OpenDKIM 2.7.0 Beta period beginning

From: Murray S. Kucherawy <>
Date: Tue, 25 Sep 2012 16:06:09 -0700 (PDT)

OpenDKIM 2.7.0-Beta0 is now available for download from SourceForge in the
"Pre-Releases" directory.

This Beta period will last for about a month. As usual, the
trackers on SourceForge and the opendkim-users list should not be used for
reporting bugs, comments, requests, etc., that are specific to the Beta
releases. Please use the opendkim-dev list for that. Announcements of
new Beta releases will also only be made on that list.

Beta releases will be made as needed, and not according to a fixed or
regular schedule. If you want to be notified of new ones, please
subscribe to opendkim-dev.

There is continuing research work into improving the domain reputation
algorithms. Any new developments that appear stable will work their way
into the Beta releases so that they can be exercised.

One important announcement: The OpenDKIM Project is now formally an
initiative of The Trusted Domain Project, a California non-profit. All
copyrights have been amended to reflect this.

Major changes in this upcoming version:

o There is now an enforced (but configurable) minimum key size, as keys
   smaller than those recommended by RFC6376 can be compromised with
   readily avaliable compute resources. The default is 1024.

o Support for "libar" has been discontinued. For asynchronous resolver
   capabilities, use recent versions of bind or unbound, both of which are
   still supported.

o Signatures whose keys have the testing flag ("t=y") set no longer
   receive any benefit from the reputations those domains may earn.

o Numerous minor bug fixes and improvements, and a great deal of build

o Support for live DNS updates was added to some of the tools.

o Support for experimental key query methods has been added.

The full RELEASE_NOTES for 2.7.0 is appended below.

We would like to thank NLnet, who have provided a grant to fund part of
the devleopment and maintenance of this release.

And a big thank-you to the community, and especially to those of you who
are helping us test this version, for your ongoing support!

The Trusted Domain Project


2.7.0 2012/10/21
         Feature request #SF2964375: Reject configuration files that have
                 a SigningTable referencing a missing or malformed KeyTable
         Feature request #SF3544764: Support for libar has been discontinued.
                 For asynchronous and/or thread-safe resolver service,
                 use libunbound or a suitable version of BIND.
         Feature request #SF3545658: Replace "ResolvConf" with "Nameservers"
                 and add support for NS list overrides for versions of bind
                 that have res_setservers(). Also rename "UnboundConfigFile"
                 to "ResolverConfiguration", and make "TrustAnchorFile"
                 generally available.
         Feature request #SF3547124: Skip reputation checks on passing
                 signatures whose keys had a "t=y" value.
         Feature request #SF3555842: Add "ReputationTest" setting. Requested
                 by Andreas Schulze.
         Feature request #SF3556439: Update opendkim-atpszone per RFC6541.
         Feature request #SF3559744: Add library option DKIM_OPTS_MINKEYBITS
                 allowing one to specify a minimum number of key bits for
                 acceptable keys and signatures. This is exposed through new
                 configuration file option "MinimumKeyBits". The default
                 is 1024.
         Fix bug #SF3536414: Activate _FFR_OVERSIGN, and remove
         Fix bug #SF3536655: Rename "X-Header" to "SoftwareHeader", and rename
                 all header fields added that start "X-" to remove that prefix,
                 per RFC6648. The old name will be accepted through the end
                 of the 2.7.x line.
         Fix bug #SF3538896: Remove antiquated CVS Id: tags, which cleans up
                 some (harmless) build warnings. Suggested by Andreas Schulze.
         Fix bug #SF3548741: Add "ReputationTimeout" for use inside
                 _FFR_REPUTATION, rather than using the built-in default
                 or a hard-coded one.
         Fix bug #SF3549307: Remove _FFR_REPUTATION_CACHE, as it is redundant
                 to caching code that's part of _FFR_REPUTATION already.
         Fix bug #SF3555844: Get repute client code in sync with repute.php
                 (and the current REPUTE WG drafts). Problem noted by
                 Andreas Schulze.
         Fix bounds checking in the dstring printf functions.
         Change all temporary directory defaults from /var/tmp to /tmp.
         Patch #SF3555843: With sufficient verbosity, report the default
                 configuration file path. Patch from Andreas Schulze.
         BUILD: Fix bug #SF3531658: Move the strlcat() and strlcpy()
                 implementations to their own library so that programs don't
                 drag in crypto and other dependencies they don't need.
                 Also clean up several other unnecessary dependencies imposed
                 by imprecise use of autoconf. Problem noted by Andreas
         BUILD: Patch #SF3555845: Add support for older versions of libcurl.
                 Based on a patch by Andreas Schulze.
         BUILD: Install non-user things in sbin instead of bin. Suggested
                 by Andreas Schulze.
         LIBOPENDKIM: Feature request #SF3565006: Add dkim_add_querymethod()
                 and dkim_sig_seterror(), define DKIM_CBSTAT_DEFAULT, and
                 remove an assertion in dkim_get_key_dns(), which together
                 allow for applications to develop non-standard key retrieval
                 mechanisms. Suggestion and patches from Ken Murchison.
         LIBOPENDKIM: Fix bug #SF3559080: Log correct domains and selectors
                 with SSL errors.
         LIBOPENDKIM: Add DNS functions dkim_dns_config(), dkim_dns_init(),
                 dkim_dns_nslist(), dkim_dns_set_init(), dkim_dns_set_close(),
                 dkim_dns_set_nslist(), dkim_dns_set_config(),
                 dkim_dns_set_trustanchor(), dkim_dns_trustanchor().
         LIBOPENDKIM: Patch #SF3562496: Add DKIM_OPTS_REQUIREDHDRS to allow
                 alteration of the mandatory header field set. Patch from
                 Ken Murchison.
         LIBOPENDKIM: If "q=" is present and method "dns" is specified, it
                 must be followed by "/txt", per RFC6376.
         LIBOPENDKIM: For dkim_add_xtag(), copy the provided values so the
                 caller doesn't have to keep them around.
         STATS: Fix bug #SF3555847: Add "--nocircles" to opendkim-gengraphs
                 to allow operation with versions of gnuplot that don't know
                 what "with circles" means. Problem noted by Andreas
         STATS: Patch #SF3555841: Temporary table SQL correction. Patch from
                 Andreas Schulze.
         TOOLS: Feature request #SF3553918: Add "-u" flag to opendkim-atpszone
                 and opendkim-genzone enabling them to produce output suitable
                 for use as input to nsupdate(8). Based on a suggestion by
                 Dave Crocker.
         TOOLS: Feature request #SF3558818: Teach opendkim-testkey about the new
                 "ResolverConfiguration" setting. Based on a problem report
                 from Patrick Ben Koetter.
         TOOLS: Fix bug #SF3565013: Replace opendkim-genkey with a perl script
                 that knows how to do splitting of character-strings in DNS
                 TXT records. Problem reported by Todd Lyons.
         TOOLS: Fix bug #SF3568846: Add "-t" to opendkim-testmsg to allow
                 override of the directory where temporary files go. Also,
                 clean up temporary files after creating them.
         TOOLS: Add opendkim-rephistory.
Received on Tue Sep 25 2012 - 23:06:27 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:43 PST