New feature: ============ Experimental verification of author domain signatures on messages slightly altered by a mailing list manager. The procedure is outlined here: https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/ Build change: ============= Since v3.0 zdkimfilter ships with a fork of libopendkim. This was from opendkim-2.11.3. Bug fix and other changes: ========================== Put quotes in Authentication-Results: when needed. Also in A-R:, report header.d if header.i begins with @. Improved output of zdkimverify. Log abnormal exit of child processes. Database changes: ================= Added a column in table msg: ALTER TABLE msg_ref ADD COLUMN dkim_trans TINYINT UNSIGNED NOT NULL DEFAULT 0 AFTER dkim; Modify zaggregate query as: --- odbx_example-1.8.conf 2020-01-07 10:11:24.117268089 +0100 +++ odbx_example.conf 2020-10-19 10:25:16.203984411 +0200 @@ -35,6 +35,7 @@ domain = $(domain_ref), \ auth = ('$(auth_type)'), \ dkim = '$(dkim_result)', \ + dkim_trans = $(dkim_trans), \ dkim_order = $(dkim_order), \ dkim_selector = '$(dkim_selector)', \ spf = '$(spf_result)', \ @@ -100,10 +101,10 @@ m.dmarc_reason AS reason, da.domain AS author,\ dspf.domain AS spf, rspf.spf AS spf_re,\ dhelo.domain AS helo, rhelo.spf AS helo_re,\ -d1.domain AS dkim1, r1.dkim_selector AS dkim1_se, r1.dkim AS dkim1_re,\ -d2.domain AS dkim2, r2.dkim_selector AS dkim2_se, r2.dkim AS dkim2_re,\ -d3.domain AS dkim3, r3.dkim_selector AS dkim3_se, r3.dkim AS dkim3_re,\ -d4.domain AS dkim4, r4.dkim_selector AS dkim4_se, r4.dkim AS dkim4_re\ +d1.domain AS dkim1, r1.dkim_selector AS dkim1_se, r1.dkim AS dkim1_re, r1.dkim_trans AS dkim1_t,\ +d2.domain AS dkim2, r2.dkim_selector AS dkim2_se, r2.dkim AS dkim2_re, r2.dkim_trans AS dkim2_t,\ +d3.domain AS dkim3, r3.dkim_selector AS dkim3_se, r3.dkim AS dkim3_re, r3.dkim_trans AS dkim3_t,\ +d4.domain AS dkim4, r4.dkim_selector AS dkim4_se, r4.dkim AS dkim4_re, r4.dkim_trans AS dkim4_t\ FROM message_in AS m\ LEFT JOIN (msg_ref AS rd INNER JOIN domain AS dd ON rd.domain = dd.id)\ ON m.id = rd.message_in AND FIND_IN_SET('dmarc', rd.auth)\ Reporting and logging changes: ============================== Authentication-Results which used to report "header.i=@" now report "header.d== 8. Previously was >= 2.