validation and/or syntax errors. Fix bug #SF1507535: Fix an FFR-related build issue. Reported by Frederik Pettai. Patch #SF1505401: Add _FFR_OMIT_HEADERS, copied from dk-milter. This will probably be replaced later by an extension to dkim_options(). Patch provided by Ben Lentz. LIBDKIM: Fix bug #SF1512860: Before returning DKIM_STAT_NOSIG from dkim_eom(), try to retrieve the sending domain's policy. LIBDKIM: Fix bug #SF1608314: Fix processing of config file items "Userid" and "Mode". Patch from John Villalovos. LIBDKIM: Add dkim_geterror() to retrieve additional diagnostic data from the API when a function call returns DKIM_STAT_INTERNAL or something else whose cause isn't readily apparent. LIBDKIM: Remove an extraneous pointer type in the parameter list for dkim_sign(). Reported by Jeff Barry. 0.5.2 2006/09/18 Fix bug #SF1537905: If necessary, try again to get the job ID in mlfi_eom() in case it came down later than expected (e.g. postfix). Suggested by Mark Martinec. Fix a couple of minor build problems. Fix bug #SF1559406: Change MAXHEADER to 4096. LIBDKIM: Fix bug #SF1544301: Fix an issue with processing a message which has trailing spaces on its last line. Reported by Mark Martinec. LIBDKIM: Fix bug #SF1558014: Confirm the body hash in the signature matches the actual body hash when verifying. Reported by Mark Martinec. LIBDKIM: Add preliminary support for the draft-allman-dkim-ssp-02 specification as _FFR_ALLMAN_SSP_02. LIBAR: Adapt to the post-bind4 resolver API. Problem reported by S. Moonesamy of Eland Systems. 0.5.1 2006/06/14 Add compile-time option _FFR_ANTICIPATE_SENDMAIL_MUNGE which attempts to replicate some header rewriting the sendmail MTA will do, which otherwise prevents signature validation from succeeding. Problem noted by Ken Jones. Add support for "ietf-base-02" signing mode (which is really synonymous with "ietf-base-01"). LIBDKIM: Report a syntax error when a signature header arrives with any required fields missing. 0.5.0 2006/05/19 Fix an assertion failure under _FFR_SELECT_SIGN_HEADERS. Reported by S. Moonesamy of Eland Systems. Under _FFR_REPORTINFO, only send reports when verification failed. There are other failure modes, but that's the only one for which reports are useful. Problem noted by Michael Thomas of Cisco. RFC2822 doesn't require any recipient headers, so remove those checks inside _FFR_REQUIRED_HEADERS. Fix bug #SF1481303: Don't verify DomainKeys signatures while in signing mode. Reported by S. Moonesamy of Eland Systems. Activate _FFR_MACRO_LIST (adds the "-M" command line option) and _FFR_EXTERNAL_IGNORE_LIST (adds the "-I" command line option). 0.4.1 2006/05/02 Include the list of supported DKIM versions in the output of "-V". Feature request #SF1238442: Add _FFR_VERIFY_DOMAINKEYS which will verify DomainKey signatures, if present. Requires libdk, which is available in the dk-milter package. Feature request #SF1453565: Add _FFR_SELECT_SIGN_HEADERS which permits specification of which headers to sign. Add _FFR_SET_DNS_CALLBACK which allows registration of a callback per-handle which is called periodically while waiting for DNS responses. LIBDKIM: Return an error if the signing function returned success but also reported a zero-length signature. Reported by S. Moonesamy of Eland Systems. 0.4.0 2006/04/18 Add preliminary support for IETF DKIM draft 01. "rsa-sha256" support was already added, but this also adds support for the "bh" (body hash) tag in signatures. Add "-v" command line switch to select DKIM version to use when signing. Add "-x" command line switch to specify a configuration file to read and parse. LIBAR: Fixes regarding retransmissions. 0.3.2 2006/04/05 Don't remove the wrong "b=" when canonicalizing the signature header during verification. Problem noted by Michael Thomas of Cisco. Properly process empty values in parameter sets. Problem noted by Michael Thomas of Cisco. 0.3.1 2006/03/19 Report the size of the key on successful verifications in the Authentication-Results: header. Fix bug #SF1453591: Tolerate empty strings in dkim_process_set(), and just apply defaults. LIBDKIM: Add dkim_getkeysize(), dkim_getsignalg(), dkim_getsigntime(). 0.3.0 2006/03/15 Add preliminary support for "rsa-sha256" signatures. Rearrange command line arguments somewhat. Include the list of supported canonicalization and signing algorithms in the output when "-V" is specified. Fix an intermittent crash condition caused by an uninitialized variable. Add _FFR_LOG_SSL_ERRORS to log any queued SSL error messages before releasing a message from the filter. 0.2.3 2006/03/03 Add a "testing" comment when the key or policy used to verify a message is marked with a test flag. Flush the base64 output stream before sending the reports under _FFR_REPORTINFO so that the reports don't contain truncated data. Discovered by Tony Hansen of AT&T. Fixes in processing of signature headers that contained extraneous spaces. Reported by Tony Hansen of AT&T. Fix bug #SF1442606: Clone the configuration string before parsing it so that "ps" doesn't show weird output. 0.2.2 2006/01/24 Evaluate the key granularity honouring "*" as a wildcard. Add _FFR_SET_REPLY which requests a more useful SMTP reply code when instructing the MTA to temp-fail or reject messages. 0.2.1 2005/12/09 Further fixes to dkim_getsighdr(). Problem reported by Sung-hoon Choi of Dreamwiz. Plug a few small but definite memory leaks. Fix bug #SF1373746: Repair a _FFR_SELECT_CANONICALIZATION build problem introduced in the previous release. Reported by S. Moonesamy of Eland Systems. 0.2.0 2005/12/02 Update for revised ESTG draft. Mainly this involved changing the "nowsp" canonicalization to "relaxed", and allowing specification of different canonicalizations for header and body. Don't allow the header to end with "\n\t" in dkim_getsighdr(). Problem reported by Sung-hoon Choi of Dreamwiz. Report "neutral" instead of "fail" for failed verifications when they key was marked as being in test mode. Patch from Sung-hoon Choi of Dreamwiz. Allow "-d" to specify a file from which domain names should be read, and allow domain names to contain wildcards. Fix bug #SF1243980: An empty key granularity matches nobody. Reported by Jim Fenton of Cisco. LIBAR: Fix bug #SF1282755: Fix a build issue introduced in the last release. Reported by Fredrik Pettai. 0.1.1 2005/07/21 Prevent a garbage pointer free() in dkim_free(). Reported by S. Moonesamy of Eland Systems. Fix bug #SF1241118: Don't add an Authentication-Results: header for messages which are unsigned and come from a domain that doesn't advertise a signs-all policy. Reported by S. Moonesamy of Eland Systems. Report "neutral" instead of "fail" for domains advertising test mode in their policies. Feature request #SF1238617: Add a compile-time option to map smfi_insheader() to smfi_addheader() on machines with older MTA and libmilter versions. 0.1.0 2005/07/13 Initial open source release.