Gitweb:
https://git.exim.org/exim.git/commitdiff/a5e7a642059ee28d6d19c7a8f75d820b65c858b9
Commit: a5e7a642059ee28d6d19c7a8f75d820b65c858b9
Parent: 5b9dc1a78bdb837634dd51244a3c68e0b0af3397
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Jul 9 14:51:01 2024 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue Jul 9 14:51:01 2024 +0100
DKIM: with dkim_verify_minimal, avoid calling ACL after first pass
---
src/src/dkim.c | 11 +++++++----
src/src/pdkim/pdkim.c | 25 ++++++++++++++++---------
src/src/receive.c | 18 +++++++++++-------
src/src/smtp_in.c | 1 -
test/confs/4510 | 10 +++++++++-
test/log/4510 | 18 +++++++++---------
test/log/4513 | 2 +-
test/log/4514 | 4 ++--
test/log/4541 | 10 ++++------
test/log/4545 | 6 +++---
test/scripts/4540-DKIM-Ed25519/4541 | 2 +-
11 files changed, 63 insertions(+), 44 deletions(-)
diff --git a/src/src/dkim.c b/src/src/dkim.c
index e0b76c3b1..68f074889 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -342,8 +342,8 @@ for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next)
if (sig->domain) g = string_append_listele(g, ':', sig->domain);
if (sig->identity) g = string_append_listele(g, ':', sig->identity);
}
-
-if (g) dkim_signers = g->s;
+gstring_release_unused(g);
+dkim_signers = string_from_gstring(g);
out:
store_pool = dkim_verify_oldpool;
@@ -358,7 +358,8 @@ dkim_acl_call(uschar * id, gstring ** res_ptr,
{
int rc;
DEBUG(D_receive)
- debug_printf("calling acl_smtp_dkim for dkim_cur_signer='%s'\n", id);
+ debug_printf("calling acl_smtp_dkim for identity '%s' domain '%s' sel '%s'\n",
+ id, dkim_signing_domain, dkim_signing_selector);
rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, user_msgptr, log_msgptr);
dkim_exim_verify_log_sig(dkim_cur_sig);
@@ -369,6 +370,7 @@ return rc;
/* For the given identity, run the DKIM ACL once for each matching signature.
+If none match, run it once.
Arguments
id Identity to look for in dkim signatures
@@ -425,7 +427,8 @@ for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next)
dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS);
dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON);
- if ((rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK)
+ if ( (rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK
+ || dkim_verify_minimal && Ustrcmp(dkim_verify_status, "pass") == 0)
return rc;
}
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index 4fb22a113..b2caa81ab 100644
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -468,15 +468,12 @@ return b64encode(CUS b->data, b->len);
static pdkim_signature *
pdkim_parse_sig_header(pdkim_ctx * ctx, uschar * raw_hdr)
{
-pdkim_signature * sig;
-uschar *q;
-gstring * cur_tag = NULL;
-gstring * cur_val = NULL;
-BOOL past_hname = FALSE;
-BOOL in_b_val = FALSE;
+pdkim_signature * sig = store_get(sizeof(pdkim_signature), GET_UNTAINTED);
+uschar * q;
+gstring * cur_tag = NULL, * cur_val = NULL;
+BOOL past_hname = FALSE, in_b_val = FALSE;
int where = PDKIM_HDR_LIMBO;
-sig = store_get(sizeof(pdkim_signature), GET_UNTAINTED);
memset(sig, 0, sizeof(pdkim_signature));
sig->bodylength = -1;
@@ -1899,11 +1896,17 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next)
{
sig->verify_status = PDKIM_VERIFY_PASS;
verify_pass = TRUE;
- if (dkim_verify_minimal) break;
+ /*XXX We used to "break" here if dkim_verify_minimal, but that didn't
+ stop the ACL being called. So move that test. Unfortunately, we
+ need to eval all the sigs here only to possibly ignore some later,
+ because we don't know what verify options might say.
+ Could we change to a later eval of the sig?
+ Both bits are called from receive_msg().
+ Moving the test is also suboptimal for the case of no ACL (or no
+ signers to check!) so keep it for that case, but after debug output */
}
NEXT_VERIFY:
-
DEBUG(D_acl)
{
debug_printf("DKIM [%s] %s signature status: %s",
@@ -1915,6 +1918,10 @@ NEXT_VERIFY:
else
debug_printf("\n");
}
+
+ if ( verify_pass && dkim_verify_minimal
+ && !(acl_smtp_dkim && dkim_verify_signers && *dkim_verify_signers))
+ break;
}
}
diff --git a/src/src/receive.c b/src/src/receive.c
index 9fae6ad60..cc64f44f4 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3518,7 +3518,7 @@ else
#ifndef DISABLE_DKIM
if (!f.dkim_disable_verify)
{
- /* Finish verification */
+ /* Finish off the body hashes, calculate sigs and do compares */
dkim_exim_verify_finish();
/* Check if we must run the DKIM ACL */
@@ -3527,12 +3527,10 @@ else
{
uschar * dkim_verify_signers_expanded =
expand_string(dkim_verify_signers);
- gstring * results = NULL;
- int signer_sep = 0;
+ gstring * results = NULL, * seen_items = NULL;
+ int signer_sep = 0, old_pool = store_pool;
const uschar * ptr;
uschar * item;
- gstring * seen_items = NULL;
- int old_pool = store_pool;
store_pool = POOL_PERM; /* Allow created variables to live to data ACL */
@@ -3541,7 +3539,10 @@ else
"expansion of dkim_verify_signers option failed: %s",
expand_string_message);
- /* Default to OK when no items are present */
+ /* Loop over signers we want to verify, calling ACL. Default to OK
+ when no signers are present. Each call from here expands to a n ACL
+ call per matching sig in the message. */
+
rc = OK;
while ((item = string_nextinlist(&ptr, &signer_sep, NULL, 0)))
{
@@ -3586,6 +3587,9 @@ else
cancel_cutthrough_connection(TRUE, US"dkim acl not ok");
break;
}
+ else
+ if (dkim_verify_minimal && Ustrcmp(dkim_verify_status, "pass") == 0)
+ break;
}
dkim_verify_status = string_from_gstring(results);
store_pool = old_pool;
@@ -3606,7 +3610,7 @@ else
goto NOT_ACCEPTED; /* Skip to end of function */
}
}
- else
+ else /* No acl or no wanted signers */
dkim_exim_verify_log_all();
}
#endif /* DISABLE_DKIM */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index c52d3f4d6..f8656a6e8 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1688,7 +1688,6 @@ spf_result_guessed = FALSE;
#ifndef DISABLE_DKIM
dkim_cur_signer = dkim_signers =
dkim_signing_domain = dkim_signing_selector = dkim_signatures = NULL;
-dkim_cur_signer = dkim_signers = dkim_signing_domain = dkim_signing_selector = NULL;
f.dkim_disable_verify = FALSE;
dkim_collect_input = 0;
dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL;
diff --git a/test/confs/4510 b/test/confs/4510
index f36b4df3d..6dab3663b 100644
--- a/test/confs/4510
+++ b/test/confs/4510
@@ -11,7 +11,7 @@ primary_hostname = myhost.test.ex
# ----- Main settings -----
acl_smtp_rcpt = accept logwrite = rcpt_acl: macro: _DKIM_SIGN_HEADERS
-acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+acl_smtp_dkim = check_dkim_sig
acl_smtp_data = accept logwrite = data_acl: dkim status $dkim_verify_status
dkim_verify_signers = $dkim_signers
@@ -24,6 +24,14 @@ DDIR=DIR/aux-fixed/dkim
log_selector = -dkim +dkim_verbose +received_recipients
+# ----- ACL
+begin acl
+
+check_dkim_sig:
+ warn logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length \
+ h=$dkim_headernames status: $dkim_verify_status
+ accept
+
# ----- Routers
begin routers
diff --git a/test/log/4510 b/test/log/4510
index 0c5ef4d5e..052ce8cdc 100644
--- a/test/log/4510
+++ b/test/log/4510
@@ -40,49 +40,49 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From status: pass
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-000000005vi-0000@??? for a@???
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => a <a@???> R=server_store T=file
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From status: pass
1999-03-02 09:44:33 10HmbB-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 t=T x=T+10 [verification succeeded]
1999-03-02 09:44:33 10HmbB-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-000000005vi-0000@??? for b@???
1999-03-02 09:44:33 10HmbB-000000005vi-0000 => b <b@???> R=server_store T=file
1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From
+1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From status: pass
1999-03-02 09:44:33 10HmbD-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 t=T [verification succeeded]
1999-03-02 09:44:33 10HmbD-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-000000005vi-0000@??? for b02@???
1999-03-02 09:44:33 10HmbD-000000005vi-0000 => b02 <b02@???> R=server_store T=file
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From status: pass
1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbF-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbE-000000005vi-0000@??? for b10@???
1999-03-02 09:44:33 10HmbF-000000005vi-0000 => b10 <b10@???> R=server_store T=file
1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbH-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-mine:X-mine:From
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-mine:X-mine:From status: pass
1999-03-02 09:44:33 10HmbH-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbH-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbG-000000005vi-0000@??? for b12@???
1999-03-02 09:44:33 10HmbH-000000005vi-0000 => b12 <b12@???> R=server_store T=file
1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbJ-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-Mine
+1999-03-02 09:44:33 10HmbJ-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-Mine status: pass
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbI-000000005vi-0000@??? for b20@???
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => b20 <b20@???> R=server_store T=file
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbL-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-mine:X-mine:X-Mine
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=X-mine:X-mine:X-Mine status: pass
1999-03-02 09:44:33 10HmbL-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbL-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbK-000000005vi-0000@??? for b22@???
@@ -90,7 +90,7 @@
1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
1999-03-02 09:44:33 10HmbN-000000005vi-0000 DKIM: d=test.ex s=sel_bad [failed key import]
-1999-03-02 09:44:33 10HmbN-000000005vi-0000 dkim_acl: signer: test.ex bits: 0 h=From
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 dkim_acl: signer: test.ex bits: 0 h=From status: invalid
1999-03-02 09:44:33 10HmbN-000000005vi-0000 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record]
1999-03-02 09:44:33 10HmbN-000000005vi-0000 data_acl: dkim status invalid
1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbM-000000005vi-0000@??? for d@???
@@ -104,7 +104,7 @@
1999-03-02 09:44:33 10HmbP-000000005vi-0000 => e <e@???> R=server_store T=file
1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From status: pass
1999-03-02 09:44:33 10HmbR-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbR-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbQ-000000005vi-0000@??? for f@???
diff --git a/test/log/4513 b/test/log/4513
index c72693ca1..8905a27f3 100644
--- a/test/log/4513
+++ b/test/log/4513
@@ -5,7 +5,7 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:From status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmaY-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-000000005vi-0000@??? for a@???
diff --git a/test/log/4514 b/test/log/4514
index 619023da0..eabf55bfe 100644
--- a/test/log/4514
+++ b/test/log/4514
@@ -5,9 +5,9 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded]
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:To:Subject
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From:To:Subject status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmaY-000000005vi-0000 data_acl: dkim status pass:pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-000000005vi-0000@??? for c@???
diff --git a/test/log/4541 b/test/log/4541
index f2d4c325b..7f1a65c01 100644
--- a/test/log/4541
+++ b/test/log/4541
@@ -8,9 +8,9 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmaY-000000005vi-0000 data_acl: dkim status pass:pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-000000005vi-0000@??? for a@???
@@ -18,11 +18,9 @@
1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From
+1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From status: pass
1999-03-02 09:44:33 10HmbA-000000005vi-0000 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 0 h=From
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [not verified]
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 data_acl: dkim status pass:none
+1999-03-02 09:44:33 10HmbA-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmbA-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-000000005vi-0000@??? for b@???
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => b <b@???> R=server_store T=file
1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
diff --git a/test/log/4545 b/test/log/4545
index c983a7a96..20ae7cb9a 100644
--- a/test/log/4545
+++ b/test/log/4545
@@ -8,16 +8,16 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From:To:Subject
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From:To:Subject status: pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
1999-03-02 09:44:33 10HmaY-000000005vi-0000 data_acl: dkim status pass
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-000000005vi-0000@??? for a@???
1999-03-02 09:44:33 10HmaY-000000005vi-0000 => a <a@???> R=server_store T=file
1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From
+1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 253 h=From status: pass
1999-03-02 09:44:33 10HmbA-000000005vi-0000 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbA-000000005vi-0000 dkim_acl: signer: test.ex bits: 1024 h=From status: pass
1999-03-02 09:44:33 10HmbA-000000005vi-0000 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
1999-03-02 09:44:33 10HmbA-000000005vi-0000 data_acl: dkim status pass:pass
1999-03-02 09:44:33 10HmbA-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-000000005vi-0000@??? for b@???
diff --git a/test/scripts/4540-DKIM-Ed25519/4541 b/test/scripts/4540-DKIM-Ed25519/4541
index cec41df0f..a8ca3f315 100644
--- a/test/scripts/4540-DKIM-Ed25519/4541
+++ b/test/scripts/4540-DKIM-Ed25519/4541
@@ -15,7 +15,7 @@ millisleep 500
killdaemon
#
#
-# Verify only EC sig
+# Verify only EC sig, due to "minimal"
exim -bd -DSERVER=server -DFILTER=y -oX PORT_D
****
#
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
