Hello,
> RFC5451 sets out the rules for Authentication-Results. Accordingly,
> opendkim is not permitted to modify existing Authentication-Results
> fields. It can only add its own specific ones related to DKIM verification.
I mean, when a message is submitted from the MUA to the
Mail-Submission-Agent/MSA/MTA, the MSA is supposed to add an
Authenication-Results: header, that indicates both the authentication
result of the SMTP session, and verification of the submitted message
(if it is is signed by the MUA before submission). This could be done,
when the MTA adds an Authentication-Results header for the
SMTP-Authentication and opendkim adds another Authentication-Results
header, immediately near the first one, to indicate the
DKIM-Verification. It would be more practical, if the MTA does not add
Authentication-Results for the SMTP-Authentication, but opendkim adds a
single Authentication-Results, accumulating both SMTP-Authentication and
DKIM-Verification results.
opendkim -V
opendkim: OpenDKIM Filter v2.5.1
Compiled with OpenSSL 1.0.0g 18 Jan 2012
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
QUERY_CACHE
USE_DB
USE_LUA
USE_ODBX
USE_UNBOUND
_FFR_ADSP_LISTS
_FFR_DIFFHEADERS
_FFR_IDENTITY_HEADER
_FFR_LDAP_CACHING
_FFR_OVERSIGN
_FFR_RATE_LIMIT
_FFR_RBL
_FFR_REDIRECT
_FFR_REPLACE_RULES
_FFR_RESIGN
_FFR_STATS
_FFR_STATSEXT
_FFR_VBR
libopendkim 2.5.1: diffheaders xtags query_cache
I cannot send the message, which caused the problem, since I do not have
it. Just today from time to time opendkim stops working and I have not
figured out right now which message causes this. I sent you what I had
and I found useful. When it happens again, I will try to gather more
information (I run now exact opendkim-2.5.1 without any changes) and
will let you know again. I know know such reports make sense, when they
are reproducible, but on the other side if I could solve the problem
myself, I would probably just have sent you a patch.
Anyway, another question: In configure.ac it is assumed, that
libunbound is in a directory, which name ends with /lib, e.g. /usr/lib .
However my libunbound is only in /usr/lib64, and my /etc/config.site
contains
export lv_cv_sys_lib_search_path_spec="/lib64 /usr/lib64"
export lv_cv_sys_lib_dlsearch_path_spec="/lib64 /usr/lib64"
so basically these variables shall be honoured somehow when searching
for the exact location of libunbound and -L/usr/lib shall not be added
to the compiler parameters, just because /usr/include/unbound.h exists
and I use ./configure --with-unbound . I personally would use
AC_CHECK_LIB instead to determine, if libunbound is installed.
Със здраве
Дилян
On 05.04.2012 21:14, Murray S. Kucherawy wrote:
> On Thu, 5 Apr 2012, ????? ???????? wrote:
>> ops, I have taken opendkim/opendkim.c from somewhere else (probably
>> commit a042e6abf6feb73e73), changing compared to
>> opendkim-2.5.1/opendkim/opendkim.c
>>
>> 13458c13453,13454
>> < if (dkimf_local_adsp(conf, (char *) domain,
>> ---
>>> if (domain != NULL &&
>>> dkimf_local_adsp(conf, (char *) domain,
>>
>> and 5 empty newlines.
>
> I haven't managed to reproduce your crash using your own configuration
> and a stock build of 2.5.1. Even with mangled or missing From fields,
> the message passes fine.
>
> Based on the core trace you sent, the crash you're seeing is unrelated
> to the patch you've applied since 2.5.1, so I think the line number
> change probably doesn't matter.
>
> What I need is to be able to reproduce the crash. So far I can't. Can
> you send me a gzip'd copy of a message that causes the crash when using
> the configuration you sent to the list?
>
>> When a message is submitted from the MUA to the MSA over authenticated
>> SMTP-Session, the MSA can add a Authentication-Results: header,
>> indicating that auth=pass (method) smtp.auth=username, whereas
>> opendkim can add to the same message, Authentication-Results:
>> dkim=pass, when the MUA has signed itself the message. Wouldn't it be
>> wise, if opendkim considers near the DKIM-Signature during the
>> verification, also the {auth_type} and {auth_authen} macros, and
>> amends Authentication-Results: with the SMTP-authentication results
>> (if any).
>
> RFC5451 sets out the rules for Authentication-Results. Accordingly,
> opendkim is not permitted to modify existing Authentication-Results
> fields. It can only add its own specific ones related to DKIM verification.
>
> -MSK
Received on Thu Apr 05 2012 - 19:44:28 PST