New feature:
============

Experimental verification of author domain signatures on messages
slightly altered by a mailing list manager.  The procedure is outlined
here:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/

Build change:
=============

Since v3.0 zdkimfilter ships with a fork of libopendkim.  This was
from opendkim-2.11.3.

Bug fix and other changes:
==========================

Put quotes in Authentication-Results: when needed.
Also in A-R:, report header.d if header.i begins with @.
Improved output of zdkimverify.
Log abnormal exit of child processes.

Database changes:
=================

Added a column in table msg:
ALTER TABLE msg_ref ADD COLUMN dkim_trans TINYINT UNSIGNED NOT NULL DEFAULT 0 AFTER dkim;

Modify zaggregate query as:
--- odbx_example-1.8.conf	2020-01-07 10:11:24.117268089 +0100
+++ odbx_example.conf	2020-10-19 10:25:16.203984411 +0200
@@ -35,6 +35,7 @@
  domain = $(domain_ref), \
  auth = ('$(auth_type)'), \
  dkim = '$(dkim_result)', \
+ dkim_trans = $(dkim_trans), \
  dkim_order = $(dkim_order), \
  dkim_selector = '$(dkim_selector)', \
  spf = '$(spf_result)', \
@@ -100,10 +101,10 @@
 m.dmarc_reason AS reason, da.domain AS author,\
 dspf.domain AS spf, rspf.spf AS spf_re,\
 dhelo.domain AS helo, rhelo.spf AS helo_re,\
-d1.domain AS dkim1, r1.dkim_selector AS dkim1_se, r1.dkim AS dkim1_re,\
-d2.domain AS dkim2, r2.dkim_selector AS dkim2_se, r2.dkim AS dkim2_re,\
-d3.domain AS dkim3, r3.dkim_selector AS dkim3_se, r3.dkim AS dkim3_re,\
-d4.domain AS dkim4, r4.dkim_selector AS dkim4_se, r4.dkim AS dkim4_re\
+d1.domain AS dkim1, r1.dkim_selector AS dkim1_se, r1.dkim AS dkim1_re, r1.dkim_trans AS dkim1_t,\
+d2.domain AS dkim2, r2.dkim_selector AS dkim2_se, r2.dkim AS dkim2_re, r2.dkim_trans AS dkim2_t,\
+d3.domain AS dkim3, r3.dkim_selector AS dkim3_se, r3.dkim AS dkim3_re, r3.dkim_trans AS dkim3_t,\
+d4.domain AS dkim4, r4.dkim_selector AS dkim4_se, r4.dkim AS dkim4_re, r4.dkim_trans AS dkim4_t\
 FROM message_in AS m\
 LEFT JOIN (msg_ref AS rd INNER JOIN domain AS dd ON rd.domain = dd.id)\
   ON m.id = rd.message_in AND FIND_IN_SET('dmarc', rd.auth)\







Reporting and logging changes:
==============================

Authentication-Results which used to report "header.i=@<domain>" now
report "header.d=<domain".  Header.i is still used if it has a local
part.  In addition, quotes are used where needed.

If report_all_sigs is not set, only the first domain is reported in the
Authentication-Results header field.  Previously, whitelisted and vouched
domains were also reported.  Now, need to set report_all_sigs to report
them as well.  That option might report other domains as well.

The line "running for %s on %d ctl + %d mail files" is only logged if
verbose >= 8.  Previously was >= 2.