OpenDKIM v2.0.0 (Eve) released

From: Murray S. Kucherawy <>
Date: Fri, 5 Mar 2010 09:35:21 -0800 (PST)

The OpenDKIM project announces availability of OpenDKIM v2.0.0 (code named
"Eve"), now available for download from SourceForge.

This is a major new feature release. The main new features include:

        o Support for OpenLDAP for storing keys and signing configuration.
          This should enhance scalability for sites with lots of separate
          domains and keys to manage.

        o Support for fine-grained policy control via three Lua script
          hooks. See the opendkim-lua(3) and opendkim.conf(5) man pages
          for details. It should be possible to perform any configurable
          policy-related function already available via these scripts,
          except with far more control. Example scripts are included.

        o Separation of signing policy and key management into two different
          new configuration items, "KeyTable" and "SigningTable". The
          previous way, using KeyList (or "-K" from the command line), has
          been removed.

        o A tool to generate a public key zone file based on the contents
          of the KeyTable.

        o Build configuration features for generating code coverage and
          profiling data.

        o A new milter protocol simulation tool for conducting unit tests
          on this filter (or any milter-aware filter). It also uses
          Lua as a scripting engine.

There are as usual several bug fixes as well as some build system and
compile-time cleanliness improvements.

There were some minor changes to the library. If you are using the library
now and are not having trouble with it, no upgrade is required. However,
the new library has a few noteworthy changes:

        o Prior to v2.0.0, dkim_eom() when verifying would only run
          signatures until the first good one was encountered. Now,
          by default, all of them will be run. This is required to
          provide correct support for ADSP in the filter. There is a new
          library flag that can be used to request the previous behaviour.

        o Prior to v2.0.0, dkim_sign() would only accept keys in PEM
          format. Now, base64-encoded DER format is also accepted. This
          was added to support key management via LDAP or SQL.

        o There is new function applications can use at runtime to determine
          what version of libopendkim has been linked.

The code coverage and profiling data mentioned above yielded several
optimizations for the library that also appear in this release.

The full RELEASE_NOTES for this version:

2.0.0 (Eve) 2010/03/05
        Feature request #SF2917224: Add optional OpenLDAP support.
        Feature request #SF2920389: Add CIDR support for IPv6 addresses.
        Feature request #SF2937428: Add "ExemptDomains" configuration item.
        Add optional Lua support, which enables a few script hooks for
                fine-grained policy controls when signing and verifying,
                and "miltertest", a new Lua-based scripting tool for
                exercising milter applications.
        Add "-Q" command line switch, putting the filter in query test mode
                to exercise the database code.
        Don't overwrite the signature verification status with that of the
                policy query status, leading to spurious "bad signature data"
                entries in the log. Problem noted by Roman Gelfand.
        Fix database query order for PeerList, InternalHosts, etc. so that
                negation works properly again.
        Fix crash-on-shutdown bug related to the crypto utilities functions.
        Drop "KeyList" in favour of "KeyTable" and "SigningTable" in the
                configuration file. See the opendkim.conf(5) man page
                for details. Also, "-K" has been dropped from the command
                line, meaning multiple key support now requires use of the
                configuration file.
        Fixes in DB walk code for DB 1.85.
        Fix bug #SF2936499: Clean up numerous compiler warnings.
        Fix bug #SF2951494: Improve logic for doing ADSP queries and reporting
                their results.
        Fix bug #SF2961161: dkim_sig_getidentity() could return successfully
                even if the provided buffer was too small to accept the
                decoded value. Reported by Ale Vesely.
        LIBOPENDKIM: Adjust dkim_sign() to accept base64-encoded DER private
                keys as well as PEM-formatted keys.
        LIBOPENDKIM: Several performance optimizations yielded from
                gprof data.
        LIBOPENDKIM: Fix a length computation that caused an invalid
                snprintf() call. From a Gentoo bug reported by Tilman Giese.
        LIBOPENDKIM: Fix compiler complaint about multiple definitions
                of global variables. Reported by Maarten Oelering.
        LIBOPENDKIM: Have dkim_eom() process all signatures instead of
                stopping after finding one good one. Also add library flag
                DKIM_LIBFLAGS_VERIFYONE, causing dkim_eom() to short-circuit
                after finding one good signature while verifying (i.e.
                reproducing the pre-2.0.0 behaviour).
        LIBOPENDKIM: Feature request #SF2961427: Add dkim_libversion().
                Requested by Ale Vesely.
        TOOLS: Add "opendkim-genzone" which generates a BIND zone file
                fragment based on a KeyTable that contains all of the
                public keys required to match the configured private keys.
        BUILD: Add "--enable-codecoverage" to add build steps that generate
                profiling or code coverage reports when running unit tests.
        BUILD: Compile opendkim-testadsp with pthread libraries in case
                "--enable-arlib" was specified.
        BUILD: Fix an m4 quoting error that had rendered "--enable-debug"
        BUILD: Check for functions upon which libmilter depends. Reported
                by Cyro Lord.
        PORTABILITY: Support for OS X from Bob Halley.

Please use the mailing lists at to report problems.
Bug reports and feature requests can be made through the project trackers,
which can be found via

Thanks go out to the members of the OpenDKIM team and to all of those who
contributed code, testing effort or other support to this release.

Finally, a very special acknowledgement goes out to Eve, to whom this release
is dedicated.

The OpenDKIM Project
Received on Fri Mar 05 2010 - 17:35:40 PST

This archive was generated by hypermail 2.3.0 : Tue Oct 30 2012 - 00:07:48 PST