OpenDKIM is an open source implementation of the DKIM (RFC6376) email sender authentication system, derived from dkim-milter. It also supports ADSP/RFC5617, Vouch by reference/RFC5518, and experimentally ATPS/RFC6541. It works with any MTA supporting the sendmail milter API, such as Postfix. OpenDKIM provides a Lua-scriptable policy engine, LDAP and SQL database support, and statistic/reporting tools.
Homepage
Download
Recent Releases
2.10.316 May 2015 03:16
minor feature:
LIBOPENDKIM: Make strict header checking non-destructive. The last change
to this code resulted in failing signatures. Reported by Pedro
Morales and Wez Furlong.
2.10.212 May 2015 06:25
minor feature:
Report a DKIM result of "policy" if MinimumKeyBits
or UnprotectedKey cause the signature to result in a "pass"
override. Reported by Kurt Roeckx.
: Revert removal of SenderHeaders configuration setting.
Document that it is now limited to signature selection.
LIBOPENDKIM: : Deal with header fields that are
wrapped before there's any content. Reported by
Alessandro Vesely.
CONTRIB: Update to contrib/systemd/opendkim.service.in from
Steve Jenkins.
2.10.104 Feb 2015 17:25
minor bugfix:
Make DB_SIGNINGTABLE symbol available in Lua scripts.
Fix bug #214: Handle arbitrarily large From: fields.
LIBOPENDKIM: Fix bug #213: Remove "dkim_default_senderhdrs" from
dkim.h.
LIBOPENDKIM: Fix bug #219: Unresolved CNAMEs are not failures,
according to the DNS (see RFC6604), so report them as
NXDOMAIN or similar.
2.10.0.Beta026 Nov 2014 14:05
minor feature:
Make "rrvs" and "smime" recognized Authentication-Results methods.
Truncate configuration file lines at carriage return.
Replace overlapping strlcpy() with memmove() in dkim_get_key_file().
LIBOPENDKIM: Add dkim_mail_parse_multi().
LIBOPENDKIM: Add dkim_set_dnssec().
LIBOPENDKIM: If a signature fails to verify for either
reason (header hash mismatched or body hash mismatched), set
DKIM_SIGERROR_BADSIG so that Authentication-Results doesn't
report a failure with "no signature error".
LIBOPENDKIM: dkim_header() is now a lot more strict about the input
it will accept (see RFC5322 Section 2.2).
LIBOPENDKIM: Tighten relaxed modes to break on only DKIM-defined
whitespace characters. Problem noted by Elizabeth Zwicky.
CONTRIB: Clean up the "stats" directory.
CONTRIB: Add "repute" directory which could eventually replace the
PHP implementation.
TOOLS: Add "-F" flag to opendkim-genzone so
records are created with the FQDN.
REPUTATION: Handle parameters safely in repute.php.
Remove "AddAllSignatureResults". All signature
results will now be added via Authentication-Results header
fields.
Rename "LDAPSoftStart" to "SoftStart" and apply
it to SQL connections as well.
Add "IgnoreMalformedMail" option.
Plug leaking "result" structures when OpenLDAP is in use.
Discontinue support for ADSP.