You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2009/09/02 17:13:31 UTC

svn commit: r810544 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Author: mmartinec
Date: Wed Sep  2 15:13:30 2009
New Revision: 810544

URL: http://svn.apache.org/viewvc?rev=810544&view=rev
Log:
Plugin/DKIM.pm - more changes to the text in comments and POD

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=810544&r1=810543&r2=810544&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Wed Sep  2 15:13:30 2009
@@ -167,22 +167,22 @@
 
 =over 4
 
-=item whitelist_from_dkim author@example.com [signing-identity]
+=item whitelist_from_dkim author@example.com [signing-domain]
 
 Use this to supplement the whitelist_from addresses with a check to make
-sure the message with a given From address (the author's address) carries a
-valid Domain Keys Identified Mail (DKIM) signature by a verifier-acceptable
-signing-identity (the i= tag).
+sure the message with a given From address (the author's address) carries
+a valid Domain Keys Identified Mail (DKIM) signature by a signing-domain
+(SDID, i.e. the d= tag) that is acceptable to verifier.
 
 Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
 Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
 are allowed for the From address (the first parameter), just like with
 C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
 
-If no signing identity parameter is specified, the only acceptable signature
-will be a first-party signature, i.e. the so called author domain signature,
-which is a signature where the signing identity of a signature matches the
-author address (i.e. the address in a From header field).
+If no signing-domain parameter is specified, the only acceptable signature
+will be an Author Domain Signature (sometimes called first-party signature)
+which is a signature where the signing domain (SDID) of a signature matches
+the domain of the author address (i.e. the address in a From header field).
 
 Since this whitelist requires a DKIM check to be made, network tests must
 be enabled.
@@ -201,13 +201,13 @@
   whitelist_from_dkim *@info.example.com   example.com
   whitelist_from_dkim *@*                  remailer.example.com
 
-=item def_whitelist_from_dkim author@example.com [signing-identity]
+=item def_whitelist_from_dkim author@example.com [signing-domain]
 
 Same as C<whitelist_from_dkim>, but used for the default whitelist entries
 in the SpamAssassin distribution.  The whitelist score is lower, because
 these are often targets for abuse of public mailers which sign their mail.
 
-=item adsp_override domain [signing_practices]
+=item adsp_override domain [signing-practices]
 
 Currently few domains publish their signing practices (RFC 5617 - ADSP),
 partly because the ADSP rfc is rather new, partly because they think
@@ -263,8 +263,9 @@
 Absence of this second parameter implies C<discardable>. If a domain is not
 listed by a C<adsp_override> directive nor does it explicitly publish any
 ADSP record, then C<unknown> is implied for valid domains, and C<nxdomain>
-for domains not existing in DNS. (Note: domain validity may be unchecked
-with current versions of Mail::DKIM, so C<nxdomain> may never turn up.)
+for domains not existing in DNS. (Note: domain validity is only checked with
+versions of Mail::DKIM 0.36_5 or later, C<nxdomain> would never turn up with
+older versions).
 
 The strong setting C<discardable> is useful for domains which are known
 to always sign their mail and to always send it directly to recipients
@@ -278,7 +279,7 @@
 contributes its score: DKIM_ADSP_NXDOMAIN, DKIM_ADSP_ALL, DKIM_ADSP_DISCARD,
 DKIM_ADSP_CUSTOM_LOW, DKIM_ADSP_CUSTOM_MED, DKIM_ADSP_CUSTOM_HIGH. Not more
 than one of these rules can fire. The last three can only result from a
-'signing_practices' as given in a C<adsp_override> directive (not from a
+'signing-practices' as given in a C<adsp_override> directive (not from a
 DNS lookup), and can serve as a convenient means of providing a different
 score if scores assigned to DKIM_ADSP_ALL or DKIM_ADSP_DISCARD are not
 considered suitable for some domains.
@@ -511,7 +512,7 @@
   my ($self, $pms) = @_;
   # the signsome is semantically always true, and thus redundant;
   # for compatibility just returns false to prevent
-  # a rule DKIM_POLICY_SIGNSOME from always firing
+  # a legacy rule DKIM_POLICY_SIGNSOME from always firing
   return 0;
 }
 
@@ -865,18 +866,19 @@
     $pms->{dkim_adsp} = 'N'; $practices_as_string = 'invalid fqdn, ignored';
 
   } elsif ($pms->{dkim_author_sig_tempfailed}) {
-    dbg("dkim: adsp ignored, temporary failure varifying author domain signature");
+    dbg("dkim: adsp ignored, tempfail varifying author domain signature");
     $practices_as_string = 'pub key tempfailed, ignored';
 
   } elsif ($pms->{dkim_has_any_author_sig} &&
            !$pms->{dkim_signatures_dependable}) {
-    # the message did have an author domain signature but it wasn't valid;
+    # the message did have an Author Domain Signature but it wasn't valid;
     # we also expect the message was truncated just before being passed to
     # SpamAssassin, which is a likely reason for verification failure, so
     # we shouldn't take it too harsh with ADSP rules - just pretend the ADSP
     # was 'unknown'
     #
-    dbg("dkim: adsp ignored, message was truncated, invalid author domain signature");
+    dbg("dkim: adsp ignored, message was truncated, ".
+        "invalid author domain signature");
     $practices_as_string = 'truncated, ignored';
 
   } elsif (my($adsp,$key) =
@@ -1009,7 +1011,7 @@
 }
 
 # check for verifier-acceptable signatures; an empty (or undefined) signing
-# identity in a whitelist implies checking for an author domain signature
+# domain in a whitelist implies checking for an Author Domain Signature
 #
 sub _wlcheck_acceptable_signature {
   my ($self, $pms, $acceptable_identity_tuples_ref, $wl) = @_;
@@ -1089,7 +1091,7 @@
       # $re and $wl are here for logging purposes only, $re already checked.
       # The $acceptable_identity is a verifier-acceptable signing identity.
       # When $acceptable_identity is undef or an empty string it implies an
-      # author domain signature check.
+      # Author Domain Signature check.
 
       my $matches = 0;
       if (!defined $acceptable_identity || $acceptable_identity eq '') {
@@ -1100,7 +1102,7 @@
         # field, is the same as the domain name in the Author Address.
         # Following [RFC5321], domain name comparisons are case insensitive.
 
-        # checking for author domain signature
+        # checking for Author Domain Signature
         $matches = 1  if lc $identity eq lc $author_matching_part;
       }
       else {  # checking for verifier-acceptable signature