[exim-cvs] cvs commit: exim/exim-src Makefile exim/exim-src/…

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-src Makefile exim/exim-src/OS Makefile-Base os.h-Linux exim/exim-src/scripts MakeLinks exim/exim-src/src acl.c config.h.defaults dk.c dk.h dkim-exim.c dkim-exim.h dk
tom 2009/06/10 08:34:05 BST

  Modified files:
    exim-src             Makefile 
    exim-src/OS          Makefile-Base os.h-Linux 
    exim-src/scripts     MakeLinks 
    exim-src/src         acl.c config.h.defaults dns.c drtables.c 
                         exim.c exim.h expand.c functions.h 
                         globals.c globals.h macros.h readconf.c 
                         receive.c smtp_in.c spool_in.c tls-gnu.c 
                         tls-openssl.c transport.c 
    exim-src/src/lookups Makefile dnsdb.c 
    exim-src/src/transports smtp.c smtp.h 
  Added files:
    exim-src/src         dkim.c dkim.h 
    exim-src/src/pdkim   Makefile README base64.c base64.h 
                         bignum.c bignum.h bn_mul.h pdkim.c 
                         pdkim.h rsa.c rsa.h sha1.c sha1.h sha2.c 
                         sha2.h 
  Removed files:
    exim-src/src         dk.c dk.h dkim-exim.c dkim-exim.h 
    exim-src/src/lookups dkim.c dkim.h 
  Log:
  Merge native DKIM support (from DEVEL_PDKIM)


  Revision  Changes    Path
  1.6       +1 -1      exim/exim-src/Makefile
  1.17      +15 -9     exim/exim-src/OS/Makefile-Base
  1.8       +4 -4      exim/exim-src/OS/os.h-Linux
  1.15      +23 -4     exim/exim-src/scripts/MakeLinks
  1.83      +44 -190   exim/exim-src/src/acl.c
  1.17      +1 -3      exim/exim-src/src/config.h.defaults
  1.13      +0 -440    exim/exim-src/src/dk.c (dead)
  1.4       +0 -51     exim/exim-src/src/dk.h (dead)
  1.5       +0 -510    exim/exim-src/src/dkim-exim.c (dead)
  1.2       +0 -35     exim/exim-src/src/dkim-exim.h (dead)
  1.2       +500 -0    exim/exim-src/src/dkim.c (new)
  1.2       +33 -0     exim/exim-src/src/dkim.h (new)
  1.18      +6 -1      exim/exim-src/src/dns.c
  1.10      +0 -22     exim/exim-src/src/drtables.c
  1.62      +3 -6      exim/exim-src/src/exim.c
  1.25      +2 -5      exim/exim-src/src/exim.h
  1.98      +27 -62    exim/exim-src/src/expand.c
  1.44      +2 -4      exim/exim-src/src/functions.h
  1.82      +11 -9     exim/exim-src/src/globals.c
  1.63      +10 -10    exim/exim-src/src/globals.h
  1.9       +1 -2      exim/exim-src/src/lookups/Makefile
  1.2       +0 -52     exim/exim-src/src/lookups/dkim.c (dead)
  1.2       +0 -16     exim/exim-src/src/lookups/dkim.h (dead)
  1.18      +8 -2      exim/exim-src/src/lookups/dnsdb.c
  1.38      +1 -0      exim/exim-src/src/macros.h
  1.2       +22 -0     exim/exim-src/src/pdkim/Makefile (new)
  1.2       +13 -0     exim/exim-src/src/pdkim/README (new)
  1.2       +180 -0    exim/exim-src/src/pdkim/base64.c (new)
  1.2       +76 -0     exim/exim-src/src/pdkim/base64.h (new)
  1.2       +1813 -0   exim/exim-src/src/pdkim/bignum.c (new)
  1.2       +395 -0    exim/exim-src/src/pdkim/bignum.h (new)
  1.2       +719 -0    exim/exim-src/src/pdkim/bn_mul.h (new)
  1.2       +1714 -0   exim/exim-src/src/pdkim/pdkim.c (new)
  1.2       +325 -0    exim/exim-src/src/pdkim/pdkim.h (new)
  1.2       +822 -0    exim/exim-src/src/pdkim/rsa.c (new)
  1.2       +356 -0    exim/exim-src/src/pdkim/rsa.h (new)
  1.2       +424 -0    exim/exim-src/src/pdkim/sha1.c (new)
  1.2       +137 -0    exim/exim-src/src/pdkim/sha1.h (new)
  1.2       +431 -0    exim/exim-src/src/pdkim/sha2.c (new)
  1.2       +145 -0    exim/exim-src/src/pdkim/sha2.h (new)
  1.36      +6 -0      exim/exim-src/src/readconf.c
  1.46      +74 -63    exim/exim-src/src/receive.c
  1.64      +7 -5      exim/exim-src/src/smtp_in.c
  1.24      +4 -6      exim/exim-src/src/spool_in.c
  1.21      +3 -1      exim/exim-src/src/tls-gnu.c
  1.14      +3 -1      exim/exim-src/src/tls-openssl.c
  1.24      +5 -61     exim/exim-src/src/transport.c
  1.42      +18 -38    exim/exim-src/src/transports/smtp.c
  1.15      +1 -7      exim/exim-src/src/transports/smtp.h


  Index: Makefile
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/Makefile,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- Makefile    14 Feb 2008 13:49:35 -0000    1.5
  +++ Makefile    10 Jun 2009 07:34:04 -0000    1.6
  @@ -77,7 +77,7 @@
       cd build-$(buildname); \
       $(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \
       routers/*.o routers/*.a transports/*.o transports/*.a \
  -    pcre/*.o pcre/*.a
  +    pdkim/*.o pdkim/*.a


   clean_exim:; cd build-$(buildname); \
        $(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \


  Index: Makefile-Base
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/OS/Makefile-Base,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- Makefile-Base    20 Jan 2009 16:06:14 -0000    1.16
  +++ Makefile-Base    10 Jun 2009 07:34:04 -0000    1.17
  @@ -96,7 +96,7 @@
   # therefore always be run, even if the files exist. This shouldn't in fact be a
   # problem, but it does no harm. Other make programs will just ignore this.


  -.PHONY: all allexim buildauths buildlookups buildrouters \
  +.PHONY: all allexim buildauths buildlookups buildpdkim buildrouters \
           buildtransports checklocalmake clean



  @@ -109,7 +109,7 @@
           exim_checkaccess \
           exim_dbmbuild exim_dumpdb exim_fixdb exim_tidydb exim_lock \
           buildlookups buildrouters buildtransports \
  -        buildauths exim
  +        buildauths buildpdkim exim



# Targets for special-purpose configuration header builders
@@ -300,14 +300,14 @@

OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
OBJ_WITH_OLD_DEMIME = demime.o
-OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dk.o dkim-exim.o dcc.o
+OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o

# Targets for final binaries; the main one has a build number which is
# updated each time. We don't bother with that for the auxiliaries.

   OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
           directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
  -        filtertest.o globals.o \
  +        filtertest.o globals.o dkim.o \
           header.o host.o ip.o log.o lss.o match.o moan.o \
           os.o parse.o queue.o \
           rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
  @@ -316,7 +316,7 @@
           local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \
           $(OBJ_WITH_OLD_DEMIME) $(OBJ_EXPERIMENTAL)


  -exim:   lookups/lookups.a auths/auths.a \
  +exim:   lookups/lookups.a auths/auths.a pdkim/pdkim.a \
           routers/routers.a transports/transports.a \
           $(OBJ_EXIM) version.c
       @echo " "
  @@ -328,7 +328,7 @@
       @echo "$(LNCC) -o exim"
       $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
         routers/routers.a transports/transports.a lookups/lookups.a \
  -      auths/auths.a \
  +      auths/auths.a pdkim/pdkim.a \
         $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
         $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
         $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
  @@ -578,7 +578,7 @@
   transport.o:     $(HDRS) transport.c
   tree.o:          $(HDRS) tree.c
   verify.o:        $(HDRS) verify.c
  -
  +dkim.o:          $(HDRS) dkim.c


# Dependencies for WITH_CONTENT_SCAN modules

  @@ -599,8 +599,6 @@
   bmi_spam.o:      $(HDRS) bmi_spam.c
   spf.o:           $(HDRS) spf.h spf.c
   srs.o:           $(HDRS) srs.h srs.c
  -dk.o:            $(HDRS) dk.h dk.c
  -dkim-exim.o:     $(HDRS) dkim-exim.h dkim-exim.c
   dcc.o:           $(HDRS) dcc.h dcc.c


   # The module containing tables of available lookups, routers, auths, and
  @@ -670,6 +668,14 @@
          INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"; \
        echo " "


  +# The PDKIM library
  +
  +buildpdkim pdkim/pdkim.a: config.h
  +     @cd pdkim; $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
  +       FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
  +       INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"; \
  +     echo " "
  +
   # The "clean", "install", and "makefile" targets just pass themselves back to
   # the main Exim makefile. These targets will be obeyed only if "make" is obeyed
   # for them in the build directory.


  Index: os.h-Linux
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/OS/os.h-Linux,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- os.h-Linux    4 Oct 2007 13:28:06 -0000    1.7
  +++ os.h-Linux    10 Jun 2009 07:34:04 -0000    1.8
  @@ -10,10 +10,10 @@
   #define NO_IP_VAR_H
   #define SIG_IGN_WORKS


-/* When using the experimental Domainkeys/DKIM extensions, setting
-HAVE_LINUX_SENDFILE can increase performance on outgoing mail a bit.
-Note: With older glibc versions this setting will conflict with the
-_FILE_OFFSET_BITS=64 setting defined as part of the Linux CFLAGS. */
+/* When using the DKIM, setting HAVE_LINUX_SENDFILE can increase
+performance on outgoing mail a bit. Note: With older glibc versions
+this setting will conflict with the _FILE_OFFSET_BITS=64 setting
+defined as part of the Linux CFLAGS. */

/* #define HAVE_LINUX_SENDFILE */


  Index: MakeLinks
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/scripts/MakeLinks,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- MakeLinks    17 Jan 2008 13:03:35 -0000    1.14
  +++ MakeLinks    10 Jun 2009 07:34:04 -0000    1.15
  @@ -189,6 +189,27 @@
   ln -s ../../src/auths/spa.h              spa.h
   cd ..


  +# Likewise for the code for the PDKIM library
  +mkdir pdkim
  +cd pdkim
  +ln -s ../../src/pdkim/README             README
  +ln -s ../../src/pdkim/Makefile           Makefile
  +ln -s ../../src/pdkim/base64.c           base64.c
  +ln -s ../../src/pdkim/base64.h           base64.h
  +ln -s ../../src/pdkim/bignum.c           bignum.c
  +ln -s ../../src/pdkim/bignum.h           bignum.h
  +ln -s ../../src/pdkim/bn_mul.h           bn_mul.h
  +ln -s ../../src/pdkim/pdkim.c            pdkim.c
  +ln -s ../../src/pdkim/pdkim.h            pdkim.h
  +ln -s ../../src/pdkim/pdkim-api.h        pdkim-api.h
  +ln -s ../../src/pdkim/rsa.c              rsa.c
  +ln -s ../../src/pdkim/rsa.h              rsa.h
  +ln -s ../../src/pdkim/sha1.c             sha1.c
  +ln -s ../../src/pdkim/sha1.h             sha1.h
  +ln -s ../../src/pdkim/sha2.c             sha2.c
  +ln -s ../../src/pdkim/sha2.h             sha2.h
  +cd ..
  +
   # The basic source files for Exim and utilities. NB local_scan.h gets linked,
   # but local_scan.c does not, because its location is taken from the build-time
   # configuration. Likewise for the os.c file, which gets build dynamically.
  @@ -259,6 +280,8 @@
   ln -s ../src/tree.c            tree.c
   ln -s ../src/verify.c          verify.c
   ln -s ../src/version.c         version.c
  +ln -s ../src/dkim.c            dkim.c
  +ln -s ../src/dkim.h            dkim.h


   # WITH_CONTENT_SCAN
   ln -s ../src/spam.c            spam.c
  @@ -280,10 +303,6 @@
   ln -s ../src/spf.h             spf.h
   ln -s ../src/srs.c             srs.c
   ln -s ../src/srs.h             srs.h
  -ln -s ../src/dk.c              dk.c
  -ln -s ../src/dk.h              dk.h
  -ln -s ../src/dkim-exim.c       dkim-exim.c
  -ln -s ../src/dkim-exim.h       dkim-exim.h
   ln -s ../src/dcc.c             dcc.c
   ln -s ../src/dcc.h             dcc.h





  Index: acl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/acl.c,v
  retrieving revision 1.82
  retrieving revision 1.83
  diff -u -r1.82 -r1.83
  --- acl.c    12 Feb 2008 12:52:51 -0000    1.82
  +++ acl.c    10 Jun 2009 07:34:04 -0000    1.83
  @@ -65,13 +65,9 @@
   #ifdef WITH_OLD_DEMIME
          ACLC_DEMIME,
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -       ACLC_DK_DOMAIN_SOURCE,
  -       ACLC_DK_POLICY,
  -       ACLC_DK_SENDER_DOMAINS,
  -       ACLC_DK_SENDER_LOCAL_PARTS,
  -       ACLC_DK_SENDERS,
  -       ACLC_DK_STATUS,
  +#ifndef DISABLE_DKIM
  +       ACLC_DKIM_SIGNER,
  +       ACLC_DKIM_STATUS,
   #endif
          ACLC_DNSLISTS,
          ACLC_DOMAINS,
  @@ -131,13 +127,9 @@
   #ifdef WITH_OLD_DEMIME
     US"demime",
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  US"dk_domain_source",
  -  US"dk_policy",
  -  US"dk_sender_domains",
  -  US"dk_sender_local_parts",
  -  US"dk_senders",
  -  US"dk_status",
  +#ifndef DISABLE_DKIM
  +  US"dkim_signers",
  +  US"dkim_status",
   #endif
     US"dnslists",
     US"domains",
  @@ -179,10 +171,7 @@
     #ifdef EXPERIMENTAL_BRIGHTMAIL
     CONTROL_BMI_RUN,
     #endif
  -  #ifdef EXPERIMENTAL_DOMAINKEYS
  -  CONTROL_DK_VERIFY,
  -  #endif
  -  #ifdef EXPERIMENTAL_DKIM
  +  #ifndef DISABLE_DKIM
     CONTROL_DKIM_VERIFY,
     #endif
     CONTROL_ERROR,
  @@ -215,11 +204,8 @@
     #ifdef EXPERIMENTAL_BRIGHTMAIL
     US"bmi_run",
     #endif
  -  #ifdef EXPERIMENTAL_DOMAINKEYS
  -  US"dk_verify",
  -  #endif
  -  #ifdef EXPERIMENTAL_DKIM
  -  US"dkim_verify",
  +  #ifndef DISABLE_DKIM
  +  US"dkim_disable_verify",
     #endif
     US"error",
     US"caseful_local_part",
  @@ -265,13 +251,9 @@
   #ifdef WITH_OLD_DEMIME
     TRUE,    /* demime */
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  TRUE,    /* dk_domain_source */
  -  TRUE,    /* dk_policy */
  -  TRUE,    /* dk_sender_domains */
  -  TRUE,    /* dk_sender_local_parts */
  -  TRUE,    /* dk_senders */
  -  TRUE,    /* dk_status */
  +#ifndef DISABLE_DKIM
  +  TRUE,    /* dkim_signers */
  +  TRUE,    /* dkim_status */
   #endif
     TRUE,    /* dnslists */
     FALSE,   /* domains */
  @@ -329,13 +311,9 @@
   #ifdef WITH_OLD_DEMIME
     FALSE,   /* demime */
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  FALSE,   /* dk_domain_source */
  -  FALSE,   /* dk_policy */
  -  FALSE,   /* dk_sender_domains */
  -  FALSE,   /* dk_sender_local_parts */
  -  FALSE,   /* dk_senders */
  -  FALSE,   /* dk_status */
  +#ifndef DISABLE_DKIM
  +  FALSE,   /* dkim_signers */
  +  FALSE,   /* dkim_status */
   #endif
     FALSE,   /* dnslists */
     FALSE,   /* domains */
  @@ -426,54 +404,12 @@
     ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)),   /* demime */
     #endif


  -  #ifdef EXPERIMENTAL_DOMAINKEYS
  -  (1<<ACL_WHERE_AUTH)|                             /* dk_domain_source */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  -
  -  (1<<ACL_WHERE_AUTH)|                             /* dk_policy */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  -
  -  (1<<ACL_WHERE_AUTH)|                             /* dk_sender_domains */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  -
  -  (1<<ACL_WHERE_AUTH)|                             /* dk_sender_local_parts */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  -
  -  (1<<ACL_WHERE_AUTH)|                             /* dk_senders */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  +  #ifndef DISABLE_DKIM
  +  (unsigned int)
  +  ~(1<<ACL_WHERE_DKIM),                            /* dkim_signers */


  -  (1<<ACL_WHERE_AUTH)|                             /* dk_status */
  -    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  -    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  -    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  -    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  -    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  -    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
  +  (unsigned int)
  +  ~(1<<ACL_WHERE_DKIM),                            /* dkim_status */
     #endif


     (1<<ACL_WHERE_NOTSMTP)|                          /* dnslists */
  @@ -580,13 +516,8 @@
     0,                                               /* bmi_run */
     #endif


  -  #ifdef EXPERIMENTAL_DOMAINKEYS
  -  (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|      /* dk_verify */
  -    (1<<ACL_WHERE_NOTSMTP_START),
  -  #endif
  -
  -  #ifdef EXPERIMENTAL_DKIM
  -  (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|      /* dkim_verify */
  +  #ifndef DISABLE_DKIM
  +  (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|      /* dkim_disable_verify */
       (1<<ACL_WHERE_NOTSMTP_START),
     #endif


  @@ -666,11 +597,8 @@
   #ifdef EXPERIMENTAL_BRIGHTMAIL
     { US"bmi_run",                 CONTROL_BMI_RUN, FALSE },
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  { US"dk_verify",               CONTROL_DK_VERIFY, FALSE },
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -  { US"dkim_verify",             CONTROL_DKIM_VERIFY, FALSE },
  +#ifndef DISABLE_DKIM
  +  { US"dkim_disable_verify",     CONTROL_DKIM_VERIFY, FALSE },
   #endif
     { US"caseful_local_part",      CONTROL_CASEFUL_LOCAL_PART, FALSE },
     { US"caselower_local_part",    CONTROL_CASELOWER_LOCAL_PART, FALSE },
  @@ -2650,15 +2578,9 @@
         break;
         #endif


  -      #ifdef EXPERIMENTAL_DOMAINKEYS
  -      case CONTROL_DK_VERIFY:
  -      dk_do_verify = 1;
  -      break;
  -      #endif
  -
  -      #ifdef EXPERIMENTAL_DKIM
  +      #ifndef DISABLE_DKIM
         case CONTROL_DKIM_VERIFY:
  -      dkim_do_verify = 1;
  +      dkim_disable_verify = TRUE;
         break;
         #endif


  @@ -2862,95 +2784,27 @@
       break;
       #endif


  -    #ifdef EXPERIMENTAL_DOMAINKEYS
  -    case ACLC_DK_DOMAIN_SOURCE:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    /* check header source of domain against given string */
  -    switch (dk_verify_block->address_source) {
  -      case DK_EXIM_ADDRESS_FROM_FROM:
  -        rc = match_isinlist(US"from", &arg, 0, NULL,
  -                            NULL, MCL_STRING, TRUE, NULL);
  -      break;
  -      case DK_EXIM_ADDRESS_FROM_SENDER:
  -        rc = match_isinlist(US"sender", &arg, 0, NULL,
  -                            NULL, MCL_STRING, TRUE, NULL);
  -      break;
  -      case DK_EXIM_ADDRESS_NONE:
  -        rc = match_isinlist(US"none", &arg, 0, NULL,
  -                            NULL, MCL_STRING, TRUE, NULL);
  -      break;
  +    #ifndef DISABLE_DKIM
  +    case ACLC_DKIM_SIGNER:
  +    if (dkim_signing_domain != NULL)
  +      {
  +      rc = match_isinlist(dkim_signing_domain,
  +                          &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
  +      if (rc == FAIL)
  +        {
  +        rc = match_isinlist(dkim_exim_expand_query(DKIM_IDENTITY),
  +                            &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
  +        }
  +      }
  +    else
  +      {
  +       rc = FAIL;
         }
       break;


  -    case ACLC_DK_POLICY:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    /* check policy against given string, default FAIL */
  -    rc = FAIL;
  -    if (dk_verify_block->signsall)
  -      rc = match_isinlist(US"signsall", &arg, 0, NULL,
  -                          NULL, MCL_STRING, TRUE, NULL);
  -    if (dk_verify_block->testing)
  -      rc = match_isinlist(US"testing", &arg, 0, NULL,
  -                          NULL, MCL_STRING, TRUE, NULL);
  -    break;
  -
  -    case ACLC_DK_SENDER_DOMAINS:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    if (dk_verify_block->domain != NULL)
  -      rc = match_isinlist(dk_verify_block->domain, &arg, 0, &domainlist_anchor,
  -                          NULL, MCL_DOMAIN, TRUE, NULL);
  -    else rc = FAIL;
  -    break;
  -
  -    case ACLC_DK_SENDER_LOCAL_PARTS:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    if (dk_verify_block->local_part != NULL)
  -      rc = match_isinlist(dk_verify_block->local_part, &arg, 0, &localpartlist_anchor,
  -                          NULL, MCL_LOCALPART, TRUE, NULL);
  -    else rc = FAIL;
  -    break;
  -
  -    case ACLC_DK_SENDERS:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    if (dk_verify_block->address != NULL)
  -      rc = match_address_list(dk_verify_block->address, TRUE, TRUE, &arg, NULL, -1, 0, NULL);
  -    else rc = FAIL;
  -    break;
  -
  -    case ACLC_DK_STATUS:
  -    if (dk_verify_block == NULL) { rc = FAIL; break; };
  -    if (dk_verify_block->result > 0) {
  -      switch(dk_verify_block->result) {
  -        case DK_EXIM_RESULT_BAD_FORMAT:
  -          rc = match_isinlist(US"bad format", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_NO_KEY:
  -          rc = match_isinlist(US"no key", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_NO_SIGNATURE:
  -          rc = match_isinlist(US"no signature", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_REVOKED:
  -          rc = match_isinlist(US"revoked", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_NON_PARTICIPANT:
  -          rc = match_isinlist(US"non-participant", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_GOOD:
  -          rc = match_isinlist(US"good", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        case DK_EXIM_RESULT_BAD:
  -          rc = match_isinlist(US"bad", &arg, 0, NULL,
  -                              NULL, MCL_STRING, TRUE, NULL);
  -        break;
  -        }
  -      }
  +    case ACLC_DKIM_STATUS:
  +    rc = match_isinlist(dkim_exim_expand_query(DKIM_VERIFY_STATUS),
  +                        &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
       break;
       #endif



  Index: config.h.defaults
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/config.h.defaults,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- config.h.defaults    17 Jan 2008 13:03:35 -0000    1.16
  +++ config.h.defaults    10 Jun 2009 07:34:04 -0000    1.17
  @@ -150,15 +150,13 @@
   /* EXPERIMENTAL features */
   #define EXPERIMENTAL_SPF
   #define EXPERIMENTAL_SRS
  -#define EXPERIMENTAL_DOMAINKEYS
  -#define EXPERIMENTAL_DKIM
   #define EXPERIMENTAL_BRIGHTMAIL
   #define EXPERIMENTAL_DCC


/* Things that are not routinely changed but are nevertheless configurable
just in case. */

  -#define DNS_MAXNAME                 256
  +#define DNS_MAXNAME                1024
   #define EXPAND_MAXN                  20
   #define ROOT_UID                      0



  Index: dns.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/dns.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- dns.c    8 Jan 2007 10:50:18 -0000    1.17
  +++ dns.c    10 Jun 2009 07:34:04 -0000    1.18
  @@ -562,7 +562,12 @@
   else
     dnsa->answerlen = res_search(CS name, C_IN, type, dnsa->answer, MAXPACKET);


  -if (dnsa->answerlen > MAXPACKET) dnsa->answerlen = MAXPACKET;
  +if (dnsa->answerlen > MAXPACKET)
  +  {
  +  DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet (size %d), truncating to %d.\n",
  +    name, dns_text_type(type), dnsa->answerlen, MAXPACKET);
  +  dnsa->answerlen = MAXPACKET;
  +  }


   if (dnsa->answerlen < 0) switch (h_errno)
     {


  Index: drtables.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/drtables.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- drtables.c    28 Sep 2007 12:21:57 -0000    1.9
  +++ drtables.c    10 Jun 2009 07:34:04 -0000    1.10
  @@ -105,11 +105,6 @@
   #include "lookups/whoson.h"
   #endif


-#ifdef EXPERIMENTAL_DKIM
-#include "lookups/dkim.h"
-#endif
-
-
/* The second field in each item below is a set of bit flags:

     lookup_querystyle     => this is a query-style lookup,
  @@ -176,23 +171,6 @@
   #endif
     },


  -/* DKIM lookups */
  -
  -  {
  -  US"dkim",                      /* lookup name */
  -  lookup_querystyle,             /* query style */
  -#ifdef EXPERIMENTAL_DKIM
  -  dkim_open,                     /* open function */
  -  NULL,                          /* check function */
  -  dkim_find,                     /* find function */
  -  NULL,                          /* no close function */
  -  NULL,                          /* no tidy function */
  -  NULL                           /* no quoting function */
  -#else
  -  NULL, NULL, NULL, NULL, NULL, NULL /* lookup not present */
  -#endif
  -  },
  -
   /* Using DNS TXT records as a database */


     {


  Index: exim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/exim.c,v
  retrieving revision 1.61
  retrieving revision 1.62
  diff -u -r1.61 -r1.62
  --- exim.c    12 Oct 2008 09:58:13 -0000    1.61
  +++ exim.c    10 Jun 2009 07:34:04 -0000    1.62
  @@ -905,6 +905,9 @@
   #ifdef WITH_CONTENT_SCAN
     fprintf(f, " Content_Scanning");
   #endif
  +#ifndef DISABLE_DKIM
  +  fprintf(f, " DKIM");
  +#endif
   #ifdef WITH_OLD_DEMIME
     fprintf(f, " Old_Demime");
   #endif
  @@ -917,12 +920,6 @@
   #ifdef EXPERIMENTAL_BRIGHTMAIL
     fprintf(f, " Experimental_Brightmail");
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  fprintf(f, " Experimental_DomainKeys");
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -  fprintf(f, " Experimental_DKIM");
  -#endif
   #ifdef EXPERIMENTAL_DCC
     fprintf(f, " Experimental_DCC");
   #endif


  Index: exim.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/exim.h,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- exim.h    16 Jan 2008 13:44:45 -0000    1.24
  +++ exim.h    10 Jun 2009 07:34:04 -0000    1.25
  @@ -446,11 +446,8 @@
   #ifdef EXPERIMENTAL_SRS
   #include "srs.h"
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -#include "dk.h"
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -#include "dkim-exim.h"
  +#ifndef DISABLE_DKIM
  +#include "dkim.h"
   #endif


/* The following stuff must follow the inclusion of config.h because it

  Index: expand.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/expand.c,v
  retrieving revision 1.97
  retrieving revision 1.98
  diff -u -r1.97 -r1.98
  --- expand.c    12 Dec 2008 14:51:47 -0000    1.97
  +++ expand.c    10 Jun 2009 07:34:04 -0000    1.98
  @@ -364,9 +364,9 @@
     vtype_load_avg,       /* value not used; result is int from os_getloadavg */
     vtype_pspace,         /* partition space; value is T/F for spool/log */
     vtype_pinodes         /* partition inodes; value is T/F for spool/log */
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  - ,vtype_dk_verify       /* Serve request out of DomainKeys verification structure */
  -#endif
  +  #ifndef DISABLE_DKIM
  +  ,vtype_dkim           /* Lookup of value in DKIM signature */
  +  #endif
     };


   /* This table must be kept in alphabetical order. */
  @@ -404,22 +404,26 @@
     { "demime_errorlevel",   vtype_int,         &demime_errorlevel },
     { "demime_reason",       vtype_stringptr,   &demime_reason },
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -  { "dk_domain",           vtype_stringptr,   &dk_signing_domain },
  -  { "dk_is_signed",        vtype_dk_verify,   NULL },
  -  { "dk_result",           vtype_dk_verify,   NULL },
  -  { "dk_selector",         vtype_stringptr,   &dk_signing_selector },
  -  { "dk_sender",           vtype_dk_verify,   NULL },
  -  { "dk_sender_domain",    vtype_dk_verify,   NULL },
  -  { "dk_sender_local_part",vtype_dk_verify,   NULL },
  -  { "dk_sender_source",    vtype_dk_verify,   NULL },
  -  { "dk_signsall",         vtype_dk_verify,   NULL },
  -  { "dk_status",           vtype_dk_verify,   NULL },
  -  { "dk_testing",          vtype_dk_verify,   NULL },
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  +#ifndef DISABLE_DKIM
  +  { "dkim_algo",           vtype_dkim,        (void *)DKIM_ALGO },
  +  { "dkim_bodylength",     vtype_dkim,        (void *)DKIM_BODYLENGTH },
  +  { "dkim_canon_body",     vtype_dkim,        (void *)DKIM_CANON_BODY },
  +  { "dkim_canon_headers",  vtype_dkim,        (void *)DKIM_CANON_HEADERS },
  +  { "dkim_copiedheaders",  vtype_dkim,        (void *)DKIM_COPIEDHEADERS },
  +  { "dkim_created",        vtype_dkim,        (void *)DKIM_CREATED },
     { "dkim_domain",         vtype_stringptr,   &dkim_signing_domain },
  +  { "dkim_expires",        vtype_dkim,        (void *)DKIM_EXPIRES },
  +  { "dkim_headernames",    vtype_dkim,        (void *)DKIM_HEADERNAMES },
  +  { "dkim_identity",       vtype_dkim,        (void *)DKIM_IDENTITY },
  +  { "dkim_key_granularity",vtype_dkim,        (void *)DKIM_KEY_GRANULARITY },
  +  { "dkim_key_nosubdomains",vtype_dkim,       (void *)DKIM_NOSUBDOMAINS },
  +  { "dkim_key_notes",      vtype_dkim,        (void *)DKIM_KEY_NOTES },
  +  { "dkim_key_srvtype",    vtype_dkim,        (void *)DKIM_KEY_SRVTYPE },
  +  { "dkim_key_testing",    vtype_dkim,        (void *)DKIM_KEY_TESTING },
     { "dkim_selector",       vtype_stringptr,   &dkim_signing_selector },
  +  { "dkim_signing_domains",vtype_stringptr,   &dkim_signing_domains },
  +  { "dkim_verify_reason",  vtype_dkim,        (void *)DKIM_VERIFY_REASON },
  +  { "dkim_verify_status",  vtype_dkim,        (void *)DKIM_VERIFY_STATUS},
   #endif
     { "dnslist_domain",      vtype_stringptr,   &dnslist_domain },
     { "dnslist_matched",     vtype_stringptr,   &dnslist_matched },
  @@ -1382,51 +1386,6 @@


     switch (var_table[middle].type)
       {
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -
  -    case vtype_dk_verify:
  -    if (dk_verify_block == NULL) return US"";
  -    s = NULL;
  -    if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
  -      s = dk_verify_block->result_string;
  -    if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
  -      s = dk_verify_block->address;
  -    if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
  -      s = dk_verify_block->domain;
  -    if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
  -      s = dk_verify_block->local_part;
  -
  -    if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
  -      switch(dk_verify_block->address_source) {
  -        case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
  -        case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
  -        case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
  -      }
  -
  -    if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
  -      switch(dk_verify_block->result) {
  -        case DK_EXIM_RESULT_ERR: s = US"error"; break;
  -        case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
  -        case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
  -        case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
  -        case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
  -        case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
  -        case DK_EXIM_RESULT_GOOD: s = US"good"; break;
  -        case DK_EXIM_RESULT_BAD: s = US"bad"; break;
  -      }
  -
  -    if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
  -      s = (dk_verify_block->signsall)? US"1" : US"0";
  -
  -    if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
  -      s = (dk_verify_block->testing)? US"1" : US"0";
  -
  -    if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
  -      s = (dk_verify_block->is_signed)? US"1" : US"0";
  -
  -    return (s == NULL)? US"" : s;
  -#endif
  -
       case vtype_filter_int:
       if (!filter_running) return NULL;
       /* Fall through */
  @@ -1605,6 +1564,12 @@
         sprintf(CS var_buffer, "%d", inodes);
         }
       return var_buffer;
  +
  +    #ifndef DKIM_DISABLE
  +    case vtype_dkim:
  +    return dkim_exim_expand_query((int)var_table[middle].value);
  +    #endif
  +
       }
     }



  Index: functions.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/functions.h,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- functions.h    18 Dec 2008 13:13:54 -0000    1.43
  +++ functions.h    10 Jun 2009 07:34:04 -0000    1.44
  @@ -83,12 +83,10 @@
   extern int     demime(uschar **);
   #endif
   extern BOOL    directory_make(uschar *, uschar *, int, BOOL);
  -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  +#ifndef DISABLE_DKIM
   extern BOOL    dkim_transport_write_message(address_item *, int, int,
                      int, uschar *, uschar *, uschar *, uschar *, rewrite_rule *,
  -                   int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *,
  -                   uschar *, uschar *, uschar *, uschar *, uschar *, uschar *
  -                   );
  +                   int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *);
   #endif
   extern dns_address *dns_address_from_rr(dns_answer *, dns_record *);
   extern void    dns_build_reverse(uschar *, uschar *);


  Index: globals.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/globals.c,v
  retrieving revision 1.81
  retrieving revision 1.82
  diff -u -r1.81 -r1.82
  --- globals.c    12 Feb 2008 12:52:51 -0000    1.81
  +++ globals.c    10 Jun 2009 07:34:04 -0000    1.82
  @@ -182,6 +182,9 @@
   uschar *acl_smtp_auth          = NULL;
   uschar *acl_smtp_connect       = NULL;
   uschar *acl_smtp_data          = NULL;
  +#ifndef DISABLE_DKIM
  +uschar *acl_smtp_dkim          = NULL;
  +#endif
   uschar *acl_smtp_etrn          = NULL;
   uschar *acl_smtp_expn          = NULL;
   uschar *acl_smtp_helo          = NULL;
  @@ -210,6 +213,7 @@
                                      US"MAIL",
                                      US"PREDATA",
                                      US"MIME",
  +                                   US"DKIM",
                                      US"DATA",
                                      US"non-SMTP",
                                      US"AUTH",
  @@ -229,6 +233,7 @@
                                      US"550",     /* MAIL */
                                      US"550",     /* PREDATA */
                                      US"550",     /* MIME */
  +                                   US"550",     /* DKIM */
                                      US"550",     /* DATA */
                                      US"0",       /* not SMTP; not relevant */
                                      US"503",     /* AUTH */
  @@ -391,7 +396,7 @@
   int     callout_cache_positive_expire = 24*60*60;
   int     callout_cache_negative_expire = 2*60*60;
   uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing";
  -uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W_](?>[a-z0-9/-]*[^\\W_])?)+$";
  +uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\\.?)$";
   int     check_log_inodes       = 0;
   int     check_log_space        = 0;
   BOOL    check_rfc2047_length   = TRUE;
  @@ -526,16 +531,13 @@
   BOOL    disable_ipv6           = FALSE;
   BOOL    disable_logging        = FALSE;


  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -uschar *dk_signing_domain      = NULL;
  -uschar *dk_signing_selector    = NULL;
  -int     dk_do_verify           = 0;
  -#endif
  -
  -#ifdef EXPERIMENTAL_DKIM
  +#ifndef DISABLE_DKIM
  +uschar *dkim_signing_domains     = NULL;
   uschar *dkim_signing_domain      = NULL;
   uschar *dkim_signing_selector    = NULL;
  -int     dkim_do_verify           = 0;
  +uschar *dkim_verify_signers      = US"$dkim_signing_domains";
  +BOOL    dkim_collect_input       = FALSE;
  +BOOL    dkim_disable_verify      = FALSE;
   #endif


uschar *dns_again_means_nonexist = NULL;

  Index: globals.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/globals.h,v
  retrieving revision 1.62
  retrieving revision 1.63
  diff -u -r1.62 -r1.63
  --- globals.h    12 Feb 2008 12:52:51 -0000    1.62
  +++ globals.h    10 Jun 2009 07:34:04 -0000    1.63
  @@ -118,6 +118,9 @@
   extern uschar *acl_smtp_auth;          /* ACL run for AUTH */
   extern uschar *acl_smtp_connect;       /* ACL run on SMTP connection */
   extern uschar *acl_smtp_data;          /* ACL run after DATA received */
  +#ifndef DISABLE_DKIM
  +extern uschar *acl_smtp_dkim;          /* ACL run for DKIM signatures / domains */
  +#endif
   extern uschar *acl_smtp_etrn;          /* ACL run for ETRN */
   extern uschar *acl_smtp_expn;          /* ACL run for EXPN */
   extern uschar *acl_smtp_helo;          /* ACL run for HELO/EHLO */
  @@ -295,16 +298,13 @@
   extern BOOL    disable_ipv6;           /* Don't do any IPv6 things */
   extern BOOL    disable_logging;        /* Disables log writing when TRUE */


  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -extern uschar *dk_signing_domain;      /* Domain used for signing a message. */
  -extern uschar *dk_signing_selector;    /* Selector used for signing a message. */
  -extern int     dk_do_verify;           /* DK verification switch. Set with ACL control statement. */
  -#endif
  -
  -#ifdef EXPERIMENTAL_DKIM
  -extern uschar *dkim_signing_domain;      /* Domain used for signing a message. */
  -extern uschar *dkim_signing_selector;    /* Selector used for signing a message. */
  -extern int     dkim_do_verify;           /* DKIM verification switch. Set with ACL control statement. */
  +#ifndef DISABLE_DKIM
  +extern uschar *dkim_signing_domains;   /* Expansion variable, holds colon-separated list of domains that have signed a message */
  +extern uschar *dkim_signing_domain;    /* Expansion variable, domain used for signing a message. */
  +extern uschar *dkim_signing_selector;  /* Expansion variable, selector used for signing a message. */
  +extern uschar *dkim_verify_signers;    /* Colon-separated list of domains for each of which we call the DKIM ACL */
  +extern BOOL    dkim_collect_input;     /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
  +extern BOOL    dkim_disable_verify;    /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
   #endif


extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */

  Index: macros.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/macros.h,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- macros.h    29 Sep 2008 11:41:07 -0000    1.37
  +++ macros.h    10 Jun 2009 07:34:04 -0000    1.38
  @@ -799,6 +799,7 @@
          ACL_WHERE_MAIL,       /* )                                           */
          ACL_WHERE_PREDATA,    /* ) There are several tests for "in message", */
          ACL_WHERE_MIME,       /* ) implemented by <= WHERE_NOTSMTP           */
  +       ACL_WHERE_DKIM,       /* )                                           */
          ACL_WHERE_DATA,       /* )                                           */
          ACL_WHERE_NOTSMTP,    /* )                                           */



  Index: readconf.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/readconf.c,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- readconf.c    12 Feb 2008 12:52:51 -0000    1.35
  +++ readconf.c    10 Jun 2009 07:34:04 -0000    1.36
  @@ -142,6 +142,9 @@
     { "acl_smtp_auth",            opt_stringptr,   &acl_smtp_auth },
     { "acl_smtp_connect",         opt_stringptr,   &acl_smtp_connect },
     { "acl_smtp_data",            opt_stringptr,   &acl_smtp_data },
  +#ifndef DISABLE_DKIM
  +  { "acl_smtp_dkim",            opt_stringptr,   &acl_smtp_dkim },
  +#endif
     { "acl_smtp_etrn",            opt_stringptr,   &acl_smtp_etrn },
     { "acl_smtp_expn",            opt_stringptr,   &acl_smtp_expn },
     { "acl_smtp_helo",            opt_stringptr,   &acl_smtp_helo },
  @@ -205,6 +208,9 @@
     { "disable_fsync",            opt_bool,        &disable_fsync },
   #endif
     { "disable_ipv6",             opt_bool,        &disable_ipv6 },
  +#ifndef DISABLE_DKIM
  +  { "dkim_verify_signers",      opt_stringptr,   &dkim_verify_signers },
  +#endif
     { "dns_again_means_nonexist", opt_stringptr,   &dns_again_means_nonexist },
     { "dns_check_names_pattern",  opt_stringptr,   &check_dns_names_pattern },
     { "dns_csa_search_limit",     opt_int,         &dns_csa_search_limit },


  Index: receive.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/receive.c,v
  retrieving revision 1.45
  retrieving revision 1.46
  diff -u -r1.45 -r1.46
  --- receive.c    2 Jan 2009 17:12:03 -0000    1.45
  +++ receive.c    10 Jun 2009 07:34:04 -0000    1.46
  @@ -11,38 +11,6 @@


#include "exim.h"

  -#if (defined EXPERIMENTAL_DOMAINKEYS) && (defined EXPERIMENTAL_DKIM)
  -
  -#warning Chaining Domainkeys via DKIM receive functions
  -#define RECEIVE_GETC dkim_receive_getc
  -#define RECEIVE_UNGETC dkim_receive_ungetc
  -
  -#else
  -
  -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  -
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -#warning Using Domainkeys receive functions
  -#define RECEIVE_GETC dk_receive_getc
  -#define RECEIVE_UNGETC dk_receive_ungetc
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -#warning Using DKIM receive functions
  -#define RECEIVE_GETC dkim_receive_getc
  -#define RECEIVE_UNGETC dkim_receive_ungetc
  -#endif
  -
  -#else
  -
  -/* Normal operation */
  -#define RECEIVE_GETC receive_getc
  -#define RECEIVE_UNGETC receive_ungetc
  -
  -#endif
  -
  -#endif
  -
  -
   #ifdef EXPERIMENTAL_DCC
   extern int dcc_ok;
   #endif
  @@ -600,7 +568,7 @@
     {
     register int last_ch = '\n';


  -  for (; (ch = (RECEIVE_GETC)()) != EOF; last_ch = ch)
  +  for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
       {
       if (ch == 0) body_zerocount++;
       if (last_ch == '\r' && ch != '\n')
  @@ -642,7 +610,7 @@


ch_state = 1;

  -while ((ch = (RECEIVE_GETC)()) != EOF)
  +while ((ch = (receive_getc)()) != EOF)
     {
     if (ch == 0) body_zerocount++;
     switch (ch_state)
  @@ -758,7 +726,7 @@
   register int ch;
   register int linelength = 0;


  -while ((ch = (RECEIVE_GETC)()) != EOF)
  +while ((ch = (receive_getc)()) != EOF)
     {
     if (ch == 0) body_zerocount++;
     switch (ch_state)
  @@ -1416,17 +1384,10 @@
   message_linecount = body_linecount = body_zerocount =
     max_received_linelength = 0;


-#ifdef EXPERIMENTAL_DOMAINKEYS
-/* Call into DK to set up the context. Check if DK is to be run are carried out
- inside dk_exim_verify_init(). */
-dk_exim_verify_init();
+#ifndef DISABLE_DKIM
+/* Call into DKIM to set up the context. */
+if (smtp_input && !smtp_batched_input && !dkim_disable_verify) dkim_exim_verify_init();
#endif
-#ifdef EXPERIMENTAL_DKIM
-/* Call into DKIM to set up the context. Check if DKIM is to be run are carried out
- inside dk_exim_verify_init(). */
-dkim_exim_verify_init();
-#endif
-

/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
@@ -1476,7 +1437,7 @@

   for (;;)
     {
  -  int ch = (RECEIVE_GETC)();
  +  int ch = (receive_getc)();


     /* If we hit EOF on a SMTP connection, it's an error, since incoming
     SMTP must have a correct "." terminator. */
  @@ -1540,7 +1501,7 @@
     if (ch == '\n')
       {
       if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
  -      else if (first_line_ended_crlf) RECEIVE_UNGETC(' ');
  +      else if (first_line_ended_crlf) receive_ungetc(' ');
       goto EOL;
       }


@@ -1555,13 +1516,13 @@

     if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
       {
  -    ch = (RECEIVE_GETC)();
  +    ch = (receive_getc)();
       if (ch == '\r')
         {
  -      ch = (RECEIVE_GETC)();
  +      ch = (receive_getc)();
         if (ch != '\n')
           {
  -        RECEIVE_UNGETC(ch);
  +        receive_ungetc(ch);
           ch = '\r';              /* Revert to CR */
           }
         }
  @@ -1589,7 +1550,7 @@


     if (ch == '\r')
       {
  -    ch = (RECEIVE_GETC)();
  +    ch = (receive_getc)();
       if (ch == '\n')
         {
         if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
  @@ -1599,7 +1560,7 @@
       /* Otherwise, put back the character after CR, and turn the bare CR
       into LF SP. */


  -    ch = (RECEIVE_UNGETC)(ch);
  +    ch = (receive_ungetc)(ch);
       next->text[ptr++] = '\n';
       message_size++;
       ch = ' ';
  @@ -1684,14 +1645,14 @@


     if (ch != EOF)
       {
  -    int nextch = (RECEIVE_GETC)();
  +    int nextch = (receive_getc)();
       if (nextch == ' ' || nextch == '\t')
         {
         next->text[ptr++] = nextch;
         message_size++;
         continue;                      /* Iterate the loop */
         }
  -    else if (nextch != EOF) (RECEIVE_UNGETC)(nextch);   /* For next time */
  +    else if (nextch != EOF) (receive_ungetc)(nextch);   /* For next time */
       else ch = EOF;                   /* Cause main loop to exit at end */
       }


  @@ -3007,15 +2968,65 @@
     if (smtp_input && !smtp_batched_input)
       {


  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -    dk_exim_verify_finish();
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -    dkim_exim_verify_finish();
  -#endif
  +#ifndef DISABLE_DKIM
  +    if (!dkim_disable_verify)
  +      {
  +      /* Finish verification, this will log individual signature results to
  +         the mainlog */
  +      dkim_exim_verify_finish();
  +
  +      /* Check if we must run the DKIM ACL */
  +      if ((acl_smtp_dkim != NULL) &&
  +          (dkim_verify_signers != NULL) &&
  +          (dkim_verify_signers[0] != '\0'))
  +        {
  +        uschar *dkim_verify_signers_expanded =
  +          expand_string(dkim_verify_signers);
  +        if (dkim_verify_signers_expanded == NULL)
  +          {
  +          log_write(0, LOG_MAIN|LOG_PANIC,
  +            "expansion of dkim_verify_signers option failed: %s",
  +            expand_string_message);
  +          }
  +        else
  +          {
  +          int sep = 0;
  +          uschar *ptr = dkim_verify_signers_expanded;
  +          uschar *item = NULL;
  +          uschar itembuf[256];
  +          while ((item = string_nextinlist(&ptr, &sep,
  +                                           itembuf,
  +                                           sizeof(itembuf))) != NULL)
  +            {
  +            dkim_exim_acl_setup(item);
  +            rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg);
  +            if (rc != OK) break;
  +            }
  +          add_acl_headers(US"DKIM");
  +          if (rc == DISCARD)
  +            {
  +            recipients_count = 0;
  +            blackholed_by = US"DKIM ACL";
  +            if (log_msg != NULL)
  +              blackhole_log_msg = string_sprintf(": %s", log_msg);
  +            }
  +          else if (rc != OK)
  +            {
  +            Uunlink(spool_name);
  +            if (smtp_handle_acl_fail(ACL_WHERE_DKIM, rc, user_msg, log_msg) != 0)
  +              smtp_yield = FALSE;    /* No more messsages after dropped connection */
  +            smtp_reply = US"";       /* Indicate reply already sent */
  +            message_id[0] = 0;       /* Indicate no message accepted */
  +            goto TIDYUP;             /* Skip to end of function */
  +            }
  +          }
  +        }
  +      }
  +#endif /* DISABLE_DKIM */


   #ifdef WITH_CONTENT_SCAN
  -    if (acl_smtp_mime != NULL &&
  +    if (recipients_count > 0 &&
  +        acl_smtp_mime != NULL &&
           !run_mime_acl(acl_smtp_mime, &smtp_yield, &smtp_reply, &blackholed_by))
         goto TIDYUP;
   #endif /* WITH_CONTENT_SCAN */
  @@ -3554,8 +3565,8 @@


     if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
       {
  -    int c = (RECEIVE_GETC)();
  -    if (c != EOF) (RECEIVE_UNGETC)(c); else
  +    int c = (receive_getc)();
  +    if (c != EOF) (receive_ungetc)(c); else
         {
         uschar *msg = US"SMTP connection lost after final dot";
         smtp_reply = US"";    /* No attempt to send a response */


  Index: smtp_in.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
  retrieving revision 1.63
  retrieving revision 1.64
  diff -u -r1.63 -r1.64
  --- smtp_in.c    29 Sep 2008 11:41:07 -0000    1.63
  +++ smtp_in.c    10 Jun 2009 07:34:04 -0000    1.64
  @@ -264,6 +264,9 @@
       else smtp_had_eof = 1;
       return EOF;
       }
  +#ifndef DISABLE_DKIM
  +  dkim_exim_verify_feed(smtp_inbuffer, rc);
  +#endif
     smtp_inend = smtp_inbuffer + rc;
     smtp_inptr = smtp_inbuffer;
     }
  @@ -1037,11 +1040,10 @@
   bmi_run = 0;
   bmi_verdicts = NULL;
   #endif
  -#ifdef EXPERIMENTAL_DOMAINKEYS
  -dk_do_verify = 0;
  -#endif
  -#ifdef EXPERIMENTAL_DKIM
  -dkim_do_verify = 0;
  +#ifndef DISABLE_DKIM
  +dkim_signing_domains = NULL;
  +dkim_disable_verify = FALSE;
  +dkim_collect_input = FALSE;
   #endif
   #ifdef EXPERIMENTAL_SPF
   spf_header_comment = NULL;


  Index: spool_in.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/spool_in.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- spool_in.c    20 Jan 2009 16:09:20 -0000    1.23
  +++ spool_in.c    10 Jun 2009 07:34:04 -0000    1.24
  @@ -278,12 +278,10 @@
   bmi_verdicts = NULL;
   #endif


-#ifdef EXPERIMENTAL_DOMAINKEYS
-dk_do_verify = 0;
-#endif
-
-#ifdef EXPERIMENTAL_DKIM
-dkim_do_verify = 0;
+#ifndef DISABLE_DKIM
+dkim_signing_domains = NULL;
+dkim_disable_verify = FALSE;
+dkim_collect_input = FALSE;
#endif

#ifdef SUPPORT_TLS

  Index: tls-gnu.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/tls-gnu.c,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- tls-gnu.c    3 Sep 2008 18:53:29 -0000    1.20
  +++ tls-gnu.c    10 Jun 2009 07:34:04 -0000    1.21
  @@ -1172,7 +1172,9 @@
       ssl_xfer_error = 1;
       return EOF;
       }
  -
  +#ifndef DISABLE_DKIM
  +  dkim_exim_verify_feed(ssl_xfer_buffer, inbytes);
  +#endif
     ssl_xfer_buffer_hwm = inbytes;
     ssl_xfer_buffer_lwm = 0;
     }


  Index: tls-openssl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/tls-openssl.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- tls-openssl.c    3 Sep 2008 18:53:29 -0000    1.13
  +++ tls-openssl.c    10 Jun 2009 07:34:04 -0000    1.14
  @@ -887,7 +887,9 @@
       ssl_xfer_error = 1;
       return EOF;
       }
  -
  +#ifndef DISABLE_DKIM
  +  dkim_exim_verify_feed(ssl_xfer_buffer, inbytes);
  +#endif
     ssl_xfer_buffer_hwm = inbytes;
     ssl_xfer_buffer_lwm = 0;
     }


  Index: transport.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transport.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- transport.c    30 Sep 2008 10:03:55 -0000    1.23
  +++ transport.c    10 Jun 2009 07:34:04 -0000    1.24
  @@ -941,7 +941,7 @@
   }



-#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
+#ifndef DISABLE_DKIM

   /***************************************************************************************************
   *    External interface to write the message, while signing it with DKIM and/or Domainkeys         *
  @@ -965,14 +965,6 @@
                                                                                      0/false => send anyway
                  uschar *dkim_sign_headers        DKIM: List of headers that should be included in signature
                                                   generation
  -               uschar *dk_private_key           Domainkeys: The private key to use (filename or plain data)
  -               uschar *dk_domain                Domainkeys: Override domain (normally NULL)
  -               uschar *dk_selector              Domainkeys: The selector to use.
  -               uschar *dk_canon                 Domainkeys: The canonalization scheme to use, "simple" or "nofws"
  -               uschar *dk_headers               Domainkeys: Colon-separated header list to include in the signing
  -                                                process.
  -               uschar *dk_strict                Domainkeys: What to do if signing fails: 1/true  => throw error
  -                                                                                         0/false => send anyway


   Returns:       TRUE on success; FALSE (with errno) for any failure
   */
  @@ -982,9 +974,7 @@
     int size_limit, uschar *add_headers, uschar *remove_headers,
     uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules,
     int rewrite_existflags, uschar *dkim_private_key, uschar *dkim_domain,
  -  uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers,
  -  uschar *dk_private_key, uschar *dk_domain, uschar *dk_selector, uschar *dk_canon,
  -  uschar *dk_headers, uschar *dk_strict
  +  uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers
     )
   {
     int dkim_fd;
  @@ -995,12 +985,10 @@
     int sread = 0;
     int wwritten = 0;
     uschar *dkim_signature = NULL;
  -  uschar *dk_signature = NULL;
     off_t size = 0;


  -  if ( !( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) ||
  -          ((dk_private_key != NULL) && (dk_selector != NULL)) ) ) {
  -    /* If we can sign with neither method, just call the original function. */
  +  if (!( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) )) {
  +    /* If we can't sign, just call the original function. */
       return transport_write_message(addr, fd, options,
                 size_limit, add_headers, remove_headers,
                 check_string, escape_string, rewrite_rules,
  @@ -1031,8 +1019,6 @@
       goto CLEANUP;
       }


  -
  -  #ifdef EXPERIMENTAL_DKIM
     if ( (dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL) ) {
       /* Rewind file and feed it to the goats^W DKIM lib */
       lseek(dkim_fd, 0, SEEK_SET);
  @@ -1073,49 +1059,6 @@
         }
       }
     }
  -  #endif
  -
  -  #ifdef EXPERIMENTAL_DOMAINKEYS
  -  if ( (dk_private_key != NULL) && (dk_selector != NULL) ) {
  -    /* Rewind file and feed it to the goats^W DK lib */
  -    lseek(dkim_fd, 0, SEEK_SET);
  -    dk_signature = dk_exim_sign(dkim_fd,
  -                                dk_private_key,
  -                                dk_domain,
  -                                dk_selector,
  -                                dk_canon);
  -    if (dk_signature == NULL) {
  -      if (dk_strict != NULL) {
  -        uschar *dk_strict_result = expand_string(dk_strict);
  -        if (dk_strict_result != NULL) {
  -          if ( (strcmpic(dk_strict,US"1") == 0) ||
  -               (strcmpic(dk_strict,US"true") == 0) ) {
  -            save_errno = errno;
  -            rc = FALSE;
  -            goto CLEANUP;
  -          }
  -        }
  -      }
  -    }
  -    else {
  -      int siglen = Ustrlen(dk_signature);
  -      while(siglen > 0) {
  -        #ifdef SUPPORT_TLS
  -        if (tls_active == fd) wwritten = tls_write(dk_signature, siglen); else
  -        #endif
  -        wwritten = write(fd,dk_signature,siglen);
  -        if (wwritten == -1) {
  -          /* error, bail out */
  -          save_errno = errno;
  -          rc = FALSE;
  -          goto CLEANUP;
  -        }
  -        siglen -= wwritten;
  -        dk_signature += wwritten;
  -      }
  -    }
  -  }
  -  #endif


     /* Fetch file positition (the size) */
     size = lseek(dkim_fd,0,SEEK_CUR);
  @@ -1185,6 +1128,7 @@
     errno = save_errno;
     return rc;
   }
  +
   #endif




  Index: Makefile
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/lookups/Makefile,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- Makefile    14 Feb 2008 13:49:35 -0000    1.8
  +++ Makefile    10 Jun 2009 07:34:05 -0000    1.9
  @@ -5,7 +5,7 @@
   # to the lookups subdirectory. When the relevant LOOKUP_ macros are not
   # defined, dummy modules get compiled.


  -OBJ = cdb.o dbmdb.o dkim.o dnsdb.o dsearch.o ibase.o ldap.o lsearch.o mysql.o nis.o \
  +OBJ = cdb.o dbmdb.o dnsdb.o dsearch.o ibase.o ldap.o lsearch.o mysql.o nis.o \
         nisplus.o oracle.o passwd.o pgsql.o spf.o sqlite.o testdb.o whoson.o \
         lf_check_file.o lf_quote.o lf_sqlperform.o


@@ -25,7 +25,6 @@

   cdb.o:           $(HDRS) cdb.c       cdb.h
   dbmdb.o:         $(HDRS) dbmdb.c     dbmdb.h
  -dkim.o:         $(HDRS) dkim.c      dkim.h
   dnsdb.o:         $(HDRS) dnsdb.c     dnsdb.h
   dsearch.o:       $(HDRS) dsearch.c   dsearch.h
   ibase.o:         $(HDRS) ibase.c     ibase.h


  Index: dnsdb.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/lookups/dnsdb.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- dnsdb.c    8 Jan 2007 10:50:19 -0000    1.17
  +++ dnsdb.c    10 Jun 2009 07:34:05 -0000    1.18
  @@ -303,8 +303,14 @@


       if (type == T_TXT)
         {
  -      yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
  -        (rr->data)[0]);
  +      int data_offset = 0;
  +      while (data_offset < rr->size)
  +        {
  +        uschar chunk_len = (rr->data)[data_offset++];
  +        yield = string_cat(yield, &size, &ptr,
  +                           (uschar *)((rr->data)+data_offset), chunk_len);
  +        data_offset += chunk_len;
  +        }
         }
       else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
         {

















  Index: smtp.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transports/smtp.c,v
  retrieving revision 1.41
  retrieving revision 1.42
  diff -u -r1.41 -r1.42
  --- smtp.c    2 Jan 2009 17:22:12 -0000    1.41
  +++ smtp.c    10 Jun 2009 07:34:05 -0000    1.42
  @@ -39,19 +39,7 @@
         (void *)offsetof(smtp_transport_options_block, data_timeout) },
     { "delay_after_cutoff", opt_bool,
         (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
  -  #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  -  { "dk_canon", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_canon) },
  -  { "dk_domain", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_domain) },
  -  { "dk_headers", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_headers) },
  -  { "dk_private_key", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_private_key) },
  -  { "dk_selector", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_selector) },
  -  { "dk_strict", opt_stringptr,
  -      (void *)offsetof(smtp_transport_options_block, dk_strict) },
  +#ifndef DISABLE_DKIM
     { "dkim_canon", opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, dkim_canon) },
     { "dkim_domain", opt_stringptr,
  @@ -64,7 +52,7 @@
         (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
     { "dkim_strict", opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, dkim_strict) },
  -  #endif
  +#endif
     { "dns_qualify_single",   opt_bool,
         (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
     { "dns_search_parents",   opt_bool,
  @@ -75,14 +63,14 @@
         (void *)offsetof(smtp_transport_options_block, final_timeout) },
     { "gethostbyname",        opt_bool,
         (void *)offsetof(smtp_transport_options_block, gethostbyname) },
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
     { "gnutls_require_kx",    opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
     { "gnutls_require_mac",   opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
     { "gnutls_require_protocols", opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
  -  #endif
  +#endif
     { "helo_data",            opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, helo_data) },
     { "hosts",                opt_stringptr,
  @@ -91,28 +79,28 @@
         (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
     { "hosts_avoid_pipelining", opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
     { "hosts_avoid_tls",      opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
  -  #endif
  +#endif
     { "hosts_max_try",        opt_int,
         (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
     { "hosts_max_try_hardlimit", opt_int,
         (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
     { "hosts_nopass_tls",     opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
  -  #endif
  +#endif
     { "hosts_override",       opt_bool,
         (void *)offsetof(smtp_transport_options_block, hosts_override) },
     { "hosts_randomize",      opt_bool,
         (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
     { "hosts_require_auth",   opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
     { "hosts_require_tls",    opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
  -  #endif
  +#endif
     { "hosts_try_auth",       opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
     { "interface",            opt_stringptr,
  @@ -135,7 +123,7 @@
         (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
     { "size_addition",        opt_int,
         (void *)offsetof(smtp_transport_options_block, size_addition) }
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
    ,{ "tls_certificate",      opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, tls_certificate) },
     { "tls_crl",              opt_stringptr,
  @@ -148,7 +136,7 @@
         (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
     { "tls_verify_certificates", opt_stringptr,
         (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
  -  #endif
  +#endif
   };


   /* Size of the options list. An extern variable has to be used so that its
  @@ -196,7 +184,7 @@
     TRUE,                /* keepalive */
     FALSE,               /* lmtp_ignore_quota */
     TRUE                 /* retry_include_ip_address */
  -  #ifdef SUPPORT_TLS
  +#ifdef SUPPORT_TLS
    ,NULL,                /* tls_certificate */
     NULL,                /* tls_crl */
     NULL,                /* tls_privatekey */
  @@ -206,21 +194,15 @@
     NULL,                /* gnutls_require_proto */
     NULL,                /* tls_verify_certificates */
     TRUE                 /* tls_tempfail_tryclear */
  -  #endif
  -  #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  - ,NULL,                /* dk_canon */
  -  NULL,                /* dk_domain */
  -  NULL,                /* dk_headers */
  -  NULL,                /* dk_private_key */
  -  NULL,                /* dk_selector */
  -  NULL                 /* dk_strict */
  +#endif
  +#ifndef DISABLE_DKIM
    ,NULL,                /* dkim_canon */
     NULL,                /* dkim_domain */
     NULL,                /* dkim_private_key */
     NULL,                /* dkim_selector */
     NULL,                /* dkim_sign_headers */
     NULL                 /* dkim_strict */
  -  #endif
  +#endif
   };



  @@ -1592,7 +1574,7 @@
     DEBUG(D_transport|D_v)
       debug_printf("  SMTP>> writing message and terminating \".\"\n");
     transport_count = 0;
  -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  +#ifndef DISABLE_DKIM
     ok = dkim_transport_write_message(addrlist, inblock.sock,
       topt_use_crlf | topt_end_dot | topt_escape_headers |
         (tblock->body_only? topt_no_headers : 0) |
  @@ -1605,9 +1587,7 @@
       US".", US"..",    /* Escaping strings */
       tblock->rewrite_rules, tblock->rewrite_existflags,
       ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
  -    ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers,
  -    ob->dk_private_key, ob->dk_domain, ob->dk_selector,
  -    ob->dk_canon, ob->dk_headers, ob->dk_strict
  +    ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
       );
   #else
     ok = transport_write_message(addrlist, inblock.sock,


  Index: smtp.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transports/smtp.h,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- smtp.h    5 Mar 2008 21:13:23 -0000    1.14
  +++ smtp.h    10 Jun 2009 07:34:05 -0000    1.15
  @@ -57,13 +57,7 @@
     uschar *tls_verify_certificates;
     BOOL    tls_tempfail_tryclear;
     #endif
  -  #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
  -  uschar *dk_domain;
  -  uschar *dk_private_key;
  -  uschar *dk_selector;
  -  uschar *dk_canon;
  -  uschar *dk_headers;
  -  uschar *dk_strict;
  +  #ifndef DISABLE_DKIM
     uschar *dkim_domain;
     uschar *dkim_private_key;
     uschar *dkim_selector;