Release notes

latest enhancements

DomainKeys

Version 1.1.9

  • Rewrote the internal DNS cache code for easier maintenance

Version 1.1.8

  • Not using libresolv anymore on OSX as it cause problems on OSX Intel.
  • Updated libdkim engine to v1.0.21

Version 1.1.7

  • Removed the l= tag from the DKIM signature as the methodology to measure body length is not clear enough and differs from one implementation to another

Version 1.1.6

  • Fixed: From and Sender headers are not unfold before being matched agains domains.local

Version 1.1.5

  • Fixed: DKIM signature domain discrepancy on messages containing a Sender and a To header belonging to a different domain

Version 1.1.4

  • Fixed problems with CRLF on linux which can produce invalid signature

Version 1.1.3

  • Sign mode is not multithreaded anymore to avoid race conditions when signing big messages. As no DNS operation is involved in sign mode, multithreading is not useful.
  • New setting to control internal timeout value for DNS operations (--timeout=20)

Version 1.1.2

  • Moved to a new command-line processor (boost::program_options) for clarity. Compatible with previous command-line syntax.

Version 1.1.1

  • Updated libdkim engine to v1.0.19
  • Added -t command-line option to allow trusted messages to be signed

Version 1.1a

  • Fixed a bug in the domainkeys library and an omission in the dkim library causing the wrong sender policy to be verified for a message bearing both a Sender and a From header but no signature (such as messages passing through the CGP mailing list)

Version 1.1

  • New: domains.local configuration file, for the filter to decide by itself which messages to sign. Requires SMTP AUTH. This simplifies a lot the CGP rules, especially for servers with several domains.
  • Old behavior (sign/verify all) still supported when domains.local file is empty or not found
  • Converted the Readme text file in HTML for readability. Documentation has been reverified entirely.
  • The private key file is now expected to have a fixed name and to be in the filter directory. The old command-line syntax to specify the private key file is supported for backward compatibility but has been removed from the documentation

Version 1.0.1

  • Fixed: In rare conditions, messages with CR+LF EOLs can get an invalid signature. This problem should affect Windows installations only

Version 1.0

  • Fixed: the Received header is sometimes signed by DK

Version 1.0 RC3

  • Simplified thread management code to avoid platform-specific issues
  • Fixed a possible null reference problem

Version 1.0 RC2

  • New: Internal DNS cache (using TTL value. NXDOMAIN TTL = 3600)
  • Better DNS timeout handling code

Version 1.0 RC1

  • Removed the -ir option (see v0.80 history). This option is now forced on to avoid problems
  • New: DKIM support (RFC 4871). Standard domainkeys support continues, even if RFC 4870 is considered obsolete.
  • New header to simplify dk rules: X-DK-Recommendation: {pass|fail}

Version 0.84

  • Fixed the dns procedure. The one in v0.83 didn't always give the expected results
  • Fixed the threading code on Windows

Version 0.83

  • Rewrote the dns procedure - better compatibility with libresolv.so.2 on some platforms
  • FreeBSD build is now created on FreeBSD 6. Contact us if you need to run it on FreeBSD 5.5

Version 0.82

  • Ported to x64 architecture (x64 builds are considered beta)
  • Fixed the timeout-waiting thread implementation on Windows

Version 0.81

  • Fixed a possible crash when the From: header is present but empty - bug is due to a missed case in the reference implementation

Version 0.80

  • Added a command-line option to make the signature process ignore the Received: fields. This allow the use of the 'Hide Received Fields' feature in Communigate Pro (SMTP/Sending)

Version 0.79

  • Fixed (reference implementation): backward-compatibility mode is not backward-compatible anymore, causing interop problems with some MTA using old, broken implementations of DK

Version 0.78

  • New: Internal detection of dns and thread timeouts (Be sure to set CGP timeout value to 2 minutes or more)
  • Fixed: Small memory overrun causing segfaults on some configurations

Version 0.77

  • Fixed: Uninitialized data can cause segfaults (bug in libdomainkeys)
  • Fixed: Thread cleanup is not aggressive enough and can cause resources leaks

Version 0.76

  • Fixed: The helper may crash when it gets several requests at the same time (bug in libdomainkeys)

Version 0.75

  • Using libdomainkeys-0.66
  • Fixed a memory leak when signing
  • Added solaris-i386 to the package

Version 0.7

  • Using libdomainkeys-0.65, and a lot of new points from the DomainKeys draft v0.2
  • Changed DomainKeys-Status: for Authentication-Results: header (http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-02.txt)

Version 0.65

  • Using latest changes from the reference implementation
  • Fixed interoperability with Yahoo! Mail.

Version 0.6

  • Fixed: Message signature is invalid when multiple header fields with the same name are present and these headers don't follow each other.
  • Fixed a small memory leak

Version 0.5

  • Fixed: If a sign-all domain send a message to to a mailing list, and this mailing list resend the message (stripping the DomainKeys-Signature header but adding a Sender: header), the received message is incorrectly marked as BAD because of a bug in the open-source library.
  • Some clarification in the documentation

Version 0.4

  • Fixed: DomainKeys-Win32 can crash if the domain return a CNAME. Should not happen, it's against some RFC, but it happens with spammers domains
  • Fixed: The Policy is fetched from an incorrect domain name (bug in libdomainkeys)

Version 0.3

  • Added Domain Policy support for incoming messages
  • Added Testing mode support for incoming messages
  • Revamped the headers added by the Verify filter to follow the Internet Draft
  • Updated the README file with new data
  • Added the MISSING file for things that are missing from this filter

Version 0.2

  • The filter now adds the "h" field to the signature, this to avoid problems with MTA adding headers AFTER the current ones, once the message is already signed
  • The headers are now "folded" to 100 characters

Version 0.1a

  • Removed dknewkeys, included a perl script that does a better job to create new keys

Version 0.1

  • First version of the filter