[exim-cvs] Document (and enforce) that DKIM-signing is not s…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Document (and enforce) that DKIM-signing is not supported in cobination with cutthrough routing
Gitweb: http://git.exim.org/exim.git/commitdiff/6e62c454f618d77c69bea88c01e71765a1320dce
Commit:     6e62c454f618d77c69bea88c01e71765a1320dce
Parent:     578d43dc0a9276f18323ddc00ebc16679279f3c8
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jan 5 21:22:06 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jan 5 21:22:06 2014 +0000


    Document (and enforce) that DKIM-signing is not supported in cobination with cutthrough routing
---
 doc/doc-docbook/spec.xfpt |   12 ++++++++++--
 src/src/verify.c          |   14 +++++++++++---
 2 files changed, 21 insertions(+), 5 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 88308ba..1ba0a10 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27295,6 +27295,9 @@ after the ACL completes.

Note that routers are used in verify mode. Note also that headers cannot be
modified by any of the post-data ACLs (DATA, MIME and DKIM).
+Cutthrough delivery is not supported via transport-filters or when DKIM signing
+of outgoing messages is done, because it sends data to the ultimate destination
+before the entire message has been received from the source.

Should the ultimate destination system positively accept or reject the mail,
a corresponding indication is given to the source system and nothing is queued.
@@ -27305,7 +27308,6 @@ line.

Delivery in this mode avoids the generation of a bounce mail to a (possibly faked)
sender when the destination system is doing content-scan based rejection.
-Cutthrough delivery is not supported via transport-filters.


.vitem &*control&~=&~debug/*&<&'options'&>
@@ -36347,7 +36349,9 @@ disabled by setting DISABLE_DKIM=yes in Local/Makefile.
Exim's DKIM implementation allows to
.olist
Sign outgoing messages: This function is implemented in the SMTP transport.
-It can co-exist with all other Exim features, including transport filters.
+It can co-exist with all other Exim features
+(including transport filters)
+except cutthrough delivery.
.next
Verify signatures in incoming messages: This is implemented by an additional
ACL (acl_smtp_dkim), which can be called several times per message, with
@@ -36438,6 +36442,10 @@ used.
Verification of DKIM signatures in incoming email is implemented via the
&%acl_smtp_dkim%& ACL. By default, this ACL is called once for each
syntactically(!) correct signature in the incoming message.
+A missing ACL definition defaults to accept.
+If any ACL call does not acccept, the message is not accepted.
+If a cutthrough delivery was in progress for the message it is
+summarily dropped (having wasted the transmission effort).

To evaluate the signature in the ACL a large number of expansion variables
containing the signature status and its details are set up during the
diff --git a/src/src/verify.c b/src/src/verify.c
index 911d672..c103f59 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -698,10 +698,18 @@ else

     /* For now, transport_filter by cutthrough-delivery is not supported */
     /* Need proper integration with the proper transport mechanism. */
-    if (cutthrough_delivery && addr->transport->filter_command)
+    if (cutthrough_delivery)
       {
-      cutthrough_delivery= FALSE;
-      HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
+      if (addr->transport->filter_command)
+        {
+        cutthrough_delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
+        }
+      if (ob->dkim_domain)
+        {
+        cutthrough_delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
+        }
       }


     SEND_FAILED: