Some are aware that I'm developing some libopendkim code to consolidate DNS
querying and make it asynchronous. The plan is for queries for ADSP, DKIM-
Signatures and reputation to occur as soon as the relevant header is passed in
for processing.
#1.
As this will make policy and signature information available earlier would you
like to set call back functions for these?
e.g.
DKIM_STAT dkim_set_signature_callback
DKIM_LIB *libopendkim,
DKIM_CBSTAT (*func)(DKIM *dkim, DKIM_SIGINFO *sigs, DKIM_SIGERROR
status)
);
will do a calllback as soon as something invalid is known about the signature
or DKIM_SIGERROR_OK - if all is finished and the signature validates.
#2.
replace:
DKIM_STAT dkim_policy(
DKIM *dkim,
bool *test,
bool *susp,
dkim_policy_t *pcode,
dkim_handling_t *hcode,
DKIM_PSTATE * pstate
);
and
DKIM_DNSSEC dkim_policy_getdnssec(
DKIM *dkim
);
with a callback:
DKIM_STAT dkim_set_policy_callback(
DKIM_LIB *libopendkim,
DKIM_CBSTAT (*func)(DKIM *dkim, dkim_policy_t pcode, DKIM_DNSSEC res)
);
To get an earlier complete policy information to act upon.
#3.
The result of this is that DKIM-Signature header fields need to be parsed
earlier and, than unlike previous version, allocation of a continuous block of
signatures is not practical.
The proposed API changes effect the following functions that use a number of
sigs parameter:
DKIM_STAT dkim_getsiglist(
DKIM *dkim,
DKIM_SIGINFO **sigs,
int *nsigs
);
DKIM_STAT dkim_set_prescreen(
DKIM_LIB *libopendkim,
DKIM_CBSTAT (*func)(DKIM *dkim, DKIM_SIGINFO **sigs, int nsigs));
);
The proposed new API is:
DKIM_STAT dkim_getsiglist(
DKIM *dkim,
DKIM_SIGINFO *sigs,
);
DKIM_STAT dkim_set_prescreen(
DKIM_LIB *libopendkim,
DKIM_CBSTAT (*func)(DKIM *dkim, DKIM_SIGINFO *sig)
);
Note: maybe the dkim_set_signature_callback above obsolete's these functions?
And to assist with iteration over signature linked lists:
DKIM_SIGINFO *dkim_signext(DKIM_SIGINFO *sig);
which returns the next signature in the list or NULL if now more signatures
exist.
So loops will change from:
static DKIM_CBSTAT
dkimf_prescreen(DKIM *dkim, DKIM_SIGINFO *sigs, int nsigs)
{
int c;
DKIM_SIGINFO *sig;
for (c = 0; c < nsigs; c++)
{
sig = sigs[c];
To:
static DKIM_CBSTAT
dkimf_prescreen(DKIM *dkim, DKIM_SIGINFO *sig)
{
for ( ; sigs != NULL ; sig = dkim_signext(sig) )
{
#4
The current FFR_DKIM_REPUTATION uses the API:
DKIM_STAT dkim_get_reputation __P((DKIM *dkim, DKIM_SIGINFO *sig,
char *qroot, int *rep));
Passing of the qroot value here make async DNS here impossible so here are
some options:
1. make qroot a DKIM option
2. make qroot a list of DKIM options (more that one reputation service
supported)
3. remove it and let the application fetch the domain with dkim_sig_getdomain
and do its own reputation service.
4. something else?
#5 Namespace consistency:
rfc2822_mailbox_split is the only function that doesn't have a dkim_ prefix.
So that we don't conflict with functions elsewhere that happen to be called
the same thing lets use dkim_rfc2822_mailbox_split instead.
#6 ASYNC DNS API exported
The async DNS may provide API for doing your own async DNS for things like
VBR, SPF, CSV (insert other three letter email acronym).
DKIM_STAT dkim_dns_callback(const char *query, int type, void (*f)(char
*result, DKIM_DNSSEC, DKIM_DNSERROR), unsigned timeoutms);
here you setup the query and receive a callback when its done. it follows
CNAMES etc.
Received on Sat Oct 31 2009 - 05:02:55 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sat Oct 31 2009 - 13:50:01 PST