You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/11/03 19:40:46 UTC
svn commit: r470939 -
/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm
Author: jm
Date: Fri Nov 3 10:40:46 2006
New Revision: 470939
URL: http://svn.apache.org/viewvc?view=rev&rev=470939
Log:
bug 5140: fix parsing of DK tags, tags are case-sensitive, and whitespace may appear before and after tag name and value. let DK_POLICY_TESTING be true if t=y appears in a public key, even when policy record is not fetched. thanks to Mark Martinec <Mark.Martinec /at/ ijs.si>
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm?view=diff&rev=470939&r1=470938&r2=470939
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm Fri Nov 3 10:40:46 2006
@@ -29,9 +29,13 @@
Policy:
Note that DK policy record is only fetched if DK_VERIFIED is false
- to save signing domain from unnecessary DNS queries;
- as recommended by draft-delany-domainkeys-base (SHOULD)!
- Rules DK_POLICY_* will return false when DK_VERIFIED is true.
+ to save signing domain from unnecessary DNS queries,
+ as recommended (SHOULD) by draft-delany-domainkeys-base.
+ Rules DK_POLICY_* should preferably not be relied upon when DK_VERIFIED
+ is true, although they will return false in current implementation
+ when a policy record is not fetched, except for DK_POLICY_TESTING,
+ which is true if t=y appears in a public key record OR in a policy
+ record (when available).
header DK_POLICY_TESTING eval:check_domainkeys_testing()
header DK_POLICY_SIGNSOME eval:check_domainkeys_signsome()
header DK_POLICY_SIGNALL eval:check_domainkeys_signall()
@@ -260,7 +264,7 @@
dbg("dk: signature: $dksighdr") if defined $dksighdr;
$self->sanitize_header_for_dk(\$header)
- if defined($dksighdr) && !grep {/^h=/i} split(/[ \t]*;[ \t]*/,$dksighdr);
+ if defined $dksighdr && $dksighdr !~ /(?:^|;)[ \t]*h=/; # case sensitive
my $message = Mail::DomainKeys::Message->load(HeadString => $header,
BodyReference => $body);
@@ -333,6 +337,10 @@
$scan->{domainkeys_verified} = 1;
}
}
+ # testing flag in signature
+ if ($message->testing()) {
+ $scan->{domainkeys_testing} = 1;
+ }
my $policy;
if (!$scan->{domainkeys_verified}) {
# Recipient systems SHOULD not retrieve a policy TXT record
@@ -350,8 +358,8 @@
$scan->{domainkeys_signsome} = 1;
}
- # domain or key testing
- if ($message->testing() || $policy->testing()) {
+ # testing flag in policy
+ if ($policy->testing()) {
$scan->{domainkeys_testing} = 1;
}
@@ -394,7 +402,8 @@
return $message->signature->domain;
} else {
# otherwise parse it ourself
- if ($scan->{msg}->get_header("DomainKey-Signature") =~ /d=([^;\s]+)/) {
+ if ($scan->{msg}->get_header("DomainKey-Signature") =~
+ /(?: ^|; ) [ \t]* d= [ \t]* ([^;]*?) [ \t]* (?: ;|$ )/x) {
return $1;
}
return undef;