qmail-dkim.c: Added env variable EXCLUDE_DKIMSIGN to exclude headers …

…from DKIM signing

indimail-mta-x/doc/ChangeLog

@@ -47,6 +47,9 @@ Release 3.0.6-1.1 Start 25/10/2023 End XX/XX/XXXX
 28. smtpd.c: fixed control filename for blackholedrcpt, blackholedrcptpatterns
 29. qmail.c: fixed NULLQUEUE
 30. tests/test-indimail-mta: added test for blackholedrcpt, blackholdsender
+- 14/11/2023
+31. qmail-dkim.c: Added env variable EXCLUDE_DKIMSIGN to exclude headers from
+    DKIM signing
 
 * Tue Oct 17 2023 18:34:04 +0000 Manvendra Bhangui <indimail-mta@indimail.org> 3.0.5-1.1%{?dist}
 Release 3.0.5-1.1 Start 11/09/2023 End 17/10/2023

indimail-mta-x/qmail-dkim.9

@@ -296,17 +296,18 @@ to sign messages sent by that host. \fBDKIMVERIFY\fR should be set for all
 other hosts.
 
 If neither \fBDKIMSIGN\fR nor \fBDKIMVERIFY\fR are set, then \fBDKIMSIGN\fR
-will be set to @controldir@/domainkeys/%/default. The % will be replaced by
-the domain in the From: header. If such a file does not exist, then it will
-be set to @controldir@/domainkeys/default. If such a private key exists, it
-will be used to sign the domain. You can also set \fBDKIMKEY\fR to chose a
-key different from @controldir@/domainkeys/%/default. \fBDKIMKEY\fR can
-also have % character that will be replaced by the domain in the From:
-header. If the private key does not exist, qmail-dkim will exit with return
-code 35.
+will be set to \fI@controldir@/domainkeys/%/default\fR. The % will be
+replaced by the domain in the From: header. If such a file does not exist,
+then it will be set to \fI@controldir@/domainkeys/default\fR. If such a
+private key exists, it will be used to sign the domain. You can also set
+\fBDKIMKEY\fR to chose a key different from
+\fI@controldir@/domainkeys/%/default\fR. \fBDKIMKEY\fR can also have %
+character that will be replaced by the domain in the From: header. If the
+private key does not exist, qmail-dkim will exit with return code 35.
 
 By default \fBqmail-dkim\fR will use all of the headers when signing a
-message.
+message. You an exclude headers from gettng signed by setting a colon
+separated list of headers in \fBEXCLUDE_DKIMSIGN\fR environment variable.
 
 .SH NOTES
 If the environment variable \fBCONTROLDIR\fR is set, \fBqmail-dkim\fR uses

indimail-mta-x/qmail-dkim.c

@@ -1,5 +1,5 @@
 /*
- * $Id: qmail-dkim.c,v 1.75 2023-02-17 11:49:48+05:30 Cprogrammer Exp mbhangui $
+ * $Id: qmail-dkim.c,v 1.76 2023-11-14 10:26:55+05:30 Cprogrammer Exp mbhangui $
  */
 #include "hasdkim.h"
 #ifdef HASDKIM
@@ -98,13 +98,29 @@ sigbug()
 int DKIM_CALL
 SignThisHeader(const char *szHeader)
 {
+	char           *excl = 0, *cptr, *ptr;
+	int             i;
+
 	if ((!strncasecmp((char *) szHeader, "X-", 2) && strncasecmp((char *) szHeader, "X-Mailer:", 9))
 			|| strncasecmp((char *) szHeader, "Received:", 9) == 0
 			|| strncasecmp((char *) szHeader, "Authentication-Results:", 23) == 0
 			|| !strncasecmp(szHeader, "DKIM-Signature:", 15)
 			|| !strncasecmp(szHeader, "DomainKey-Signature:", 20)
 			|| strncasecmp((char *) szHeader, "Return-Path:", 12) == 0)
 		return 0;
+	if (!(excl = env_get("EXCLUDE_DKIMSIGN")))
+		return 1;
+	for (i = 0, cptr = ptr = excl; *ptr; ptr++, i++) {
+		if (*ptr == ':') {
+			*ptr = 0;
+			fprintf(stderr, "comparing [%s][%s] %d\n", szHeader, cptr, i);
+			if (strncasecmp((char *) szHeader, cptr, i) == 0)
+				return 0;
+			*ptr = ':';
+			cptr = ptr + 1;
+			i = 0;
+		}
+	}
 	return 1;
 }
 
@@ -1251,7 +1267,7 @@ main(int argc, char **argv)
 void
 getversion_qmail_dkim_c()
 {
-	static char    *x = "$Id: qmail-dkim.c,v 1.75 2023-02-17 11:49:48+05:30 Cprogrammer Exp mbhangui $";
+	static char    *x = "$Id: qmail-dkim.c,v 1.76 2023-11-14 10:26:55+05:30 Cprogrammer Exp mbhangui $";
 
 #ifdef HASDKIM
 	x = sccsidmakeargsh;
@@ -1265,6 +1281,9 @@ getversion_qmail_dkim_c()
 
 /*
  * $Log: qmail-dkim.c,v $
+ * Revision 1.76  2023-11-14 10:26:55+05:30  Cprogrammer
+ * added env variable EXCLUDE_DKIMSIGN to exclude headers from DKIM signing
+ *
  * Revision 1.75  2023-02-17 11:49:48+05:30  Cprogrammer
  * added env variable NODKIMKEYS to disable reading of dkimkeys control file
  * disable dkimkeys when doing DKIMSIGNEXTRA

indimail-mta-x/qmail-smtpd.9

@@ -25,12 +25,12 @@ exit. This option gets activated only when the first argument to
 .SH DESCRIPTION
 \fBqmail-smtpd\fR receives mail messages via the Simple Mail Transfer
 Protocol (SMTP) and invokes the program defined by \fBQMAILQUEUE\fR
-environment variables to deposit the message into the outgoing queue. If
+environment variable to deposit the message into the outgoing queue. If
 \fBQMAILQUEUE\fR isn't defined then @prefix@/sbin/qmail-queue is used as a
 default.
 
-\fBqmail-smtpd\fR uses @sysconfdir@ as its working directory which can be
-changed by setting \fBSYSCONFDIR\fR environment variable.
+\fBqmail-smtpd\fR uses \fI@sysconfdir@\fR as its working directory which
+can be changed by setting \fBSYSCONFDIR\fR environment variable.
 
 .B qmail-smtpd
 must be supplied several environment variables;
@@ -1090,14 +1090,14 @@ DNS checks are prohibited for sender addresses (Mail from:) included here.
 Addresses can be expressed individually and/or for a domain:
 
 .EX
-   god@heaven.af.mil
-   @heaven.af.mil
+  god@heaven.af.mil
+  @heaven.af.mil
 .EE
 
 If the environment variable \fBNODNSCHECK\fR is set, \fBqmail-smtpd\fR will
-ignore \fInodnscheck\fR and the DNS check will be disabled in general. A
-line in \fInodnschecks\fR may be of the form \fB@\fIhost\fR, meaning every
-address att \fIhost\fR.
+ignore \fInodnscheck\fR and the DNS check will be disabled. A line in
+\fInodnschecks\fR may be of the form \fB@\fIhost\fR, meaning every address
+at \fIhost\fR.
 
 .TP 5
 \fIrcpthosts\fR
@@ -1112,8 +1112,8 @@ Exception: If the environment variable \fBRELAYCLIENT\fR is set,
 \fIrcpthosts\fR may include wildcards:
 
 .EX
-   heaven.af.mil
-   .heaven.af.mil
+ heaven.af.mil
+ .heaven.af.mil
 .EE
 
 Envelope recipient addresses without @ signs are
@@ -1139,8 +1139,8 @@ Addresses in
 may be wildcarded:
 
 .EX
-   192.168.0.1:
-   192.168.1.:
+  192.168.0.1:
+  192.168.1.:
 EE
 
 .TP 5
@@ -1154,8 +1154,8 @@ optional string should be null.
 Addresses in \fIrelaydomains\fR may be wildcarded:
 
 .EX
-   heaven.af.mil:
-   .heaven.af.mil:
+  heaven.af.mil:
+  .heaven.af.mil:
 .EE
  
 .TP 5
@@ -1170,8 +1170,8 @@ If \fIrelaymailfrom.cdb\fR is present, it will be searched first.
 Examples:
 
 .EX
-   joeblow@domain1.com
-   @domain2.com
+  joeblow@domain1.com
+  @domain2.com
 .EE
 
 .TP 5
@@ -1220,12 +1220,12 @@ A \fIrecipients\fR file is always constructed like 'domain:cdb',
  'domain|pam', or simply 'cdb':
 
 .EX
-   !nocheck.com
-   @mydomain.com:users/recipients.cdb
-   example.com|ldap_pam ldapserver host port DN passwd
-   *:control/fastforward.cdb
-   *|ldap_pam otherserver
-   !*
+  !nocheck.com
+  @mydomain.com:users/recipients.cdb
+  example.com|ldap_pam ldapserver host port DN passwd
+  *:control/fastforward.cdb
+  *|ldap_pam otherserver
+  !*
 .EE
 
 Legacy format:
@@ -1625,27 +1625,27 @@ greylisting the environment variable \fBGREYIP\fR is used. For the default
 values (loopback address 127.0.0.1, port 19999 use,
 
 .EX
-   GREYIP="127.0.0.1@1999"
+  GREYIP="127.0.0.1@1999"
 .EE
 
 Alternatively a different IP address and/or port can be specified as
 in these examples,
 
 .EX
-   GREYIP="192.168.1.50"
-   GREYIP="::1@1999"
-   GREYIP="192.168.1.33@1999"
+  GREYIP="192.168.1.50"
+  GREYIP="::1@1999"
+  GREYIP="192.168.1.33@1999"
 .EE
 
 Exception:
 If the environment variable \fBRELAYCLIENT\fR is set (see details on this
-	above), greylisting does not occur.
+above), greylisting does not occur.
 
 Greylisting may be explicitly disabled by setting \fBGREYIP\fR to an empty
 string,
 
 .EX
-   GREYIP=""
+  GREYIP=""
 .EE
 
 Clearly \fBqmail-greyd\fR must be available to respond to greylisting

libdkim2-x/dkim.9

@@ -205,7 +205,6 @@ rejected later at delivery time, or in the mail reader. In that case you
 need not set \fBDKIMVERIFY\fR or set it as "p" as the maximum.
 
 .SH "SEE ALSO"
-dktest(8),
 qmail-dk(8),
 qmail-dkim(8),
 dknewkey(8),