Gitweb:
https://git.exim.org/exim.git/commitdiff/d34c22b8288153f147af068d4c14ed8fcc8b9692
Commit: d34c22b8288153f147af068d4c14ed8fcc8b9692
Parent: 92beef8b1e1c73348d48edbb5cff37b47c4e2f81
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Apr 11 19:12:57 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Apr 12 18:19:35 2020 +0100
DKIM: Predefined macro for standard headers, oversigned
---
doc/doc-docbook/spec.xfpt | 13 ++++++++-----
src/src/dkim.c | 1 +
src/src/pdkim/pdkim.h | 9 +++++++++
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8e7cb4d..87e5e08 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -40426,7 +40426,7 @@ only supports signing with the same canonicalization method for both headers and
.option dkim_strict smtp string&!! unset
This option defines how Exim behaves when signing a message that
should be signed fails for some reason. When the expansion evaluates to
-either "1" or "true", Exim will defer. Otherwise Exim will send the message
+either &"1"& or &"true"&, Exim will defer. Otherwise Exim will send the message
unsigned. You can use the &%$dkim_domain%& and &%$dkim_selector%& expansion
variables here.
@@ -40438,16 +40438,19 @@ in the message signature.
When unspecified, the header names listed in RFC4871 will be used,
whether or not each header is present in the message.
The default list is available for the expansion in the macro
-"_DKIM_SIGN_HEADERS".
+&"_DKIM_SIGN_HEADERS"&
+.new
+and an oversigning variant is in &"_DKIM_OVERSIGN_HEADERS"&.
+.wen
If a name is repeated, multiple headers by that name (or the absence thereof)
will be signed. The textually later headers in the headers part of the
message are signed first, if there are multiples.
-A name can be prefixed with either an '=' or a '+' character.
-If an '=' prefix is used, all headers that are present with this name
+A name can be prefixed with either an &"="& or a &"+"& character.
+If an &"="& prefix is used, all headers that are present with this name
will be signed.
-If a '+' prefix if used, all headers that are present with this name
+If a &"+"& prefix if used, all headers that are present with this name
will be signed, and one signature added for a missing header with the
name will be appended.
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 5c9d227..0313727 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -21,6 +21,7 @@ void
params_dkim(void)
{
builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS);
+builtin_macro_create_var(US"_DKIM_OVERSIGN_HEADERS", US PDKIM_OVERSIGN_HEADERS);
}
# else /*!MACRO_PREDEF*/
diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 0c9d46d..5ae0f7f 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -35,6 +35,15 @@
"List-Id:List-Help:List-Unsubscribe:"\
"List-Subscribe:List-Post:List-Owner:List-Archive"
+#define PDKIM_OVERSIGN_HEADERS "+From:+Sender:+Reply-To:+Subject:+Date:"\
+ "+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:"\
+ "+Content-Transfer-Encoding:+Content-ID:"\
+ "+Content-Description:+Resent-Date:+Resent-From:"\
+ "+Resent-Sender:+Resent-To:+Resent-Cc:"\
+ "+Resent-Message-ID:+In-Reply-To:+References:"\
+ "+List-Id:+List-Help:+List-Unsubscribe:"\
+ "+List-Subscribe:+List-Post:+List-Owner:+List-Archive"
+
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
callback function. This should match the maximum RDLENGTH from DNS. */
