You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2007/11/16 01:31:29 UTC
svn commit: r595503 -
/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
Author: mmartinec
Date: Thu Nov 15 16:31:28 2007
New Revision: 595503
URL: http://svn.apache.org/viewvc?rev=595503&view=rev
Log:
Plugin::DKIM: fix anchoring in regexp; rename "verified" to "valid" in variables and in comments to match SSP and RFC 4871 terminology
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=595503&r1=595502&r2=595503&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Nov 15 16:31:28 2007
@@ -40,8 +40,8 @@
The following tags are added to the set, available for use in reports,
headers, other plugins, etc.:
- _DKIMIDENTITY_ verified signing identities (the 'i' tag) from signatures;
- _DKIMDOMAIN_ verified signing domains (the 'd' tag) from signatures;
+ _DKIMIDENTITY_ signing identities (the 'i' tag) from valid signatures;
+ _DKIMDOMAIN_ signing domains (the 'd' tag) from valid signatures;
Identities and domains from signatures which failed verification are not
included in these tags. Duplicates are eliminated (e.g. when there are two or
@@ -218,10 +218,11 @@
return $scan->{dkim_signed};
}
+# mosnomer, should be check_dkim_valid, keep for compatibility
sub check_dkim_verified {
my ($self, $scan) = @_;
$self->_check_dkim_signature($scan) unless $scan->{dkim_checked_signature};
- return $scan->{dkim_verified};
+ return $scan->{dkim_valid};
}
sub check_dkim_signsome {
@@ -271,7 +272,7 @@
$scan->{dkim_checked_signature} = 1;
$scan->{dkim_signed} = 0;
- $scan->{dkim_verified} = 0;
+ $scan->{dkim_valid} = 0;
$scan->{dkim_key_testing} = 0;
my $timemethod = $self->{main}->time_method("check_dkim_signature");
@@ -353,7 +354,7 @@
# extract the actual lookup results
if ($result eq 'pass') {
$scan->{dkim_signed} = 1;
- $scan->{dkim_verified} = 1;
+ $scan->{dkim_valid} = 1;
}
elsif ($result eq 'fail') {
$scan->{dkim_signed} = 1;
@@ -395,13 +396,13 @@
dbg("dkim: policy: dkim object not available (programming error?)");
} elsif (!$scan->is_dns_available()) {
dbg("dkim: policy: not retrieved, no DNS resolving available");
- } elsif ($scan->{dkim_verified}) { # no need to fetch policy when verifies
+ } elsif ($scan->{dkim_valid}) { # no need to fetch policy when valid
# draft-allman-dkim-ssp-02: If the message contains a valid Originator
# Signature, no Sender Signing Practices check need be performed:
# the Verifier SHOULD NOT look up the Sender Signing Practices
# and the message SHOULD be considered non-Suspicious.
- dbg("dkim: policy: not retrieved, signature does verify");
+ dbg("dkim: policy: not retrieved, signature is valid");
} else {
my $timeout = $scan->{conf}->{dkim_timeout};
@@ -480,17 +481,17 @@
my($any_match_at_all, $any_match_by_wl_ref) =
_wlcheck_list($self, $scan, \@acceptable_identity_tuples);
- my(@verif,@fail);
+ my(@valid,@fail);
foreach my $wl (keys %$any_match_by_wl_ref) {
my $match = $any_match_by_wl_ref->{$wl};
if (defined $match) {
$scan->{"match_in_$wl"} = 1 if $match;
- if ($match) { push(@verif,$wl) } else { push(@fail,$wl) }
+ if ($match) { push(@valid,$wl) } else { push(@fail,$wl) }
}
}
- if (@verif) {
+ if (@valid) {
dbg("dkim: originator %s, WHITELISTED by %s",
- $originator, join(", ",@verif));
+ $originator, join(", ",@valid));
} elsif (@fail) {
dbg("dkim: originator %s, found in %s BUT IGNORED",
$originator, join(", ",@fail));
@@ -542,7 +543,7 @@
foreach my $signature (@{$scan->{dkim_signatures}}) {
local ($1,$2);
- my $verified = $signature->result eq 'pass';
+ my $valid = $signature->result eq 'pass';
my $expiration_time;
$expiration_time = $signature->expiration if $expiration_supported;
@@ -560,7 +561,7 @@
}
my $info = ''; # summary info string to be used for logging
- $info .= ($verified ? 'VERIFIED' : 'FAILED').($expired ? ' EXPIRED' : '');
+ $info .= ($valid ? 'VALID' : 'FAILED') . ($expired ? ' EXPIRED' : '');
$info .= lc $identity eq lc $originator_matching_part ? ' originator'
: ' third-party';
$info .= " signature by id " . $identity;
@@ -596,20 +597,20 @@
$matches = 1 if lc $identity eq lc $acceptable_identity;
} else { # any local part in signing identity is acceptable
# as long as domain matches or is a subdomain
- $matches = 1 if $identity_dom =~ /(^|\.)\Q$accept_id_dom\Q/i;
+ $matches = 1 if $identity_dom =~ /(^|\.)\Q$accept_id_dom\E\z/i;
}
}
if ($matches) {
dbg("dkim: $info, originator $originator, MATCHES $wl $re");
- # a defined value indicates at least a match, not necessarily verified
+ # a defined value indicates at least a match, not necessarily valid
$any_match_by_wl{$wl} = 0 if !exists $any_match_by_wl{$wl};
}
# only valid signature can cause whitelisting
- $matches = 0 if !$verified || $expired;
+ $matches = 0 if !$valid || $expired;
$any_match_by_wl{$wl} = $any_match_at_all = 1 if $matches;
}
- dbg("dkim: $info, originator $originator, no verified matches")
+ dbg("dkim: $info, originator $originator, no valid matches")
if !$any_match_at_all;
}
return ($any_match_at_all, \%any_match_by_wl);