You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2007/11/16 01:31:29 UTC

svn commit: r595503 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Author: mmartinec
Date: Thu Nov 15 16:31:28 2007
New Revision: 595503

URL: http://svn.apache.org/viewvc?rev=595503&view=rev
Log:
Plugin::DKIM: fix anchoring in regexp; rename "verified" to "valid" in variables and in comments to match SSP and RFC 4871 terminology

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=595503&r1=595502&r2=595503&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Nov 15 16:31:28 2007
@@ -40,8 +40,8 @@
 The following tags are added to the set, available for use in reports,
 headers, other plugins, etc.:
 
-  _DKIMIDENTITY_  verified signing identities (the 'i' tag) from signatures;
-  _DKIMDOMAIN_    verified signing domains (the 'd' tag) from signatures;
+  _DKIMIDENTITY_  signing identities (the 'i' tag) from valid signatures;
+  _DKIMDOMAIN_    signing domains (the 'd' tag) from valid signatures;
 
 Identities and domains from signatures which failed verification are not
 included in these tags. Duplicates are eliminated (e.g. when there are two or
@@ -218,10 +218,11 @@
   return $scan->{dkim_signed};
 }
 
+# mosnomer, should be check_dkim_valid, keep for compatibility
 sub check_dkim_verified {
   my ($self, $scan) = @_;
   $self->_check_dkim_signature($scan) unless $scan->{dkim_checked_signature};
-  return $scan->{dkim_verified};
+  return $scan->{dkim_valid};
 }
 
 sub check_dkim_signsome {
@@ -271,7 +272,7 @@
 
   $scan->{dkim_checked_signature} = 1;
   $scan->{dkim_signed} = 0;
-  $scan->{dkim_verified} = 0;
+  $scan->{dkim_valid} = 0;
   $scan->{dkim_key_testing} = 0;
 
   my $timemethod = $self->{main}->time_method("check_dkim_signature");
@@ -353,7 +354,7 @@
     # extract the actual lookup results
     if ($result eq 'pass') {
       $scan->{dkim_signed} = 1;
-      $scan->{dkim_verified} = 1;
+      $scan->{dkim_valid} = 1;
     }
     elsif ($result eq 'fail') {
       $scan->{dkim_signed} = 1;
@@ -395,13 +396,13 @@
     dbg("dkim: policy: dkim object not available (programming error?)");
   } elsif (!$scan->is_dns_available()) {
     dbg("dkim: policy: not retrieved, no DNS resolving available");
-  } elsif ($scan->{dkim_verified}) {  # no need to fetch policy when verifies
+  } elsif ($scan->{dkim_valid}) {  # no need to fetch policy when valid
     # draft-allman-dkim-ssp-02: If the message contains a valid Originator
     # Signature, no Sender Signing Practices check need be performed:
     # the Verifier SHOULD NOT look up the Sender Signing Practices
     # and the message SHOULD be considered non-Suspicious.
 
-    dbg("dkim: policy: not retrieved, signature does verify");
+    dbg("dkim: policy: not retrieved, signature is valid");
 
   } else {
     my $timeout = $scan->{conf}->{dkim_timeout};
@@ -480,17 +481,17 @@
   my($any_match_at_all, $any_match_by_wl_ref) =
     _wlcheck_list($self, $scan, \@acceptable_identity_tuples);
 
-  my(@verif,@fail);
+  my(@valid,@fail);
   foreach my $wl (keys %$any_match_by_wl_ref) {
     my $match = $any_match_by_wl_ref->{$wl};
     if (defined $match) {
       $scan->{"match_in_$wl"} = 1  if $match;
-      if ($match) { push(@verif,$wl) } else { push(@fail,$wl) }
+      if ($match) { push(@valid,$wl) } else { push(@fail,$wl) }
     }
   }
-  if (@verif) {
+  if (@valid) {
     dbg("dkim: originator %s, WHITELISTED by %s",
-         $originator, join(", ",@verif));
+         $originator, join(", ",@valid));
   } elsif (@fail) {
     dbg("dkim: originator %s, found in %s BUT IGNORED",
          $originator, join(", ",@fail));
@@ -542,7 +543,7 @@
   foreach my $signature (@{$scan->{dkim_signatures}}) {
     local ($1,$2);
 
-    my $verified = $signature->result eq 'pass';
+    my $valid = $signature->result eq 'pass';
 
     my $expiration_time;
     $expiration_time = $signature->expiration  if $expiration_supported;
@@ -560,7 +561,7 @@
     }
 
     my $info = '';  # summary info string to be used for logging
-    $info .= ($verified ? 'VERIFIED' : 'FAILED').($expired ? ' EXPIRED' : '');
+    $info .= ($valid ? 'VALID' : 'FAILED') . ($expired ? ' EXPIRED' : '');
     $info .= lc $identity eq lc $originator_matching_part ? ' originator'
                                                           : ' third-party';
     $info .= " signature by id " . $identity;
@@ -596,20 +597,20 @@
           $matches = 1  if lc $identity eq lc $acceptable_identity;
         } else {  # any local part in signing identity is acceptable
                   # as long as domain matches or is a subdomain
-          $matches = 1  if $identity_dom =~ /(^|\.)\Q$accept_id_dom\Q/i;
+          $matches = 1  if $identity_dom =~ /(^|\.)\Q$accept_id_dom\E\z/i;
         }
       }
       if ($matches) {
         dbg("dkim: $info, originator $originator, MATCHES $wl $re");
-        # a defined value indicates at least a match, not necessarily verified
+        # a defined value indicates at least a match, not necessarily valid
         $any_match_by_wl{$wl} = 0  if !exists $any_match_by_wl{$wl};
       }
       # only valid signature can cause whitelisting
-      $matches = 0  if !$verified || $expired;
+      $matches = 0  if !$valid || $expired;
 
       $any_match_by_wl{$wl} = $any_match_at_all = 1  if $matches;
     }
-    dbg("dkim: $info, originator $originator, no verified matches")
+    dbg("dkim: $info, originator $originator, no valid matches")
       if !$any_match_at_all;
   }
   return ($any_match_at_all, \%any_match_by_wl);