On 02/22/2018 08:52 AM, Benny Pedersen wrote:
Giovanni Bechis skrev den 2018-02-22 15:39:
sub check_dkim_valid {
my ($self, $pms, $full_ref, @acceptable_domains) = @_;
$self->_check_dkim_signature($pms) if
!$pms->{dkim_checked_signature};
my $result = 0;
if (!$pms->{dkim_valid}) {
# don't bother
} elsif (!@acceptable_domains) {
$result = 1; # no additional constraints, any signing domain
will do,
# also any signing key size will do
} else {
$result =
$self->_check_dkim_signed_by($pms,1,0,\@acceptable_domains);
}
return $result;
}
there we go :(
dkim signed should be any key bits allowed, but dkim valid should not
allow under minimal key bits
$self->_check_dkim_signed_by already checks for miminal key bits
elsif part is correct ?
i read code as any key bits can make valid dkim
That is also my finding based on:
https://pastebin.com/mjvB0MKg
which hit DKIM_VALID with a 768-bit key.
--
David Jones
