On Sat, 9 Jun 2007, Michael Schwartzkopff wrote: > I see. Nothing in the log files when a message is not signed at all. > That is what I tried all time time. So dkim-milter does not tell me > anything if a mail is not signed and my MTA has to filter mails, that do > not include a header "Authentications-Results". > > When I try wrong signatures I get the expected results. > > When I do a little bit more debugging whith additional syslog in the > dkim-filter I find out that the result of > dfc->mctx_dkim = dkim_verify(libdkim, dfc->mctx_jobid, NULL, > &status); > > is always DKIM_STAT_OK, regardless, if the signature exists or not, if it is > valid or not.
You're looking in the wrong place. dkim_verify() initializes verification, but doesn't complete it. Completion is done in dkim_eom(). dkim_verify() will only fail if you use the function improperly or if the system couldn't complete a required memory allocation. See the documentation in libdkim/docs for details. > Which leads me to a more basic question: > > Why do I not get the result DKIM_STAT_NOSIG if no signature is present? > What are the conditions for getting non DKIM_STAT_OK as a result? dkim_eom() returns DKIM_STAT_NOSIG for unsigned messages. dkim-filter doesn't use that information, treating it the same as DKIM_STAT_OK, unless the sending domain also advertises a policy claiming all of its mail should be signed. In that case, dkim-filter reports a "no signature" condition. -MSK ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
