OpenDKIM is an open source implementation of the DKIM (RFC6376) email sender authentication system, derived from dkim-milter. It also supports ADSP/RFC5617, Vouch by reference/RFC5518, and experimentally ATPS/RFC6541. It works with any MTA supporting the sendmail milter API, such as Postfix. OpenDKIM provides a Lua-scriptable policy engine, LDAP and SQL database support, and statistic/reporting tools.
2.10.316 May 2015 03:16
LIBOPENDKIM: Make strict header checking non-destructive. The last change
to this code resulted in failing signatures. Reported by Pedro
Morales and Wez Furlong.
2.10.212 May 2015 06:25
Report a DKIM result of "policy" if MinimumKeyBits
or UnprotectedKey cause the signature to result in a "pass"
override. Reported by Kurt Roeckx.
: Revert removal of SenderHeaders configuration setting.
Document that it is now limited to signature selection.
LIBOPENDKIM: : Deal with header fields that are
wrapped before there's any content. Reported by
CONTRIB: Update to contrib/systemd/opendkim.service.in from
2.10.104 Feb 2015 17:25
Make DB_SIGNINGTABLE symbol available in Lua scripts.
Fix bug #214: Handle arbitrarily large From: fields.
LIBOPENDKIM: Fix bug #213: Remove "dkim_default_senderhdrs" from
LIBOPENDKIM: Fix bug #219: Unresolved CNAMEs are not failures,
according to the DNS (see RFC6604), so report them as
NXDOMAIN or similar.
2.10.0.Beta026 Nov 2014 14:05
Make "rrvs" and "smime" recognized Authentication-Results methods.
Truncate configuration file lines at carriage return.
Replace overlapping strlcpy() with memmove() in dkim_get_key_file().
LIBOPENDKIM: Add dkim_mail_parse_multi().
LIBOPENDKIM: Add dkim_set_dnssec().
LIBOPENDKIM: If a signature fails to verify for either
reason (header hash mismatched or body hash mismatched), set
DKIM_SIGERROR_BADSIG so that Authentication-Results doesn't
report a failure with "no signature error".
LIBOPENDKIM: dkim_header() is now a lot more strict about the input
it will accept (see RFC5322 Section 2.2).
LIBOPENDKIM: Tighten relaxed modes to break on only DKIM-defined
whitespace characters. Problem noted by Elizabeth Zwicky.
CONTRIB: Clean up the "stats" directory.
CONTRIB: Add "repute" directory which could eventually replace the
TOOLS: Add "-F" flag to opendkim-genzone so
records are created with the FQDN.
REPUTATION: Handle parameters safely in repute.php.
Remove "AddAllSignatureResults". All signature
results will now be added via Authentication-Results header
Rename "LDAPSoftStart" to "SoftStart" and apply
it to SQL connections as well.
Add "IgnoreMalformedMail" option.
Plug leaking "result" structures when OpenLDAP is in use.
Discontinue support for ADSP.