commit 845b8c0: [Minor] Dkim_signing: correct is_skip_sign logic

Peter Wu peter at
Thu Jan 16 12:28:06 UTC 2020

Author: Peter Wu
Date: 2020-01-16 01:11:49 +0000
URL: (refs/pull/3214/head)

[Minor] Dkim_signing: correct is_skip_sign logic
If any of "sign_networks", "auth_only", or "sign_local" are disabled,
then it should not automatically proceed with signing if the enabled
conditions all fail. For example, if only the auth_only setting is
enabled, and is_authed is false, then signing should be skipped.

An earlier check luckily prevents this correctness issue from being
exploitable ("ignoring unauthenticated mail"), but fix the logic anyway.

 lualib/lua_dkim_tools.lua | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 90bff13d5..42b595670 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,9 +211,9 @@ local function prepare_dkim_signing(N, task, settings)
   local function is_skip_sign()
-    return (settings.sign_networks and not is_sign_networks) and
-        (settings.auth_only and not is_authed) and
-        (settings.sign_local and not is_local)
+    return not (settings.sign_networks and is_sign_networks) and
+        not (settings.auth_only and is_authed) and
+        not (settings.sign_local and is_local)
   if hdom then

More information about the Commits mailing list