OpenDKIM 是一个开源的DKIM发送者认证系统的C语言实现。DKIM(DomainKeys Identified Mail)是一种电子邮件的验证技术,使用密码学的基础提供了签名与验证的功能。一般来说,发送方会在电子邮件的标头插入DKIM-Signature及电子签名资讯。而接收方则透过DNS查询得到公开金钥后进行验证。
DKIM是由DomainKeys所改进的协定,大多数的运作方式与DomainKeys相同。在2007年2月时,DKIM被列入互联网工程工作小组(IETF)的标准提案(Proposed Standard),并于同年5月成为正式标准(Standards Track)。
opendkim v2.3.0更新日志:
Feature request #SF2964396: Allow SignHeaders, OmitHeaders and
SenderHeaders to be specified as deltas to the default lists.
Feature request #SF3053094: Correct documentation and improve function
of the AuthservID configuration setting. Requested by
Andreas Schulze.
Feature request #SF3060152: Add odkim.replace_header() function.
Feature request #SF3060161: Add odkim.del_header() function.
Feature request #SF3061189: Add new "quarantine" option to all the
various "On-" settings.
Feature request #SF3066104: Add "AnonymousDomains" configuration
option.
Feature request #SF3074290: Add _FFR_ATPS, experimental support for
draft-kucherawy-dkim-atps.
Feature request #SF3076684: Add "VBR-TrustedCertifiersOnly" flag.
Feature request #SF3080604: Add odkim.parse_field() function.
Requested by Todd Lyons.
Feature request #SF3081697: Add "OversignHeaders" configuration
option.
Feature request #SF3085536: Activate _FFR_STATS_I, providing
statistics reporting about use of "i=" in signatures.
Feature request #SF3096630: Add odkim.rbl_check() function.
Feature request #SF3097083: Make SigningTable accessible from Lua.
Feature request #SF3103095: Allow "%" in a KeyTable entry's filename
component as well as the domain name.
Feature request #SF3105480: Improved VBR correctness; don't conduct
VBR checks at all if there are disagreeing "mc" values in
multiple VBR-Info header fields.
Feature request #SF3106132: Allow "%" in a SigningTable's value.
Feature request #SF3109963: Add "MaximumSignaturesToVerify" setting.
Suggested by John Wood.
Feature request #SF3110593: Add compile-time support for GnuTLS as
an alternative to OpenSSL. Suggested by Alessandro Vesely.
Feature request #SF3136772: Sign the VBR-Info header field, if added.
Requested by Frederik Pettai.
Fix bug #SF3134119: With AutoRestart enabled, arrange to relay
SIGUSR1 from the parent to the child rather than terminating.
Reported by Yoshiaki Yanagihara.
Fix bug #SF3141313: Trim whitespace from values in in-core data
sets. Reported by Todd Lyons.
Fix bug #SF3156124: More robust handling of database disconnects.
Also add _FFR_POSTGRESQL_RECONNECT_HACK, which will hopefully
be temporary. Reported by Miha Vrhovnik.
Fix bug #SF3181180: Correct handling of quoted strings containing
parentheses (and the opposite) when parsing
Authentication-Results header fields. Reported by
Mark Martinec.
Fix back-compatibility with very old implementations of milter in MTAs.
Fix case-insensitive matching for domain names when doing signing
selection. Problem noted by John Espiro.
New configuration file options:
- "CaptureUnknownErrors", replacing the FFR of the same name
- "DNSConnect", requesting the resolver use TCP mode
- "KeepAuthResults", suppressing required removal of
Authentication-Results header fields
- "ResolverTracing", adding detailed logging of libar activity
- "StrictHeaders", requesing libopendkim to assert header
field counts according to the standards
- "UnboundConfigFile", passing a configuration file name to
libunbound (suggested by Andreas Schulze)
- "VBR-PurgeFields", removing "X-VBR-*" fields after using them
Trim whitespace from the end of all values in a config file, not just
strings. Problem noted by Reuben Farrelly.
Assume a default location for opendkim.conf. Suggested by Andreas
Schulze.
Don't needlessly demand milter features, causing aborts when they're
not available. Problem noted by Todd Lyons.
Make odkim.get_clienthost(), odkim.get_clientip() and
odkim.get_fromdomain() available in the final script.
When "SyslogSuccess" is active, log the selector and domain used.
Suggested by Miha Vrhovnik.
LIBAR: Feature request #SF3115073: Add flag for fine-grained activity
logging for debugging purposes.
LIBAR: Add support for using poll() instead of socket().
LIBOPENDKIM: Feature request #SF3087029: Add DKIM_LIBFLAGS_STRICTHDRS.
LIBOPENDKIM: Feature request #SF3089990: Add dkim_sig_getsignedhdrs().
LIBOPENDKIM: Fix bug #SF3079094: Have dkim_diffheaders() take
canonicalization into account when generating its results
to avoid false positives.
LIBOPENDKIM: Fix bug #SF3184670: Add error codes for missing and empty
"v=" tags, thus avoiding a possible assertion failure when
DKIM_LIBFLAGS_BADSIGHANDLES is in use. Reported by J. Coloos.
LIBOPENDKIM: Fix up handling of multi-TXT DNS replies inside
dkim_get_policy_dns().
LIBOPENDKIM: Add dkim_getid().
LIBOPENDKIM: Treat no answers as an NXDOMAIN with respect to
retrieving ADSP records.
LIBOPENDKIM: When an unexpected DNS type or class is received,
log the received values.
LIBVBR: Feature request #SF3105477: Copy the generic DNS work from
libopendkim.
STATS: Feature request #SF3085536: Activate _FFR_STATS_I, providing
statistics reporting about use of "i=" in signatures.
STATS: Feature request #SF3125701: Add "s=" key value tracking.
STATS: Feature request #SF3137445: Track key sizes. Suggested by
Todd Lyons.
MILTERTEST: When asserting negotiation state, don't forget to capture
what was negotiated.
TOOLS: Feature request #SF3106876: Amend opendkim-testkey to return
the DNSSEC results as well.
TOOLS: Fix bug #SF3143922: Command line parameters to opendkim-testkey
now override their configuration file counterparts.
TOOLS: Experimental new "opendkim-spam" tool to let users update a
stats database to indicate a message is spam, for possible
later correlation use.
BUILD: opendkim-genzone needs LIBCRYPTO_LDFLAGS. Reported by
John Smith.
Activate _FFR_CAPTURE_UNKNOWN_ERRORS.