#! /bin/sh
# Generated from testsuite.at by GNU Autoconf 2.71.
#
# Copyright (C) 2009-2017, 2020-2021 Free Software Foundation, Inc.
#
# This test suite is free software; the Free Software Foundation gives
# unlimited permission to copy, distribute and modify it.
## -------------------- ##
## M4sh Initialization. ##
## -------------------- ##

# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
as_nop=:
if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
then :
  emulate sh
  NULLCMD=:
  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
  # is contrary to our usage.  Disable this feature.
  alias -g '${1+"$@"}'='"$@"'
  setopt NO_GLOB_SUBST
else $as_nop
  case `(set -o) 2>/dev/null` in #(
  *posix*) :
    set -o posix ;; #(
  *) :
     ;;
esac
fi



# Reset variables that may have inherited troublesome values from
# the environment.

# IFS needs to be set, to space, tab, and newline, in precisely that order.
# (If _AS_PATH_WALK were called with IFS unset, it would have the
# side effect of setting IFS to empty, thus disabling word splitting.)
# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
IFS=" ""	$as_nl"

PS1='$ '
PS2='> '
PS4='+ '

# Ensure predictable behavior from utilities with locale-dependent output.
LC_ALL=C
export LC_ALL
LANGUAGE=C
export LANGUAGE

# We cannot yet rely on "unset" to work, but we need these variables
# to be unset--not just set to an empty or harmless value--now, to
# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh).  This construct
# also avoids known problems related to "unset" and subshell syntax
# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
do eval test \${$as_var+y} \
  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
done

# Ensure that fds 0, 1, and 2 are open.
if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
if (exec 3>&2)            ; then :; else exec 2>/dev/null; fi

# The user is always right.
if ${PATH_SEPARATOR+false} :; then
  PATH_SEPARATOR=:
  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
      PATH_SEPARATOR=';'
  }
fi


# Find who we are.  Look in the path if we contain no directory separator.
as_myself=
case $0 in #((
  *[\\/]* ) as_myself=$0 ;;
  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
    test -r "$as_dir$0" && as_myself=$as_dir$0 && break
  done
IFS=$as_save_IFS

     ;;
esac
# We did not find ourselves, most probably we were run as `sh COMMAND'
# in which case we are not to be found in the path.
if test "x$as_myself" = x; then
  as_myself=$0
fi
if test ! -f "$as_myself"; then
  printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
  exit 1
fi


if test "x$CONFIG_SHELL" = x; then
  as_bourne_compatible="as_nop=:
if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
then :
  emulate sh
  NULLCMD=:
  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
  # is contrary to our usage.  Disable this feature.
  alias -g '\${1+\"\$@\"}'='\"\$@\"'
  setopt NO_GLOB_SUBST
else \$as_nop
  case \`(set -o) 2>/dev/null\` in #(
  *posix*) :
    set -o posix ;; #(
  *) :
     ;;
esac
fi
"
  as_required="as_fn_return () { (exit \$1); }
as_fn_success () { as_fn_return 0; }
as_fn_failure () { as_fn_return 1; }
as_fn_ret_success () { return 0; }
as_fn_ret_failure () { return 1; }

exitcode=0
as_fn_success || { exitcode=1; echo as_fn_success failed.; }
as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
if ( set x; as_fn_ret_success y && test x = \"\$1\" )
then :

else \$as_nop
  exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1
blah=\$(echo \$(echo blah))
test x\"\$blah\" = xblah || exit 1
test -x / || exit 1"
  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
test \$(( 1 + 1 )) = 2 || exit 1"
  if (eval "$as_required") 2>/dev/null
then :
  as_have_required=yes
else $as_nop
  as_have_required=no
fi
  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
then :

else $as_nop
  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_found=false
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
  as_found=:
  case $as_dir in #(
	 /*)
	   for as_base in sh bash ksh sh5; do
	     # Try only shells that exist, to save several forks.
	     as_shell=$as_dir$as_base
	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
		    as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
then :
  CONFIG_SHELL=$as_shell as_have_required=yes
		   if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
then :
  break 2
fi
fi
	   done;;
       esac
  as_found=false
done
IFS=$as_save_IFS
if $as_found
then :

else $as_nop
  if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
	      as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
then :
  CONFIG_SHELL=$SHELL as_have_required=yes
fi
fi


      if test "x$CONFIG_SHELL" != x
then :
  export CONFIG_SHELL
             # We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
case $- in # ((((
  *v*x* | *x*v* ) as_opts=-vx ;;
  *v* ) as_opts=-v ;;
  *x* ) as_opts=-x ;;
  * ) as_opts= ;;
esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi

    if test x$as_have_required = xno
then :
  printf "%s\n" "$0: This script requires a shell more modern than all"
  printf "%s\n" "$0: the shells that I found on your system."
  if test ${ZSH_VERSION+y} ; then
    printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
    printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
  else
    printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
$0: including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
  fi
  exit 1
fi
fi
fi
SHELL=${CONFIG_SHELL-/bin/sh}
export SHELL
# Unset more variables known to interfere with behavior of common tools.
CLICOLOR_FORCE= GREP_OPTIONS=
unset CLICOLOR_FORCE GREP_OPTIONS

## --------------------- ##
## M4sh Shell Functions. ##
## --------------------- ##
# as_fn_unset VAR
# ---------------
# Portably unset VAR.
as_fn_unset ()
{
  { eval $1=; unset $1;}
}
as_unset=as_fn_unset


# as_fn_set_status STATUS
# -----------------------
# Set $? to STATUS, without forking.
as_fn_set_status ()
{
  return $1
} # as_fn_set_status

# as_fn_exit STATUS
# -----------------
# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
as_fn_exit ()
{
  set +e
  as_fn_set_status $1
  exit $1
} # as_fn_exit
# as_fn_nop
# ---------
# Do nothing but, unlike ":", preserve the value of $?.
as_fn_nop ()
{
  return $?
}
as_nop=as_fn_nop

# as_fn_mkdir_p
# -------------
# Create "$as_dir" as a directory, including parents if necessary.
as_fn_mkdir_p ()
{

  case $as_dir in #(
  -*) as_dir=./$as_dir;;
  esac
  test -d "$as_dir" || eval $as_mkdir_p || {
    as_dirs=
    while :; do
      case $as_dir in #(
      *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
      *) as_qdir=$as_dir;;
      esac
      as_dirs="'$as_qdir' $as_dirs"
      as_dir=`$as_dirname -- "$as_dir" ||
$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
	 X"$as_dir" : 'X\(//\)[^/]' \| \
	 X"$as_dir" : 'X\(//\)$' \| \
	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
printf "%s\n" X"$as_dir" |
    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
	    s//\1/
	    q
	  }
	  /^X\(\/\/\)[^/].*/{
	    s//\1/
	    q
	  }
	  /^X\(\/\/\)$/{
	    s//\1/
	    q
	  }
	  /^X\(\/\).*/{
	    s//\1/
	    q
	  }
	  s/.*/./; q'`
      test -d "$as_dir" && break
    done
    test -z "$as_dirs" || eval "mkdir $as_dirs"
  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"


} # as_fn_mkdir_p

# as_fn_executable_p FILE
# -----------------------
# Test if FILE is an executable regular file.
as_fn_executable_p ()
{
  test -f "$1" && test -x "$1"
} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
# advantage of any shell optimizations that allow amortized linear growth over
# repeated appends, instead of the typical quadratic growth present in naive
# implementations.
if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
then :
  eval 'as_fn_append ()
  {
    eval $1+=\$2
  }'
else $as_nop
  as_fn_append ()
  {
    eval $1=\$$1\$2
  }
fi # as_fn_append

# as_fn_arith ARG...
# ------------------
# Perform arithmetic evaluation on the ARGs, and store the result in the
# global $as_val. Take advantage of shells that can avoid forks. The arguments
# must be portable across $(()) and expr.
if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
then :
  eval 'as_fn_arith ()
  {
    as_val=$(( $* ))
  }'
else $as_nop
  as_fn_arith ()
  {
    as_val=`expr "$@" || test $? -eq 1`
  }
fi # as_fn_arith


# as_fn_error STATUS ERROR [LINENO LOG_FD]
# ----------------------------------------
# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
# script with STATUS, using 1 if that was 0.
as_fn_error ()
{
  as_status=$1; test $as_status -eq 0 && as_status=1
  if test "$4"; then
    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
    printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
  fi
  printf "%s\n" "$as_me: error: $2" >&2
  as_fn_exit $as_status
} # as_fn_error

if expr a : '\(a\)' >/dev/null 2>&1 &&
   test "X`expr 00001 : '.*\(...\)'`" = X001; then
  as_expr=expr
else
  as_expr=false
fi

if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
  as_basename=basename
else
  as_basename=false
fi

as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
	 X"$0" : 'X\(//\)$' \| \
	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
printf "%s\n" X/"$0" |
    sed '/^.*\/\([^/][^/]*\)\/*$/{
	    s//\1/
	    q
	  }
	  /^X\/\(\/\/\)$/{
	    s//\1/
	    q
	  }
	  /^X\/\(\/\).*/{
	    s//\1/
	    q
	  }
	  s/.*/./; q'`

if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
  as_dirname=dirname
else
  as_dirname=false
fi

# Avoid depending upon Character Ranges.
as_cr_letters='abcdefghijklmnopqrstuvwxyz'
as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits


  as_lineno_1=$LINENO as_lineno_1a=$LINENO
  as_lineno_2=$LINENO as_lineno_2a=$LINENO
  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
  sed -n '
    p
    /[$]LINENO/=
  ' <$as_myself |
    sed '
      s/[$]LINENO.*/&-/
      t lineno
      b
      :lineno
      N
      :loop
      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
      t loop
      s/-\n.*//
    ' >$as_me.lineno &&
  chmod +x "$as_me.lineno" ||
    { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }

  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
  # already done that, so ensure we don't try to do so again and fall
  # in an infinite loop.  This has already happened in practice.
  _as_can_reexec=no; export _as_can_reexec
  # Don't try to exec as it changes $[0], causing all sort of problems
  # (the dirname of $[0] is not the place where we might find the
  # original and so on.  Autoconf is especially sensitive to this).
  . "./$as_me.lineno"
  # Exit status is that of the last command.
  exit
}


# Determine whether it's possible to make 'echo' print without a newline.
# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in #(((((
-n*)
  case `echo 'xy\c'` in
  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
  xy)  ECHO_C='\c';;
  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
       ECHO_T='	';;
  esac;;
*)
  ECHO_N='-n';;
esac

# For backward compatibility with old third-party macros, we provide
# the shell variables $as_echo and $as_echo_n.  New code should use
# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
as_echo='printf %s\n'
as_echo_n='printf %s'


rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
  rm -f conf$$.dir/conf$$.file
else
  rm -f conf$$.dir
  mkdir conf$$.dir 2>/dev/null
fi
if (echo >conf$$.file) 2>/dev/null; then
  if ln -s conf$$.file conf$$ 2>/dev/null; then
    as_ln_s='ln -s'
    # ... but there are two gotchas:
    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
    # In both cases, we have to default to `cp -pR'.
    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
      as_ln_s='cp -pR'
  elif ln conf$$.file conf$$ 2>/dev/null; then
    as_ln_s=ln
  else
    as_ln_s='cp -pR'
  fi
else
  as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null

if mkdir -p . 2>/dev/null; then
  as_mkdir_p='mkdir -p "$as_dir"'
else
  test -d ./-p && rmdir ./-p
  as_mkdir_p=false
fi

as_test_x='test -x'
as_executable_p=as_fn_executable_p

# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"

# Sed expression to map a string onto a valid variable name.
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"





SHELL=${CONFIG_SHELL-/bin/sh}

# How were we run?
at_cli_args="$@"


# Not all shells have the 'times' builtin; the subshell is needed to make
# sure we discard the 'times: not found' message from the shell.
at_times_p=false
(times) >/dev/null 2>&1 && at_times_p=:

# CLI Arguments to pass to the debugging scripts.
at_debug_args=
# -e sets to true
at_errexit_p=false
# Shall we be verbose?  ':' means no, empty means yes.
at_verbose=:
at_quiet=
# Running several jobs in parallel, 0 means as many as test groups.
at_jobs=1
at_traceon=:
at_trace_echo=:
at_check_filter_trace=:

# Shall we keep the debug scripts?  Must be `:' when the suite is
# run by a debug script, so that the script doesn't remove itself.
at_debug_p=false
# Display help message?
at_help_p=false
# Display the version message?
at_version_p=false
# List test groups?
at_list_p=false
# --clean
at_clean=false
# Test groups to run
at_groups=
# Whether to rerun failed tests.
at_recheck=
# Whether a write failure occurred
at_write_fail=0

# The directory we run the suite in.  Default to . if no -C option.
at_dir=`pwd`
# An absolute reference to this testsuite script.
case $as_myself in
  [\\/]* | ?:[\\/]* ) at_myself=$as_myself ;;
  * ) at_myself=$at_dir/$as_myself ;;
esac
# Whether -C is in effect.
at_change_dir=false

# Whether to enable colored test results.
at_color=no
# As many question marks as there are digits in the last test group number.
# Used to normalize the test group numbers so that `ls' lists them in
# numerical order.
at_format='???'
# Description of all the test groups.
at_help_all="1;testsuite.at:354;test default parameters;;
2;testsuite.at:364;test integer overflow is caught;;
3;testsuite.at:381;test backslash for parameter line continuation;;
4;testsuite.at:393;Sign and verify my signature;;
5;testsuite.at:465;Repeat with key choice;;
6;testsuite.at:545;Fold very long From:;;
7;testsuite.at:619;Sign with default domain;;
8;testsuite.at:643;Sign with extension tag;;
9;testsuite.at:682;Sign with default domain, selector given;;
10;testsuite.at:707;Sign with default domain, selector linked;;
11;testsuite.at:770;Verify simple author signature;;
12;testsuite.at:778;Verify author signature mixed with other 1/6;;
13;testsuite.at:785;Verify author signature mixed with other 2/6;;
14;testsuite.at:792;Verify author signature mixed with other 3/6;;
15;testsuite.at:799;Verify author signature mixed with other 4/6;;
16;testsuite.at:806;Verify author signature mixed with other 5/6;;
17;testsuite.at:813;Verify author signature mixed with other 6/6;;
18;testsuite.at:820;Verify simple author failed signature;;
19;testsuite.at:828;Verify sender signature mixed with other 1/6;;
20;testsuite.at:836;Verify sender signature mixed with other 2/6;;
21;testsuite.at:843;Verify sender signature mixed with other 3/6;;
22;testsuite.at:850;Verify sender signature mixed with other 4/6;;
23;testsuite.at:857;Verify sender signature mixed with other 5/6;;
24;testsuite.at:864;Verify sender signature mixed with other 6/6;;
25;testsuite.at:875;Verify the IP address passed to database;;
26;testsuite.at:886;Verify the IP address and iprev;;
27;testsuite.at:902;Verify the bounce address passed to database;;
28;testsuite.at:914;Verify bounce address after signing;;
29;testsuite.at:947;Reject message with non-existent HELO domain;;
30;testsuite.at:987;Reject message with non-existent From: domain;;
31;testsuite.at:1029;Accept message with non-existent From: domain;;
32;testsuite.at:1058;Whitelisted sender, non-existent From: domain;;
33;testsuite.at:1130;Whitelisted signer, non-existent From: domain;;
34;testsuite.at:1188;Whitelisted both ways, SPF ignored;;
35;testsuite.at:1268;Dkim whitelisting with SPF-validated signer;;
36;testsuite.at:1333;Whitelisted but not authenticated From: domain;;
37;testsuite.at:1392;Verify author signature with policy: all;;
38;testsuite.at:1427;Verify author signature with policy: discard;;
39;testsuite.at:1462;Fail author signature with policy: all;;
40;testsuite.at:1497;Reject author signature with policy: all;;
41;testsuite.at:1522;Drop author signature with policy: discard;;
42;testsuite.at:1551;Whitelisted sender, failed policy: accept;;
43;testsuite.at:1593;Verify sender, fail author, policy: all;;
44;testsuite.at:1628;Verify sender, fail author, policy: discard;;
45;testsuite.at:1661;Missing author signature with policy: all;;
46;testsuite.at:1696;Missing author signature with policy: discard;;
47;testsuite.at:1731;Mandatory author signature without SPF;;
48;testsuite.at:1765;Drop missing signature with 1 recipient;;
49;testsuite.at:1803;No signature, no policy, and no SPF;;
50;testsuite.at:1838;Save From: even with no authentication;;
51;testsuite.at:1876;Cannot write unauthenticated msg w/o From:;;
52;testsuite.at:1924;Reject missing From:;;
53;testsuite.at:1959;Logging specific header fields to the DB;;
54;testsuite.at:2072;Signing after the From field;;
55;testsuite.at:2082;Not signing for missing choice field;;
56;testsuite.at:2092;Not signing for missing key;;
57;testsuite.at:2103;Default domain even if login domain;;
58;testsuite.at:2113;Login domain preferred;;
59;testsuite.at:2123;Login domain not preferred;;
60;testsuite.at:2133;Custom field, second instance overrides;;
61;testsuite.at:2147;Custom field, second instance does not override;;
62;testsuite.at:2186;A-R layout with multiple signatures;;
63;testsuite.at:2198;Whitelisted domain reported;;
64;testsuite.at:2216;Whitelisted domain;;
65;testsuite.at:2234;Report all sigs;;
66;testsuite.at:2249;Report all sigs with header.b;;
67;testsuite.at:2275;Reject too many signatures;;
68;testsuite.at:2300;Obfuscate userid;;
69;testsuite.at:2339;Retrieve obfuscated userid;;
70;testsuite.at:2350;Retrieve target domains;;
71;testsuite.at:2392;Check zdkimsign finds the right executable;;
72;testsuite.at:2405;Sign and verify with no-fork;;
73;testsuite.at:2450;Non filtered file copied to stdout if no-fork;;
74;testsuite.at:2470;Zdkimsign copies pipe to tmp;;
75;testsuite.at:2483;Zdkimsign reads default domain;;
76;testsuite.at:2499;Zdkimsign reads message recipients;;
77;testsuite.at:2535;Create blocked user list;;
78;testsuite.at:2553;Update blocked user list;;
79;testsuite.at:2576;Update blocked user list missing key;;
80;testsuite.at:2598;Update blocked user list missing key and domain;;
81;testsuite.at:2621;Reject blocked user;;
82;testsuite.at:2647;Reject blocked user missing domain;;
83;testsuite.at:2674;Reject blocked user sending also to postmaster;;
84;testsuite.at:2701;Accept blocked user sending to postmaster only;;
85;testsuite.at:2733;Check parsing Authentication-Results;;
86;testsuite.at:2779;Check renaming false Authentication-Results;;
87;testsuite.at:2804;DNSWL sender, non-existent From: domain;;
88;testsuite.at:2850;DNSWL sender domain logged to the database;;
89;testsuite.at:2884;Reload config after signing;;
90;testsuite.at:2917;Check parsing split_verify option;;
91;testsuite.at:2956;Check complaint_flag values;;
92;testsuite.at:3059;Verify action_header drop and 127.0.0.255;;
93;testsuite.at:3120;Not dropped if worthiness 2 (signed);;
94;testsuite.at:3181;Still dropped if shot worth sender;;
95;testsuite.at:3215;Not dropped if worthiness 2 (not signed);;
96;testsuite.at:3273;Not dropped if whitelisted (author signature);;
97;testsuite.at:3327;Not dropped if whitelisted (SPF auth);;
98;testsuite.at:3378;Not dropped if whitelisted (SPF auth, signed);;
99;testsuite.at:3433;Verify action_header reject;;
100;testsuite.at:3481;Verify action_header drop and save message;;
101;testsuite.at:3602;DMARC non-none policy reported;;
102;testsuite.at:3616;DMARC failed quarantine reported;;
103;testsuite.at:3629;DMARC failed quarantine honored;;
104;testsuite.at:3642;DMARC failed reject reported;;
105;testsuite.at:3655;DMARC failed reject honored;;
106;testsuite.at:3663;DMARC failed reject pct=0;;
107;testsuite.at:3671;DMARC failed reject honored from database;;
108;testsuite.at:3680;DMARC failed subdomain honored from database;;
109;testsuite.at:3689;DMARC reject not honored if whitelisted;;
110;testsuite.at:3707;DMARC reject not honored if dnswl'd;;
111;testsuite.at:3728;DMARC pass signed by subdomain;;
112;testsuite.at:3741;DMARC reject signed by subdomain shot;;
113;testsuite.at:3750;DMARC pass SPF HELO by subdomain;;
114;testsuite.at:3763;DMARC reject SPF HELO by subdomain shot;;
115;testsuite.at:3772;DMARC pass SPF MAILFROM by subdomain;;
116;testsuite.at:3785;DMARC reject SPF MAILFROM by subdomain shot;;
117;testsuite.at:3794;DMARC pass SPF FROM (non standard) by subdomain;;
118;testsuite.at:3806;DMARC reject SPF FROM by subdomain shot;;
119;testsuite.at:3816;DMARC subdomain signed by domain;;
120;testsuite.at:3829;DMARC subdomain shot signed by domain;;
121;testsuite.at:3838;DMARC subdomain shot signed by domain white;;
122;testsuite.at:3849;DMARC subdomain white signed by domain shot;;
123;testsuite.at:3858;DMARC subdomain SPF HELO by domain;;
124;testsuite.at:3871;DMARC subdomain SPF MAILFROM by domain;;
125;testsuite.at:3884;DMARC subdomain SPF MAILFROM by domain shot;;
126;testsuite.at:3893;DMARC sub SPF FROM (non standard) by domain;;
127;testsuite.at:3906;DMARC subdomain signed by subdomain;;
128;testsuite.at:3919;DMARC subdomain signed, domain shot;;
129;testsuite.at:3928;DMARC subdomain SPF by another subdomain;;
130;testsuite.at:3946;DMARC auth by subdomain strict dkim;;
131;testsuite.at:3960;DMARC auth by subdomain strict spf;;
132;testsuite.at:3974;DMARC auth by subdomain strict both;;
133;testsuite.at:3982;DMARC forced with no policy, auth SPF;;
134;testsuite.at:3991;DMARC forced with no policy, no auth;;
135;testsuite.at:4001;DMARC forced with p=none, auth SPF;;
136;testsuite.at:4009;DMARC forced with p=none, no auth;;
137;testsuite.at:4041;Find PSD quarantine;;
138;testsuite.at:4054;Find PSD with np=reject;;
139;testsuite.at:4064;Check wrapping long lines on signing;;
140;testsuite.at:4121;Header with empty lines;;
141;testsuite.at:4148;Undo percent relay basic;;
142;testsuite.at:4171;Sign with RELAYCLIENT;;
143;testsuite.at:4198;Prevent signing with let_relayclient_alone;;
144;testsuite.at:4226;Publicsuffix operation;;
145;testsuite.at:4249;Sign and verify EAI;;
146;testsuite.at:4319;Sign without uauthsmtp;;
147;testsuite.at:4362;Check cstring utility;;
148;testsuite.at:4367;Check MLM trans text/plain;;
149;testsuite.at:4448;Check MLM trans text/plain base64 encoded;;
150;testsuite.at:4522;Quoted-printable conversion to base64;;
151;testsuite.at:4598;Quoted-printable not converted to base64;;
152;testsuite.at:4648;Check MLM trans text/plain base64 both;;
153;testsuite.at:4726;Check MLM trans multipart mime-wrap;;
154;testsuite.at:4837;Check MLM trans multipart add-part;;
155;testsuite.at:4939;Check MLM trans multipart add-part 2;;
156;testsuite.at:5046;Check MLM trans with base64-encoded footer;;
157;testsuite.at:5238;Check MLM trans header only;;
158;testsuite.at:5300;Check MLM trans header only not signed;;
159;testsuite.at:5364;Sign and verify Ed25519 signature;;
160;testsuite.at:5449;Verify RFC 8463;;
161;testsuite.at:5516;Check sign local;;
162;testsuite.at:5564;mailto_domain() function;;
163;testsuite.at:5587;Seal and verify ARC set;;
164;testsuite.at:5634;Copy A-R to ARC-Authentication-Results;;
165;testsuite.at:5789;ARC sets sequence;;
166;testsuite.at:6006;ARC fail after Authentication-Results;;
167;testsuite.at:6234;Detect bad ARC chains;;
168;testsuite.at:6476;Sign and verify message with no body;;
169;testsuite.at:6547;Tree Walk definitions;;
"
# List of the all the test groups.
at_groups_all=`printf "%s\n" "$at_help_all" | sed 's/;.*//'`

# at_fn_validate_ranges NAME...
# -----------------------------
# Validate and normalize the test group number contained in each variable
# NAME. Leading zeroes are treated as decimal.
at_fn_validate_ranges ()
{
  for at_grp
  do
    eval at_value=\$$at_grp
    if test $at_value -lt 1 || test $at_value -gt 169; then
      printf "%s\n" "invalid test group: $at_value" >&2
      exit 1
    fi
    case $at_value in
      0*) # We want to treat leading 0 as decimal, like expr and test, but
	  # AS_VAR_ARITH treats it as octal if it uses $(( )).
	  # With XSI shells, ${at_value#${at_value%%[1-9]*}} avoids the
	  # expr fork, but it is not worth the effort to determine if the
	  # shell supports XSI when the user can just avoid leading 0.
	  eval $at_grp='`expr $at_value + 0`' ;;
    esac
  done
}
# List of the tested programs.
at_tested='"zdkimfilter"
"TESTmailto"'


at_prev=
for at_option
do
  # If the previous option needs an argument, assign it.
  if test -n "$at_prev"; then
    at_option=$at_prev=$at_option
    at_prev=
  fi

  case $at_option in
  *=?*) at_optarg=`expr "X$at_option" : '[^=]*=\(.*\)'` ;;
  *)    at_optarg= ;;
  esac

  case $at_option in
    --help | -h )
	at_help_p=:
	;;

    --list | -l )
	at_list_p=:
	;;

    --version | -V )
	at_version_p=:
	;;

    --clean | -c )
	at_clean=:
	;;

    --color )
	at_color=always
	;;
    --color=* )
	case $at_optarg in
	no | never | none) at_color=never ;;
	auto | tty | if-tty) at_color=auto ;;
	always | yes | force) at_color=always ;;
	*) at_optname=`echo " $at_option" | sed 's/^ //; s/=.*//'`
	   as_fn_error $? "unrecognized argument to $at_optname: $at_optarg" ;;
	esac
	;;

    --debug | -d )
	at_debug_p=:
	;;

    --errexit | -e )
	at_debug_p=:
	at_errexit_p=:
	;;

    --verbose | -v )
	at_verbose=; at_quiet=:
	;;

    --trace | -x )
	at_traceon='set -x'
	at_trace_echo=echo
	at_check_filter_trace=at_fn_filter_trace
	;;

    [0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9])
	at_fn_validate_ranges at_option
	as_fn_append at_groups "$at_option$as_nl"
	;;

    # Ranges
    [0-9]- | [0-9][0-9]- | [0-9][0-9][0-9]- | [0-9][0-9][0-9][0-9]-)
	at_range_start=`echo $at_option |tr -d X-`
	at_fn_validate_ranges at_range_start
	at_range=`printf "%s\n" "$at_groups_all" | \
	  sed -ne '/^'$at_range_start'$/,$p'`
	as_fn_append at_groups "$at_range$as_nl"
	;;

    -[0-9] | -[0-9][0-9] | -[0-9][0-9][0-9] | -[0-9][0-9][0-9][0-9])
	at_range_end=`echo $at_option |tr -d X-`
	at_fn_validate_ranges at_range_end
	at_range=`printf "%s\n" "$at_groups_all" | \
	  sed -ne '1,/^'$at_range_end'$/p'`
	as_fn_append at_groups "$at_range$as_nl"
	;;

    [0-9]-[0-9] | [0-9]-[0-9][0-9] | [0-9]-[0-9][0-9][0-9] | \
    [0-9]-[0-9][0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9] | \
    [0-9][0-9]-[0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9][0-9][0-9] | \
    [0-9][0-9][0-9]-[0-9][0-9][0-9] | \
    [0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] | \
    [0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] )
	at_range_start=`expr $at_option : '\(.*\)-'`
	at_range_end=`expr $at_option : '.*-\(.*\)'`
	if test $at_range_start -gt $at_range_end; then
	  at_tmp=$at_range_end
	  at_range_end=$at_range_start
	  at_range_start=$at_tmp
	fi
	at_fn_validate_ranges at_range_start at_range_end
	at_range=`printf "%s\n" "$at_groups_all" | \
	  sed -ne '/^'$at_range_start'$/,/^'$at_range_end'$/p'`
	as_fn_append at_groups "$at_range$as_nl"
	;;

    # Directory selection.
    --directory | -C )
	at_prev=--directory
	;;
    --directory=* )
	at_change_dir=:
	at_dir=$at_optarg
	if test x- = "x$at_dir" ; then
	  at_dir=./-
	fi
	;;

    # Parallel execution.
    --jobs | -j )
	at_jobs=0
	;;
    --jobs=* | -j[0-9]* )
	if test -n "$at_optarg"; then
	  at_jobs=$at_optarg
	else
	  at_jobs=`expr X$at_option : 'X-j\(.*\)'`
	fi
	case $at_jobs in *[!0-9]*)
	  at_optname=`echo " $at_option" | sed 's/^ //; s/[0-9=].*//'`
	  as_fn_error $? "non-numeric argument to $at_optname: $at_jobs" ;;
	esac
	;;

    # Keywords.
    --keywords | -k )
	at_prev=--keywords
	;;
    --keywords=* )
	at_groups_selected=$at_help_all
	at_save_IFS=$IFS
	IFS=,
	set X $at_optarg
	shift
	IFS=$at_save_IFS
	for at_keyword
	do
	  at_invert=
	  case $at_keyword in
	  '!'*)
	    at_invert="-v"
	    at_keyword=`expr "X$at_keyword" : 'X!\(.*\)'`
	    ;;
	  esac
	  # It is on purpose that we match the test group titles too.
	  at_groups_selected=`printf "%s\n" "$at_groups_selected" |
	      grep -i $at_invert "^[1-9][^;]*;.*[; ]$at_keyword[ ;]"`
	done
	# Smash the keywords.
	at_groups_selected=`printf "%s\n" "$at_groups_selected" | sed 's/;.*//'`
	as_fn_append at_groups "$at_groups_selected$as_nl"
	;;
    --recheck)
	at_recheck=:
	;;

    *=*)
	at_envvar=`expr "x$at_option" : 'x\([^=]*\)='`
	# Reject names that are not valid shell variable names.
	case $at_envvar in
	  '' | [0-9]* | *[!_$as_cr_alnum]* )
	    as_fn_error $? "invalid variable name: \`$at_envvar'" ;;
	esac
	at_value=`printf "%s\n" "$at_optarg" | sed "s/'/'\\\\\\\\''/g"`
	# Export now, but save eval for later and for debug scripts.
	export $at_envvar
	as_fn_append at_debug_args " $at_envvar='$at_value'"
	;;

     *) printf "%s\n" "$as_me: invalid option: $at_option" >&2
	printf "%s\n" "Try \`$0 --help' for more information." >&2
	exit 1
	;;
  esac
done

# Verify our last option didn't require an argument
if test -n "$at_prev"
then :
  as_fn_error $? "\`$at_prev' requires an argument"
fi

# The file containing the suite.
at_suite_log=$at_dir/$as_me.log

# Selected test groups.
if test -z "$at_groups$at_recheck"; then
  at_groups=$at_groups_all
else
  if test -n "$at_recheck" && test -r "$at_suite_log"; then
    at_oldfails=`sed -n '
      /^Failed tests:$/,/^Skipped tests:$/{
	s/^[ ]*\([1-9][0-9]*\):.*/\1/p
      }
      /^Unexpected passes:$/,/^## Detailed failed tests/{
	s/^[ ]*\([1-9][0-9]*\):.*/\1/p
      }
      /^## Detailed failed tests/q
      ' "$at_suite_log"`
    as_fn_append at_groups "$at_oldfails$as_nl"
  fi
  # Sort the tests, removing duplicates.
  at_groups=`printf "%s\n" "$at_groups" | sort -nu | sed '/^$/d'`
fi

if test x"$at_color" = xalways \
   || { test x"$at_color" = xauto && test -t 1; }; then
  at_red=`printf '\033[0;31m'`
  at_grn=`printf '\033[0;32m'`
  at_lgn=`printf '\033[1;32m'`
  at_blu=`printf '\033[1;34m'`
  at_std=`printf '\033[m'`
else
  at_red= at_grn= at_lgn= at_blu= at_std=
fi

# Help message.
if $at_help_p; then
  cat <<_ATEOF || at_write_fail=1
Usage: $0 [OPTION]... [VARIABLE=VALUE]... [TESTS]

Run all the tests, or the selected TESTS, given by numeric ranges, and
save a detailed log file.  Upon failure, create debugging scripts.

Do not change environment variables directly.  Instead, set them via
command line arguments.  Set \`AUTOTEST_PATH' to select the executables
to exercise.  Each relative directory is expanded as build and source
directories relative to the top level of this distribution.
E.g., from within the build directory /tmp/foo-1.0, invoking this:

  $ $0 AUTOTEST_PATH=bin

is equivalent to the following, assuming the source directory is /src/foo-1.0:

  PATH=/tmp/foo-1.0/bin:/src/foo-1.0/bin:\$PATH $0
_ATEOF
cat <<_ATEOF || at_write_fail=1

Operation modes:
  -h, --help     print the help message, then exit
  -V, --version  print version number, then exit
  -c, --clean    remove all the files this test suite might create and exit
  -l, --list     describes all the tests, or the selected TESTS
_ATEOF
cat <<_ATEOF || at_write_fail=1

Execution tuning:
  -C, --directory=DIR
                 change to directory DIR before starting
      --color[=never|auto|always]
                 enable colored test results on terminal, or always
  -j, --jobs[=N]
                 Allow N jobs at once; infinite jobs with no arg (default 1)
  -k, --keywords=KEYWORDS
                 select the tests matching all the comma-separated KEYWORDS
                 multiple \`-k' accumulate; prefixed \`!' negates a KEYWORD
      --recheck  select all tests that failed or passed unexpectedly last time
  -e, --errexit  abort as soon as a test fails; implies --debug
  -v, --verbose  force more detailed output
                 default for debugging scripts
  -d, --debug    inhibit clean up and top-level logging
                 default for debugging scripts
  -x, --trace    enable tests shell tracing
_ATEOF
cat <<_ATEOF || at_write_fail=1

Report bugs to <vesely@tana.it>.
_ATEOF
  exit $at_write_fail
fi

# List of tests.
if $at_list_p; then
  cat <<_ATEOF || at_write_fail=1
zdkimfilter for courier 3.21 test suite test groups:

 NUM: FILE-NAME:LINE     TEST-GROUP-NAME
      KEYWORDS

_ATEOF
  # Pass an empty line as separator between selected groups and help.
  printf "%s\n" "$at_groups$as_nl$as_nl$at_help_all" |
    awk 'NF == 1 && FS != ";" {
	   selected[$ 1] = 1
	   next
	 }
	 /^$/ { FS = ";" }
	 NF > 0 {
	   if (selected[$ 1]) {
	     printf " %3d: %-18s %s\n", $ 1, $ 2, $ 3
	     if ($ 4) {
	       lmax = 79
	       indent = "     "
	       line = indent
	       len = length (line)
	       n = split ($ 4, a, " ")
	       for (i = 1; i <= n; i++) {
		 l = length (a[i]) + 1
		 if (i > 1 && len + l > lmax) {
		   print line
		   line = indent " " a[i]
		   len = length (line)
		 } else {
		   line = line " " a[i]
		   len += l
		 }
	       }
	       if (n)
		 print line
	     }
	   }
	 }' || at_write_fail=1
  exit $at_write_fail
fi
if $at_version_p; then
  printf "%s\n" "$as_me (zdkimfilter for courier 3.21)" &&
  cat <<\_ATEOF || at_write_fail=1

Copyright (C) 2021 Free Software Foundation, Inc.
This test suite is free software; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
_ATEOF
  exit $at_write_fail
fi

# Should we print banners?  Yes if more than one test is run.
case $at_groups in #(
  *$as_nl* )
      at_print_banners=: ;; #(
  * ) at_print_banners=false ;;
esac
# Text for banner N, set to a single space once printed.

# Take any -C into account.
if $at_change_dir ; then
  test x != "x$at_dir" && cd "$at_dir" \
    || as_fn_error $? "unable to change directory"
  at_dir=`pwd`
fi

# Load the config files for any default variable assignments.
for at_file in atconfig atlocal
do
  test -r $at_file || continue
  . ./$at_file || as_fn_error $? "invalid content: $at_file"
done

# Autoconf <=2.59b set at_top_builddir instead of at_top_build_prefix:
: "${at_top_build_prefix=$at_top_builddir}"

# Perform any assignments requested during argument parsing.
eval "$at_debug_args"

# atconfig delivers names relative to the directory the test suite is
# in, but the groups themselves are run in testsuite-dir/group-dir.
if test -n "$at_top_srcdir"; then
  builddir=../..
  for at_dir_var in srcdir top_srcdir top_build_prefix
  do
    eval at_val=\$at_$at_dir_var
    case $at_val in
      [\\/$]* | ?:[\\/]* ) at_prefix= ;;
      *) at_prefix=../../ ;;
    esac
    eval "$at_dir_var=\$at_prefix\$at_val"
  done
fi

## -------------------- ##
## Directory structure. ##
## -------------------- ##

# This is the set of directories and files used by this script
# (non-literals are capitalized):
#
# TESTSUITE         - the testsuite
# TESTSUITE.log     - summarizes the complete testsuite run
# TESTSUITE.dir/    - created during a run, remains after -d or failed test
# + at-groups/      - during a run: status of all groups in run
# | + NNN/          - during a run: meta-data about test group NNN
# | | + check-line  - location (source file and line) of current AT_CHECK
# | | + status      - exit status of current AT_CHECK
# | | + stdout      - stdout of current AT_CHECK
# | | + stder1      - stderr, including trace
# | | + stderr      - stderr, with trace filtered out
# | | + test-source - portion of testsuite that defines group
# | | + times       - timestamps for computing duration
# | | + pass        - created if group passed
# | | + xpass       - created if group xpassed
# | | + fail        - created if group failed
# | | + xfail       - created if group xfailed
# | | + skip        - created if group skipped
# + at-stop         - during a run: end the run if this file exists
# + at-source-lines - during a run: cache of TESTSUITE line numbers for extraction
# + 0..NNN/         - created for each group NNN, remains after -d or failed test
# | + TESTSUITE.log - summarizes the group results
# | + ...           - files created during the group

# The directory the whole suite works in.
# Should be absolute to let the user `cd' at will.
at_suite_dir=$at_dir/$as_me.dir
# The file containing the suite ($at_dir might have changed since earlier).
at_suite_log=$at_dir/$as_me.log
# The directory containing helper files per test group.
at_helper_dir=$at_suite_dir/at-groups
# Stop file: if it exists, do not start new jobs.
at_stop_file=$at_suite_dir/at-stop
# The fifo used for the job dispatcher.
at_job_fifo=$at_suite_dir/at-job-fifo

if $at_clean; then
  test -d "$at_suite_dir" &&
    find "$at_suite_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \;
  rm -f -r "$at_suite_dir" "$at_suite_log"
  exit $?
fi

# Don't take risks: use only absolute directories in PATH.
#
# For stand-alone test suites (ie. atconfig was not found),
# AUTOTEST_PATH is relative to `.'.
#
# For embedded test suites, AUTOTEST_PATH is relative to the top level
# of the package.  Then expand it into build/src parts, since users
# may create executables in both places.
AUTOTEST_PATH=`printf "%s\n" "$AUTOTEST_PATH" | sed "s|:|$PATH_SEPARATOR|g"`
at_path=
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $AUTOTEST_PATH $PATH
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
    test -n "$at_path" && as_fn_append at_path $PATH_SEPARATOR
case $as_dir in
  [\\/]* | ?:[\\/]* )
    as_fn_append at_path "$as_dir"
    ;;
  * )
    if test -z "$at_top_build_prefix"; then
      # Stand-alone test suite.
      as_fn_append at_path "$as_dir"
    else
      # Embedded test suite.
      as_fn_append at_path "$at_top_build_prefix$as_dir$PATH_SEPARATOR"
      as_fn_append at_path "$at_top_srcdir/$as_dir"
    fi
    ;;
esac
  done
IFS=$as_save_IFS


# Now build and simplify PATH.
#
# There might be directories that don't exist, but don't redirect
# builtins' (eg., cd) stderr directly: Ultrix's sh hates that.
at_new_path=
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $at_path
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
    test -d "$as_dir" || continue
case $as_dir in
  [\\/]* | ?:[\\/]* ) ;;
  * ) as_dir=`(cd "$as_dir" && pwd) 2>/dev/null` ;;
esac
case $PATH_SEPARATOR$at_new_path$PATH_SEPARATOR in
  *$PATH_SEPARATOR$as_dir$PATH_SEPARATOR*) ;;
  $PATH_SEPARATOR$PATH_SEPARATOR) at_new_path=$as_dir ;;
  *) as_fn_append at_new_path "$PATH_SEPARATOR$as_dir" ;;
esac
  done
IFS=$as_save_IFS

PATH=$at_new_path
export PATH

# Setting up the FDs.



# 5 is the log file.  Not to be overwritten if `-d'.
if $at_debug_p; then
  at_suite_log=/dev/null
else
  : >"$at_suite_log"
fi
exec 5>>"$at_suite_log"

# Banners and logs.
printf "%s\n" "## ---------------------------------------- ##
## zdkimfilter for courier 3.21 test suite. ##
## ---------------------------------------- ##"
{
  printf "%s\n" "## ---------------------------------------- ##
## zdkimfilter for courier 3.21 test suite. ##
## ---------------------------------------- ##"
  echo

  printf "%s\n" "$as_me: command line was:"
  printf "%s\n" "  \$ $0 $at_cli_args"
  echo

  # If ChangeLog exists, list a few lines in case it might help determining
  # the exact version.
  if test -n "$at_top_srcdir" && test -f "$at_top_srcdir/ChangeLog"; then
    printf "%s\n" "## ---------- ##
## ChangeLog. ##
## ---------- ##"
    echo
    sed 's/^/| /;10q' "$at_top_srcdir/ChangeLog"
    echo
  fi

  {
cat <<_ASUNAME
## --------- ##
## Platform. ##
## --------- ##

hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`

/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`

/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`

_ASUNAME

as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
    printf "%s\n" "PATH: $as_dir"
  done
IFS=$as_save_IFS

}
  echo

  # Contents of the config files.
  for at_file in atconfig atlocal
  do
    test -r $at_file || continue
    printf "%s\n" "$as_me: $at_file:"
    sed 's/^/| /' $at_file
    echo
  done
} >&5


## ------------------------- ##
## Autotest shell functions. ##
## ------------------------- ##

# at_fn_banner NUMBER
# -------------------
# Output banner NUMBER, provided the testsuite is running multiple groups and
# this particular banner has not yet been printed.
at_fn_banner ()
{
  $at_print_banners || return 0
  eval at_banner_text=\$at_banner_text_$1
  test "x$at_banner_text" = "x " && return 0
  eval "at_banner_text_$1=\" \""
  if test -z "$at_banner_text"; then
    $at_first || echo
  else
    printf "%s\n" "$as_nl$at_banner_text$as_nl"
  fi
} # at_fn_banner

# at_fn_check_prepare_notrace REASON LINE
# ---------------------------------------
# Perform AT_CHECK preparations for the command at LINE for an untraceable
# command; REASON is the reason for disabling tracing.
at_fn_check_prepare_notrace ()
{
  $at_trace_echo "Not enabling shell tracing (command contains $1)"
  printf "%s\n" "$2" >"$at_check_line_file"
  at_check_trace=: at_check_filter=:
  : >"$at_stdout"; : >"$at_stderr"
}

# at_fn_check_prepare_trace LINE
# ------------------------------
# Perform AT_CHECK preparations for the command at LINE for a traceable
# command.
at_fn_check_prepare_trace ()
{
  printf "%s\n" "$1" >"$at_check_line_file"
  at_check_trace=$at_traceon at_check_filter=$at_check_filter_trace
  : >"$at_stdout"; : >"$at_stderr"
}

# at_fn_check_prepare_dynamic COMMAND LINE
# ----------------------------------------
# Decide if COMMAND at LINE is traceable at runtime, and call the appropriate
# preparation function.
at_fn_check_prepare_dynamic ()
{
  case $1 in
    *$as_nl*)
      at_fn_check_prepare_notrace 'an embedded newline' "$2" ;;
    *)
      at_fn_check_prepare_trace "$2" ;;
  esac
}

# at_fn_filter_trace
# ------------------
# Remove the lines in the file "$at_stderr" generated by "set -x" and print
# them to stderr.
at_fn_filter_trace ()
{
  mv "$at_stderr" "$at_stder1"
  grep '^ *+' "$at_stder1" >&2
  grep -v '^ *+' "$at_stder1" >"$at_stderr"
}

# at_fn_log_failure FILE-LIST
# ---------------------------
# Copy the files in the list on stdout with a "> " prefix, and exit the shell
# with a failure exit code.
at_fn_log_failure ()
{
  for file
    do printf "%s\n" "$file:"; sed 's/^/> /' "$file"; done
  echo 1 > "$at_status_file"
  exit 1
}

# at_fn_check_skip EXIT-CODE LINE
# -------------------------------
# Check whether EXIT-CODE is a special exit code (77 or 99), and if so exit
# the test group subshell with that same exit code. Use LINE in any report
# about test failure.
at_fn_check_skip ()
{
  case $1 in
    99) echo 99 > "$at_status_file"; at_failed=:
	printf "%s\n" "$2: hard failure"; exit 99;;
    77) echo 77 > "$at_status_file"; exit 77;;
  esac
}

# at_fn_check_status EXPECTED EXIT-CODE LINE
# ------------------------------------------
# Check whether EXIT-CODE is the EXPECTED exit code, and if so do nothing.
# Otherwise, if it is 77 or 99, exit the test group subshell with that same
# exit code; if it is anything else print an error message referring to LINE,
# and fail the test.
at_fn_check_status ()
{
  case $2 in
    $1 ) ;;
    77) echo 77 > "$at_status_file"; exit 77;;
    99) echo 99 > "$at_status_file"; at_failed=:
	printf "%s\n" "$3: hard failure"; exit 99;;
    *) printf "%s\n" "$3: exit code was $2, expected $1"
      at_failed=:;;
  esac
}

# at_fn_diff_devnull FILE
# -----------------------
# Emit a diff between /dev/null and FILE. Uses "test -s" to avoid useless diff
# invocations.
at_fn_diff_devnull ()
{
  test -s "$1" || return 0
  $at_diff "$at_devnull" "$1"
}

# at_fn_test NUMBER
# -----------------
# Parse out test NUMBER from the tail of this file.
at_fn_test ()
{
  eval at_sed=\$at_sed$1
  sed "$at_sed" "$at_myself" > "$at_test_source"
}

# at_fn_create_debugging_script
# -----------------------------
# Create the debugging script $at_group_dir/run which will reproduce the
# current test group.
at_fn_create_debugging_script ()
{
  {
    echo "#! /bin/sh" &&
    echo 'test ${ZSH_VERSION+y} && alias -g '\''${1+"$@"}'\''='\''"$@"'\''' &&
    printf "%s\n" "cd '$at_dir'" &&
    printf "%s\n" "exec \${CONFIG_SHELL-$SHELL} \"$at_myself\" -v -d $at_debug_args $at_group \${1+\"\$@\"}" &&
    echo 'exit 1'
  } >"$at_group_dir/run" &&
  chmod +x "$at_group_dir/run"
}

## -------------------------------- ##
## End of autotest shell functions. ##
## -------------------------------- ##
{
  printf "%s\n" "## ---------------- ##
## Tested programs. ##
## ---------------- ##"
  echo
} >&5

# Report what programs are being tested.
for at_program in : `eval echo $at_tested`
do
  case $at_program in #(
  :) :
    continue ;; #(
  [\\/]* | ?:[\\/]*) :
    at_program_=$at_program ;; #(
  *) :
    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
  IFS=$as_save_IFS
  case $as_dir in #(((
    '') as_dir=./ ;;
    */) ;;
    *) as_dir=$as_dir/ ;;
  esac
    test -f "$as_dir$at_program" && break
  done
IFS=$as_save_IFS

    at_program_=$as_dir$at_program ;;
esac

  if test -f "$at_program_"; then
    {
      printf "%s\n" "$at_srcdir/testsuite.at:345: $at_program_ --version"
      "$at_program_" --version </dev/null
      echo
    } >&5 2>&1
  else
    as_fn_error $? "cannot find $at_program" "$LINENO" 5
  fi
done

{
  printf "%s\n" "## ------------------ ##
## Running the tests. ##
## ------------------ ##"
} >&5

at_start_date=`date`
at_start_time=`date +%s 2>/dev/null`
printf "%s\n" "$as_me: starting at: $at_start_date" >&5

# Create the master directory if it doesn't already exist.
as_dir="$at_suite_dir"; as_fn_mkdir_p ||
  as_fn_error $? "cannot create \`$at_suite_dir'" "$LINENO" 5

# Can we diff with `/dev/null'?  DU 5.0 refuses.
if diff /dev/null /dev/null >/dev/null 2>&1; then
  at_devnull=/dev/null
else
  at_devnull=$at_suite_dir/devnull
  >"$at_devnull"
fi

# Use `diff -u' when possible.
if at_diff=`diff -u "$at_devnull" "$at_devnull" 2>&1` && test -z "$at_diff"
then
  at_diff='diff -u'
else
  at_diff=diff
fi

# Get the last needed group.
for at_group in : $at_groups; do :; done

# Extract the start and end lines of each test group at the tail
# of this file
awk '
BEGIN { FS="" }
/^#AT_START_/ {
  start = NR
}
/^#AT_STOP_/ {
  test = substr ($ 0, 10)
  print "at_sed" test "=\"1," start "d;" (NR-1) "q\""
  if (test == "'"$at_group"'") exit
}' "$at_myself" > "$at_suite_dir/at-source-lines" &&
. "$at_suite_dir/at-source-lines" ||
  as_fn_error $? "cannot create test line number cache" "$LINENO" 5
rm -f "$at_suite_dir/at-source-lines"

# Set number of jobs for `-j'; avoid more jobs than test groups.
set X $at_groups; shift; at_max_jobs=$#
if test $at_max_jobs -eq 0; then
  at_jobs=1
fi
if test $at_jobs -ne 1 &&
   { test $at_jobs -eq 0 || test $at_jobs -gt $at_max_jobs; }; then
  at_jobs=$at_max_jobs
fi

# If parallel mode, don't output banners, don't split summary lines.
if test $at_jobs -ne 1; then
  at_print_banners=false
  at_quiet=:
fi

# Set up helper dirs.
rm -rf "$at_helper_dir" &&
mkdir "$at_helper_dir" &&
cd "$at_helper_dir" &&
{ test -z "$at_groups" || mkdir $at_groups; } ||
as_fn_error $? "testsuite directory setup failed" "$LINENO" 5

# Functions for running a test group.  We leave the actual
# test group execution outside of a shell function in order
# to avoid hitting zsh 4.x exit status bugs.

# at_fn_group_prepare
# -------------------
# Prepare for running a test group.
at_fn_group_prepare ()
{
  # The directory for additional per-group helper files.
  at_job_dir=$at_helper_dir/$at_group
  # The file containing the location of the last AT_CHECK.
  at_check_line_file=$at_job_dir/check-line
  # The file containing the exit status of the last command.
  at_status_file=$at_job_dir/status
  # The files containing the output of the tested commands.
  at_stdout=$at_job_dir/stdout
  at_stder1=$at_job_dir/stder1
  at_stderr=$at_job_dir/stderr
  # The file containing the code for a test group.
  at_test_source=$at_job_dir/test-source
  # The file containing dates.
  at_times_file=$at_job_dir/times

  # Be sure to come back to the top test directory.
  cd "$at_suite_dir"

  # Clearly separate the test groups when verbose.
  $at_first || $at_verbose echo

  at_group_normalized=$at_group

  eval 'while :; do
    case $at_group_normalized in #(
    '"$at_format"'*) break;;
    esac
    at_group_normalized=0$at_group_normalized
  done'


  # Create a fresh directory for the next test group, and enter.
  # If one already exists, the user may have invoked ./run from
  # within that directory; we remove the contents, but not the
  # directory itself, so that we aren't pulling the rug out from
  # under the shell's notion of the current directory.
  at_group_dir=$at_suite_dir/$at_group_normalized
  at_group_log=$at_group_dir/$as_me.log
  if test -d "$at_group_dir"
then
  find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx {} \;
  rm -fr "$at_group_dir"/* "$at_group_dir"/.[!.] "$at_group_dir"/.??*
fi ||
    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: test directory for $at_group_normalized could not be cleaned" >&5
printf "%s\n" "$as_me: WARNING: test directory for $at_group_normalized could not be cleaned" >&2;}
  # Be tolerant if the above `rm' was not able to remove the directory.
  as_dir="$at_group_dir"; as_fn_mkdir_p

  echo 0 > "$at_status_file"

  # In verbose mode, append to the log file *and* show on
  # the standard output; in quiet mode only write to the log.
  if test -z "$at_verbose"; then
    at_tee_pipe='tee -a "$at_group_log"'
  else
    at_tee_pipe='cat >> "$at_group_log"'
  fi
}

# at_fn_group_banner ORDINAL LINE DESC PAD [BANNER]
# -------------------------------------------------
# Declare the test group ORDINAL, located at LINE with group description DESC,
# and residing under BANNER. Use PAD to align the status column.
at_fn_group_banner ()
{
  at_setup_line="$2"
  test -n "$5" && at_fn_banner $5
  at_desc="$3"
  case $1 in
    [0-9])      at_desc_line="  $1: ";;
    [0-9][0-9]) at_desc_line=" $1: " ;;
    *)          at_desc_line="$1: "  ;;
  esac
  as_fn_append at_desc_line "$3$4"
  $at_quiet printf %s "$at_desc_line"
  echo "#                             -*- compilation -*-" >> "$at_group_log"
}

# at_fn_group_postprocess
# -----------------------
# Perform cleanup after running a test group.
at_fn_group_postprocess ()
{
  # Be sure to come back to the suite directory, in particular
  # since below we might `rm' the group directory we are in currently.
  cd "$at_suite_dir"

  if test ! -f "$at_check_line_file"; then
    sed "s/^ */$as_me: WARNING: /" <<_ATEOF
      A failure happened in a test group before any test could be
      run. This means that test suite is improperly designed.  Please
      report this failure to <vesely@tana.it>.
_ATEOF
    printf "%s\n" "$at_setup_line" >"$at_check_line_file"
    at_status=99
  fi
  $at_verbose printf %s "$at_group. $at_setup_line: "
  printf %s "$at_group. $at_setup_line: " >> "$at_group_log"
  case $at_xfail:$at_status in
    yes:0)
	at_msg="UNEXPECTED PASS"
	at_res=xpass
	at_errexit=$at_errexit_p
	at_color=$at_red
	;;
    no:0)
	at_msg="ok"
	at_res=pass
	at_errexit=false
	at_color=$at_grn
	;;
    *:77)
	at_msg='skipped ('`cat "$at_check_line_file"`')'
	at_res=skip
	at_errexit=false
	at_color=$at_blu
	;;
    no:* | *:99)
	at_msg='FAILED ('`cat "$at_check_line_file"`')'
	at_res=fail
	at_errexit=$at_errexit_p
	at_color=$at_red
	;;
    yes:*)
	at_msg='expected failure ('`cat "$at_check_line_file"`')'
	at_res=xfail
	at_errexit=false
	at_color=$at_lgn
	;;
  esac
  echo "$at_res" > "$at_job_dir/$at_res"
  # In parallel mode, output the summary line only afterwards.
  if test $at_jobs -ne 1 && test -n "$at_verbose"; then
    printf "%s\n" "$at_desc_line $at_color$at_msg$at_std"
  else
    # Make sure there is a separator even with long titles.
    printf "%s\n" " $at_color$at_msg$at_std"
  fi
  at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg"
  case $at_status in
    0|77)
      # $at_times_file is only available if the group succeeded.
      # We're not including the group log, so the success message
      # is written in the global log separately.  But we also
      # write to the group log in case they're using -d.
      if test -f "$at_times_file"; then
	at_log_msg="$at_log_msg     ("`sed 1d "$at_times_file"`')'
	rm -f "$at_times_file"
      fi
      printf "%s\n" "$at_log_msg" >> "$at_group_log"
      printf "%s\n" "$at_log_msg" >&5

      # Cleanup the group directory, unless the user wants the files
      # or the success was unexpected.
      if $at_debug_p || test $at_res = xpass; then
	at_fn_create_debugging_script
	if test $at_res = xpass && $at_errexit; then
	  echo stop > "$at_stop_file"
	fi
      else
	if test -d "$at_group_dir"; then
	  find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \;
	  rm -fr "$at_group_dir"
	fi
	rm -f "$at_test_source"
      fi
      ;;
    *)
      # Upon failure, include the log into the testsuite's global
      # log.  The failure message is written in the group log.  It
      # is later included in the global log.
      printf "%s\n" "$at_log_msg" >> "$at_group_log"

      # Upon failure, keep the group directory for autopsy, and create
      # the debugging script.  With -e, do not start any further tests.
      at_fn_create_debugging_script
      if $at_errexit; then
	echo stop > "$at_stop_file"
      fi
      ;;
  esac
}


## ------------ ##
## Driver loop. ##
## ------------ ##


if (set -m && set +m && set +b) >/dev/null 2>&1; then
  set +b
  at_job_control_on='set -m' at_job_control_off='set +m' at_job_group=-
else
  at_job_control_on=: at_job_control_off=: at_job_group=
fi

for at_signal in 1 2 15; do
  trap 'set +x; set +e
	$at_job_control_off
	at_signal='"$at_signal"'
	echo stop > "$at_stop_file"
	trap "" $at_signal
	at_pgids=
	for at_pgid in `jobs -p 2>/dev/null`; do
	  at_pgids="$at_pgids $at_job_group$at_pgid"
	done
	test -z "$at_pgids" || kill -$at_signal $at_pgids 2>/dev/null
	wait
	if test "$at_jobs" -eq 1 || test -z "$at_verbose"; then
	  echo >&2
	fi
	at_signame=`kill -l $at_signal 2>&1 || echo $at_signal`
	set x $at_signame
	test 0 -gt 2 && at_signame=$at_signal
	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: caught signal $at_signame, bailing out" >&5
printf "%s\n" "$as_me: WARNING: caught signal $at_signame, bailing out" >&2;}
	as_fn_arith 128 + $at_signal && exit_status=$as_val
	as_fn_exit $exit_status' $at_signal
done

rm -f "$at_stop_file"
at_first=:

if test $at_jobs -ne 1 &&
     rm -f "$at_job_fifo" &&
     test -n "$at_job_group" &&
     ( mkfifo "$at_job_fifo" && trap 'exit 1' PIPE STOP TSTP ) 2>/dev/null
then
  # FIFO job dispatcher.

  trap 'at_pids=
	for at_pid in `jobs -p`; do
	  at_pids="$at_pids $at_job_group$at_pid"
	done
	if test -n "$at_pids"; then
	  at_sig=TSTP
	  test ${TMOUT+y} && at_sig=STOP
	  kill -$at_sig $at_pids 2>/dev/null
	fi
	kill -STOP $$
	test -z "$at_pids" || kill -CONT $at_pids 2>/dev/null' TSTP

  echo
  # Turn jobs into a list of numbers, starting from 1.
  at_joblist=`printf "%s\n" "$at_groups" | sed -n 1,${at_jobs}p`

  set X $at_joblist
  shift
  for at_group in $at_groups; do
    $at_job_control_on 2>/dev/null
    (
      # Start one test group.
      $at_job_control_off
      if $at_first; then
	exec 7>"$at_job_fifo"
      else
	exec 6<&-
      fi
      trap 'set +x; set +e
	    trap "" PIPE
	    echo stop > "$at_stop_file"
	    echo >&7
	    as_fn_exit 141' PIPE
      at_fn_group_prepare
      if cd "$at_group_dir" &&
	 at_fn_test $at_group &&
	 . "$at_test_source"
      then :; else
	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5
printf "%s\n" "$as_me: WARNING: unable to parse test group: $at_group" >&2;}
	at_failed=:
      fi
      at_fn_group_postprocess
      echo >&7
    ) &
    $at_job_control_off
    if $at_first; then
      at_first=false
      exec 6<"$at_job_fifo" 7>"$at_job_fifo"
    fi
    shift # Consume one token.
    if test $# -gt 0; then :; else
      read at_token <&6 || break
      set x $*
    fi
    test -f "$at_stop_file" && break
  done
  exec 7>&-
  # Read back the remaining ($at_jobs - 1) tokens.
  set X $at_joblist
  shift
  if test $# -gt 0; then
    shift
    for at_job
    do
      read at_token
    done <&6
  fi
  exec 6<&-
  wait
else
  # Run serially, avoid forks and other potential surprises.
  for at_group in $at_groups; do
    at_fn_group_prepare
    if cd "$at_group_dir" &&
       at_fn_test $at_group &&
       . "$at_test_source"; then :; else
      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5
printf "%s\n" "$as_me: WARNING: unable to parse test group: $at_group" >&2;}
      at_failed=:
    fi
    at_fn_group_postprocess
    test -f "$at_stop_file" && break
    at_first=false
  done
fi

# Wrap up the test suite with summary statistics.
cd "$at_helper_dir"

# Use ?..???? when the list must remain sorted, the faster * otherwise.
at_pass_list=`for f in */pass; do echo $f; done | sed '/\*/d; s,/pass,,'`
at_skip_list=`for f in */skip; do echo $f; done | sed '/\*/d; s,/skip,,'`
at_xfail_list=`for f in */xfail; do echo $f; done | sed '/\*/d; s,/xfail,,'`
at_xpass_list=`for f in ?/xpass ??/xpass ???/xpass ????/xpass; do
		 echo $f; done | sed '/?/d; s,/xpass,,'`
at_fail_list=`for f in ?/fail ??/fail ???/fail ????/fail; do
		echo $f; done | sed '/?/d; s,/fail,,'`

set X $at_pass_list $at_xpass_list $at_xfail_list $at_fail_list $at_skip_list
shift; at_group_count=$#
set X $at_xpass_list; shift; at_xpass_count=$#; at_xpass_list=$*
set X $at_xfail_list; shift; at_xfail_count=$#
set X $at_fail_list; shift; at_fail_count=$#; at_fail_list=$*
set X $at_skip_list; shift; at_skip_count=$#

as_fn_arith $at_group_count - $at_skip_count && at_run_count=$as_val
as_fn_arith $at_xpass_count + $at_fail_count && at_unexpected_count=$as_val
as_fn_arith $at_xfail_count + $at_fail_count && at_total_fail_count=$as_val

# Back to the top directory.
cd "$at_dir"
rm -rf "$at_helper_dir"

# Compute the duration of the suite.
at_stop_date=`date`
at_stop_time=`date +%s 2>/dev/null`
printf "%s\n" "$as_me: ending at: $at_stop_date" >&5
case $at_start_time,$at_stop_time in
  [0-9]*,[0-9]*)
    as_fn_arith $at_stop_time - $at_start_time && at_duration_s=$as_val
    as_fn_arith $at_duration_s / 60 && at_duration_m=$as_val
    as_fn_arith $at_duration_m / 60 && at_duration_h=$as_val
    as_fn_arith $at_duration_s % 60 && at_duration_s=$as_val
    as_fn_arith $at_duration_m % 60 && at_duration_m=$as_val
    at_duration="${at_duration_h}h ${at_duration_m}m ${at_duration_s}s"
    printf "%s\n" "$as_me: test suite duration: $at_duration" >&5
    ;;
esac

echo
printf "%s\n" "## ------------- ##
## Test results. ##
## ------------- ##"
echo
{
  echo
  printf "%s\n" "## ------------- ##
## Test results. ##
## ------------- ##"
  echo
} >&5

if test $at_run_count = 1; then
  at_result="1 test"
  at_were=was
else
  at_result="$at_run_count tests"
  at_were=were
fi
if $at_errexit_p && test $at_unexpected_count != 0; then
  if test $at_xpass_count = 1; then
    at_result="$at_result $at_were run, one passed"
  else
    at_result="$at_result $at_were run, one failed"
  fi
  at_result="$at_result unexpectedly and inhibited subsequent tests."
  at_color=$at_red
else
  # Don't you just love exponential explosion of the number of cases?
  at_color=$at_red
  case $at_xpass_count:$at_fail_count:$at_xfail_count in
    # So far, so good.
    0:0:0) at_result="$at_result $at_were successful." at_color=$at_grn ;;
    0:0:*) at_result="$at_result behaved as expected." at_color=$at_lgn ;;

    # Some unexpected failures
    0:*:0) at_result="$at_result $at_were run,
$at_fail_count failed unexpectedly." ;;

    # Some failures, both expected and unexpected
    0:*:1) at_result="$at_result $at_were run,
$at_total_fail_count failed ($at_xfail_count expected failure)." ;;
    0:*:*) at_result="$at_result $at_were run,
$at_total_fail_count failed ($at_xfail_count expected failures)." ;;

    # No unexpected failures, but some xpasses
    *:0:*) at_result="$at_result $at_were run,
$at_xpass_count passed unexpectedly." ;;

    # No expected failures, but failures and xpasses
    *:1:0) at_result="$at_result $at_were run,
$at_unexpected_count did not behave as expected ($at_fail_count unexpected failure)." ;;
    *:*:0) at_result="$at_result $at_were run,
$at_unexpected_count did not behave as expected ($at_fail_count unexpected failures)." ;;

    # All of them.
    *:*:1) at_result="$at_result $at_were run,
$at_xpass_count passed unexpectedly,
$at_total_fail_count failed ($at_xfail_count expected failure)." ;;
    *:*:*) at_result="$at_result $at_were run,
$at_xpass_count passed unexpectedly,
$at_total_fail_count failed ($at_xfail_count expected failures)." ;;
  esac

  if test $at_skip_count = 0 && test $at_run_count -gt 1; then
    at_result="All $at_result"
  fi
fi

# Now put skips in the mix.
case $at_skip_count in
  0) ;;
  1) at_result="$at_result
1 test was skipped." ;;
  *) at_result="$at_result
$at_skip_count tests were skipped." ;;
esac

if test $at_unexpected_count = 0; then
  echo "$at_color$at_result$at_std"
  echo "$at_result" >&5
else
  echo "${at_color}ERROR: $at_result$at_std" >&2
  echo "ERROR: $at_result" >&5
  {
    echo
    printf "%s\n" "## ------------------------ ##
## Summary of the failures. ##
## ------------------------ ##"

    # Summary of failed and skipped tests.
    if test $at_fail_count != 0; then
      echo "Failed tests:"
      $SHELL "$at_myself" $at_fail_list --list
      echo
    fi
    if test $at_skip_count != 0; then
      echo "Skipped tests:"
      $SHELL "$at_myself" $at_skip_list --list
      echo
    fi
    if test $at_xpass_count != 0; then
      echo "Unexpected passes:"
      $SHELL "$at_myself" $at_xpass_list --list
      echo
    fi
    if test $at_fail_count != 0; then
      printf "%s\n" "## ---------------------- ##
## Detailed failed tests. ##
## ---------------------- ##"
      echo
      for at_group in $at_fail_list
      do
	at_group_normalized=$at_group

  eval 'while :; do
    case $at_group_normalized in #(
    '"$at_format"'*) break;;
    esac
    at_group_normalized=0$at_group_normalized
  done'

	cat "$at_suite_dir/$at_group_normalized/$as_me.log"
	echo
      done
      echo
    fi
    if test -n "$at_top_srcdir"; then
      sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## ${at_top_build_prefix}config.log ##
_ASBOX
      sed 's/^/| /' ${at_top_build_prefix}config.log
      echo
    fi
  } >&5

  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## $as_me.log was created. ##
_ASBOX

  echo
  if $at_debug_p; then
    at_msg='per-test log files'
  else
    at_msg="\`${at_testdir+${at_testdir}/}$as_me.log'"
  fi
  at_msg1a=${at_xpass_list:+', '}
  at_msg1=$at_fail_list${at_fail_list:+" failed$at_msg1a"}
  at_msg2=$at_xpass_list${at_xpass_list:+" passed unexpectedly"}

  printf "%s\n" "Please send $at_msg and all information you think might help:

   To: <vesely@tana.it>
   Subject: [zdkimfilter for courier 3.21] $as_me: $at_msg1$at_msg2

You may investigate any problem if you feel able to do so, in which
case the test suite provides a good starting point.  Its output may
be found below \`${at_testdir+${at_testdir}/}$as_me.dir'.
"
  exit 1
fi

exit 0

## ------------- ##
## Actual tests. ##
## ------------- ##
#AT_START_1
at_fn_group_banner 1 'testsuite.at:354' \
  "test default parameters" "                        "
at_xfail=no
(
  printf "%s\n" "1. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >batch <<'_ATEOF'
test1

exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:357: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:357"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "all_mode                 = N (Y/N)
trust_a_r                = N (Y/N)
verbose                  = 0 (int)
domain_keys              = . (key's directory)
header_canon_relaxed     = N (Y/N, N for simple)
body_canon_relaxed       = N (Y/N, N for simple)
sign_rsa_sha1            = N (Y/N, N for rsa-sha256)
key_choice_header        = NULL (key choice header)
default_domain           = NULL (dns)
let_relayclient_alone    = N (Y/N, Y rewrite rcpts)
selector                 = NULL (global)
sign_hfields             = NULL (space-separated, no colon)
oversign_hfields         = NULL (space-separated, no colon)
skip_hfields             = NULL (space-separated, no colon)
xtag_value               = NULL (extension tag=value)
no_signlen               = Y (Y/N)
no_qp_conversion         = N (Y/N)
min_key_bits             = 0 (int)
redact_received_auth     = NULL (any text)
add_auth_pass            = N (Y/N)
tmp                      = . (temp directory)
tempfail_on_error        = N (Y/N)
split_verify             = NULL (exec name)
add_ztags                = N (Y/N, Y for debug z=)
blocked_user_list        = NULL (filename)
no_spf                   = N (Y/N)
save_from_anyway         = N (Y/N)
add_a_r_anyway           = N (Y/N)
report_all_sigs          = N (Y/N)
verify_one_domain        = N (Y/N)
disable_experimental     = N (Y/N)
noaddrrewrite            = N (Y/N)
still_allow_no_from      = N (Y/N)
checkhelo_if_no_auth     = N (Y/N)
max_signatures           = 128 (int)
log_dkim_order_above     = 0 (int)
publicsuffix             = NULL (filename)
honored_report_interval  = 86400 (seconds)
honor_dmarc              = N (Y/N)
honor_author_domain      = N (Y/N)
reject_on_nxdomain       = N (Y=procrustean ADSP)
action_header            = NULL (header field name)
header_action_is_reject  = N (Y/N)
save_drop                = NULL (quarantine directory)
dnswl_worthiness_pass    = 2 (int)
dnswl_invalid_ip         = $((DNSWL_ORG_INVALID_IP_ENDIAN + 0)) (int)
dnswl_octet_index        = 3 (int)
trusted_dnswl            =  (space-separated dns.zones)
                         0 list.dnswl.org
whitelisted_pass         = 3 (int)
dns_timeout              = 0 (secs)
i_signer                 = NULL (set the i= address)
sign_local               = 2 (int, 0=never, 1=always, 2=unless already signed)
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:357"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_1
#AT_START_2
at_fn_group_banner 2 'testsuite.at:364' \
  "test integer overflow is caught" "                "
at_xfail=no
(
  printf "%s\n" "2. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

# 32 bit:     12345678
dns_timeout=0x100000000

_ZEOF

cat >batch <<'_ATEOF'
test1

exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:370: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:370"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "ERR:zdkimfilter[0]:Invalid value 0x100000000 for dns_timeout at line 7 in zftest.conf
ERR:zdkimfilter[0]:Error reading config file
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 2 $at_status "$at_srcdir/testsuite.at:370"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_2
#AT_START_3
at_fn_group_banner 3 'testsuite.at:381' \
  "test backslash for parameter line continuation" " "
at_xfail=no
(
  printf "%s\n" "3. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

default_domain should be a domain name, but here we use it to test that\
a rather lengthy string can be put into that variable. In facts, it is\
just a string variable...
_ZEOF

cat >batch <<'_ATEOF'
test1

exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:386: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:386"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "all_mode                 = N (Y/N)
trust_a_r                = N (Y/N)
verbose                  = 0 (int)
domain_keys              = . (key's directory)
header_canon_relaxed     = N (Y/N, N for simple)
body_canon_relaxed       = N (Y/N, N for simple)
sign_rsa_sha1            = N (Y/N, N for rsa-sha256)
key_choice_header        = NULL (key choice header)
default_domain           = should be a domain name, but here we use it to test that a rather lengthy string can be put into that variable. In facts, it is just a string variable... (dns)
let_relayclient_alone    = N (Y/N, Y rewrite rcpts)
selector                 = NULL (global)
sign_hfields             = NULL (space-separated, no colon)
oversign_hfields         = NULL (space-separated, no colon)
skip_hfields             = NULL (space-separated, no colon)
xtag_value               = NULL (extension tag=value)
no_signlen               = Y (Y/N)
no_qp_conversion         = N (Y/N)
min_key_bits             = 0 (int)
redact_received_auth     = NULL (any text)
add_auth_pass            = N (Y/N)
tmp                      = . (temp directory)
tempfail_on_error        = N (Y/N)
split_verify             = NULL (exec name)
add_ztags                = N (Y/N, Y for debug z=)
blocked_user_list        = NULL (filename)
no_spf                   = N (Y/N)
save_from_anyway         = N (Y/N)
add_a_r_anyway           = N (Y/N)
report_all_sigs          = N (Y/N)
verify_one_domain        = N (Y/N)
disable_experimental     = N (Y/N)
noaddrrewrite            = N (Y/N)
still_allow_no_from      = N (Y/N)
checkhelo_if_no_auth     = N (Y/N)
max_signatures           = 128 (int)
log_dkim_order_above     = 0 (int)
publicsuffix             = NULL (filename)
honored_report_interval  = 86400 (seconds)
honor_dmarc              = N (Y/N)
honor_author_domain      = N (Y/N)
reject_on_nxdomain       = N (Y=procrustean ADSP)
action_header            = NULL (header field name)
header_action_is_reject  = N (Y/N)
save_drop                = NULL (quarantine directory)
dnswl_worthiness_pass    = 2 (int)
dnswl_invalid_ip         = $((DNSWL_ORG_INVALID_IP_ENDIAN + 0)) (int)
dnswl_octet_index        = 3 (int)
trusted_dnswl            =  (space-separated dns.zones)
                         0 list.dnswl.org
whitelisted_pass         = 3 (int)
dns_timeout              = 0 (secs)
i_signer                 = NULL (set the i= address)
sign_local               = 2 (int, 0=never, 1=always, 2=unless already signed)
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:386"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_3
#AT_START_4
at_fn_group_banner 4 'testsuite.at:393' \
  "Sign and verify my signature" "                   "
at_xfail=no
(
  printf "%s\n" "4. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
sign_hfields Date From To Subject Authentication-Results

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:409: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:409"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:409"
$at_failed && at_fn_log_failure
$at_traceon; }

# make a modified copy of mail for later
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:418: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:418"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:418"
$at_failed && at_fn_log_failure
$at_traceon; }

# verify mail normally
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:435: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:435"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by example.com: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by mail.example.com: empty
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:435"
$at_failed && at_fn_log_failure
$at_traceon; }

# now repeat the test with modified mail
cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:453: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:453"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:453"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_4
#AT_START_5
at_fn_group_banner 5 'testsuite.at:465' \
  "Repeat with key choice" "                         "
at_xfail=no
(
  printf "%s\n" "5. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
key_choice_header from *
add_ztags
sign_hfields Date From To Subject Authentication-Results
default_domain nonexistent.example

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.

_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:489: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:489"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:489"
$at_failed && at_fn_log_failure
$at_traceon; }

# make a modified copy of mail for later
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:498: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:498"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:498"
$at_failed && at_fn_log_failure
$at_traceon; }

# verify mail normally
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:514: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:514"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by mail.example.com: empty
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by example.com: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:514"
$at_failed && at_fn_log_failure
$at_traceon; }

# now repeat the test with modified mail
cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:532: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:532"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:532"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_5
#AT_START_6
at_fn_group_banner 6 'testsuite.at:545' \
  "Fold very long From:" "                           "
at_xfail=no
(
  printf "%s\n" "6. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
key_choice_header from *
add_ztags
sign_hfields Date From To Subject Authentication-Results

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: So this is a very long user name that needs wrapping <user@example.com>, "And a second author, since we're here" <user2@example.com>
VBR-Info: mc=all; md=author.example; mv=author-cert.example
VBR-Info: mc=all; md=sender.example; mv=sender-cert.example
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:573: cp mail mail0"
at_fn_check_prepare_trace "testsuite.at:573"
( $at_check_trace; cp mail mail0
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:573"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:583: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:583"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:583"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:605: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:605"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by mail.example.com: empty
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by example.com: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:605"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_6
#AT_START_7
at_fn_group_banner 7 'testsuite.at:619' \
  "Sign with default domain" "                       "
at_xfail=no
(
  printf "%s\n" "7. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:632: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:632"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:632"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_7
#AT_START_8
at_fn_group_banner 8 'testsuite.at:643' \
  "Sign with extension tag" "                        "
at_xfail=no
(
  printf "%s\n" "8. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

xtag_value foo=bar

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:656: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:656"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:656"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:664: grep -q 'foo=bar' mail"
at_fn_check_prepare_trace "testsuite.at:664"
( $at_check_trace; grep -q 'foo=bar' mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:664"
$at_failed && at_fn_log_failure
$at_traceon; }


# now invalid
cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

xtag_value foonoequalsignbar

_ZEOF

cat >mail2 <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:670: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:670"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "CRIT:zdkimfilter[0]:invalid xtag_value foonoequalsignbar.  Removing it
INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:670"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_8
#AT_START_9
at_fn_group_banner 9 'testsuite.at:682' \
  "Sign with default domain, selector given" "       "
at_xfail=no
(
  printf "%s\n" "9. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
selector given

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:696: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:696"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector given, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:696"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_9
#AT_START_10
at_fn_group_banner 10 'testsuite.at:707' \
  "Sign with default domain, selector linked" "      "
at_xfail=no
(
  printf "%s\n" "10. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
selector given

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:721: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:721"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:721"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_10
#AT_START_11
at_fn_group_banner 11 'testsuite.at:770' \
  "Verify simple author signature" "                 "
at_xfail=no
(
  printf "%s\n" "11. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:773: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:773"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:773"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_11
#AT_START_12
at_fn_group_banner 12 'testsuite.at:778' \
  "Verify author signature mixed with other 1/6" "   "
at_xfail=no
(
  printf "%s\n" "12. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:781: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:781"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:781"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_12
#AT_START_13
at_fn_group_banner 13 'testsuite.at:785' \
  "Verify author signature mixed with other 2/6" "   "
at_xfail=no
(
  printf "%s\n" "13. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:788: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:788"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:788"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_13
#AT_START_14
at_fn_group_banner 14 'testsuite.at:792' \
  "Verify author signature mixed with other 3/6" "   "
at_xfail=no
(
  printf "%s\n" "14. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:795: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:795"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:795"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_14
#AT_START_15
at_fn_group_banner 15 'testsuite.at:799' \
  "Verify author signature mixed with other 4/6" "   "
at_xfail=no
(
  printf "%s\n" "15. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:802: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:802"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:802"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_15
#AT_START_16
at_fn_group_banner 16 'testsuite.at:806' \
  "Verify author signature mixed with other 5/6" "   "
at_xfail=no
(
  printf "%s\n" "16. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:809: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:809"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:809"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_16
#AT_START_17
at_fn_group_banner 17 'testsuite.at:813' \
  "Verify author signature mixed with other 6/6" "   "
at_xfail=no
(
  printf "%s\n" "17. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:816: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:816"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:816"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_17
#AT_START_18
at_fn_group_banner 18 'testsuite.at:820' \
  "Verify simple author failed signature" "          "
at_xfail=no
(
  printf "%s\n" "18. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:823: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:823"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=fail (id=author.example, signature verification failed, stat=1)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:823"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_18
#AT_START_19
at_fn_group_banner 19 'testsuite.at:828' \
  "Verify sender signature mixed with other 1/6" "   "
at_xfail=no
(
  printf "%s\n" "19. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:831: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:831"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:831"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_19
#AT_START_20
at_fn_group_banner 20 'testsuite.at:836' \
  "Verify sender signature mixed with other 2/6" "   "
at_xfail=no
(
  printf "%s\n" "20. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:839: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:839"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:839"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_20
#AT_START_21
at_fn_group_banner 21 'testsuite.at:843' \
  "Verify sender signature mixed with other 3/6" "   "
at_xfail=no
(
  printf "%s\n" "21. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:846: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:846"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:846"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_21
#AT_START_22
at_fn_group_banner 22 'testsuite.at:850' \
  "Verify sender signature mixed with other 4/6" "   "
at_xfail=no
(
  printf "%s\n" "22. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:853: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:853"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:853"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_22
#AT_START_23
at_fn_group_banner 23 'testsuite.at:857' \
  "Verify sender signature mixed with other 5/6" "   "
at_xfail=no
(
  printf "%s\n" "23. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:860: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:860"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:860"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_23
#AT_START_24
at_fn_group_banner 24 'testsuite.at:864' \
  "Verify sender signature mixed with other 6/6" "   "
at_xfail=no
(
  printf "%s\n" "24. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:867: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:867"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=sender.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:867"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_24
#AT_START_25
at_fn_group_banner 25 'testsuite.at:875' \
  "Verify the IP address passed to database" "       "
at_xfail=no
(
  printf "%s\n" "25. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:878: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:878"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:878"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:879: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:879"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:879"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:880: grep 'ip: ::ffff:192.0.2.1' database_dump"
at_fn_check_prepare_trace "testsuite.at:880"
( $at_check_trace; grep 'ip: ::ffff:192.0.2.1' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ip: ::ffff:192.0.2.1
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:880"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_25
#AT_START_26
at_fn_group_banner 26 'testsuite.at:886' \
  "Verify the IP address and iprev" "                "
at_xfail=no
(
  printf "%s\n" "26. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:889: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:889"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:889"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:890: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:890"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:890"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:891: grep 'ip: ::ffff:192.0.2.1' database_dump"
at_fn_check_prepare_trace "testsuite.at:891"
( $at_check_trace; grep 'ip: ::ffff:192.0.2.1' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ip: ::ffff:192.0.2.1
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:891"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:895: grep 'iprev: server.example' database_dump"
at_fn_check_prepare_trace "testsuite.at:895"
( $at_check_trace; grep 'iprev: server.example' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "iprev: server.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:895"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_26
#AT_START_27
at_fn_group_banner 27 'testsuite.at:902' \
  "Verify the bounce address passed to database" "   "
at_xfail=no
(
  printf "%s\n" "27. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:905: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:905"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:905"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:906: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:906"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:906"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:907: grep 'envelope_sender:' database_dump"
at_fn_check_prepare_trace "testsuite.at:907"
( $at_check_trace; grep 'envelope_sender:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "envelope_sender: bounces@server.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:907"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_27
#AT_START_28
at_fn_group_banner 28 'testsuite.at:914' \
  "Verify bounce address after signing" "            "
at_xfail=no
(
  printf "%s\n" "28. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
db_backend test
db_sql_insert_target_ref dummy

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
suser-bounce@example.com
Msignmsg
uauthsmtp
iuser
rrecipient@example.org
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:931: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:931"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:931"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:939: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:939"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:939"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:940: grep 'envelope_sender:' database_dump"
at_fn_check_prepare_trace "testsuite.at:940"
( $at_check_trace; grep 'envelope_sender:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "envelope_sender: user-bounce@example.com
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:940"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_28
#AT_START_29
at_fn_group_banner 29 'testsuite.at:947' \
  "Reject message with non-existent HELO domain" "   "
at_xfail=no
(
  printf "%s\n" "29. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

checkhelo_if_no_auth

_ZEOF

cat >mail <<'_ATEOF'
Received-SPF: none SPF=HELO; sender=aksdbnjknjkewnkjewrqwejk.edu;
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mfraudmsg
OTCPREMOTEIP=192.0.2.3
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example exists
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:964: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:964"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.3: reject! bad helo and no auth
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (bad HELO).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:964"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with SPF
cat >mail <<'_ATEOF'
Received-SPF: pass SPF=HELO; sender=aksdbnjknjkewnkjewrqwejk.edu;
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:976: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:976"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:976"
$at_failed && at_fn_log_failure
$at_traceon; }


  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_29
#AT_START_30
at_fn_group_banner 30 'testsuite.at:987' \
  "Reject message with non-existent From: domain" "  "
at_xfail=no
(
  printf "%s\n" "30. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mfraudmsg
OTCPREMOTEIP=192.0.2.3
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1002: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1002"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.3: reject! invalid domain author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Invalid author domain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1002"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_insert_msg_ref dummy
db_sql_whitelisted author.example:-1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1017: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1017"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1017"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1018: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1018"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.3: reject! invalid domain author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Invalid author domain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1018"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_30
#AT_START_31
at_fn_group_banner 31 'testsuite.at:1029' \
  "Accept message with non-existent From: domain" "  "
at_xfail=no
(
  printf "%s\n" "31. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mfraudmsg
OTCPREMOTEIP=192.0.2.3
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1041: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1041"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1041"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1049: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:1049"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1049"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_31
#AT_START_32
at_fn_group_banner 32 'testsuite.at:1058' \
  "Whitelisted sender, non-existent From: domain" "  "
at_xfail=no
(
  printf "%s\n" "32. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_whitelisted sender.example:2
whitelisted_pass 2

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Musenetmsg
OTCPREMOTEIP=192.0.2.2
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1074: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1074"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1074"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1075: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1075"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: SPF)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1075"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1085: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:1085"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1085"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with db_sql_domain_flags
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_domain_flags sender.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1098: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1098"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: SPF)
INFO:zdkimfilter[0]:ip=192.0.2.2: renaming Authentication-Results from test.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1098"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_domain_flags sender.example:2
whitelisted_pass 2
db_sql_whitelisted author.example:-1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1116: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1116"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1116"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1117: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1117"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: SPF)
INFO:zdkimfilter[0]:ip=192.0.2.2: renaming Authentication-Results from test.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1117"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_32
#AT_START_33
at_fn_group_banner 33 'testsuite.at:1130' \
  "Whitelisted signer, non-existent From: domain" "  "
at_xfail=no
(
  printf "%s\n" "33. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_whitelisted sender.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1136: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1136"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1136"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Musenetmsg
OTCPREMOTEIP=192.0.2.2
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1149: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1149"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: dkim=pass (id=sender.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1149"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1160: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:1160"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim=pass (whitelisted) header.d=sender.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1160"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_whitelisted sender.example:2 author.example:-1
whitelisted_pass 2

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1174: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1174"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1174"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1175: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1175"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: dkim=pass (id=sender.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1175"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_33
#AT_START_34
at_fn_group_banner 34 'testsuite.at:1188' \
  "Whitelisted both ways, SPF ignored" "             "
at_xfail=no
(
  printf "%s\n" "34. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
verify_one_domain
db_backend test
db_sql_whitelisted other.example:2 sender.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1195: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1195"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1195"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Musenetmsg
OTCPREMOTEIP=192.0.2.2
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1208: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1208"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: spf=pass, dkim=pass (id=sender.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1208"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1219: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:1219"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass (whitelisted) header.d=sender.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1219"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with db_sql_domain_flags
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
verify_one_domain
db_backend test
db_sql_domain_flags other.example:2 sender.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1234: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1234"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: spf=pass, dkim=pass (id=sender.example, stat=0) adsp=nxdomain
INFO:zdkimfilter[0]:ip=192.0.2.2: renaming Authentication-Results from test.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1234"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
verify_one_domain
db_backend test
db_sql_domain_flags other.example:2 sender.example:2 author,example:-1
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1253: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1253"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1253"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1254: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1254"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: spf=pass, dkim=pass (id=sender.example, stat=0) adsp=nxdomain
INFO:zdkimfilter[0]:ip=192.0.2.2: renaming Authentication-Results from test.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1254"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_34
#AT_START_35
at_fn_group_banner 35 'testsuite.at:1268' \
  "Dkim whitelisting with SPF-validated signer" "    "
at_xfail=no
(
  printf "%s\n" "35. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_whitelisted other.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1274: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1274"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1274"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Musenetmsg
OTCPREMOTEIP=192.0.2.2
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1287: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1287"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! other.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: spf=pass, dkim=pass (id=other.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1287"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1298: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:1298"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass (whitelisted) header.d=other.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1298"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
db_backend test
db_sql_whitelisted other.example:2 author.example:-1
whitelisted_pass 2

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1313: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1313"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1313"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1314: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1314"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! other.example is whitelisted (2) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: spf=pass, dkim=pass (id=other.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1314"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1324: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:1324"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass (whitelisted) header.d=other.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1324"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_35
#AT_START_36
at_fn_group_banner 36 'testsuite.at:1333' \
  "Whitelisted but not authenticated From: domain" " "
at_xfail=no
(
  printf "%s\n" "36. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
save_from_anyway
db_backend test
db_sql_whitelisted author.example:2
db_sql_select_domain dummy

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mfraudmsg
OTCPREMOTEIP=192.0.2.3
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1350: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1350"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.3: reject! invalid domain author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Invalid author domain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1350"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1358: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1358"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1358"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1359: grep 'domain: author.example' database_dump"
at_fn_check_prepare_trace "testsuite.at:1359"
( $at_check_trace; grep 'domain: author.example' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: author.example
domain: author.example
domain: author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1359"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight instead
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
save_from_anyway
db_backend test
db_sql_whitelisted author.example:-1
db_sql_select_domain dummy
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1367: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1367"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1367"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1367: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1367"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=fraudmsg: verify msg from 192.0.2.3 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.3: reject! invalid domain author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Invalid author domain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1367"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1367: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1367"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1367"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1367: grep 'domain: author.example' database_dump"
at_fn_check_prepare_trace "testsuite.at:1367"
( $at_check_trace; grep 'domain: author.example' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: author.example
domain: author.example
domain: author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1367"
$at_failed && at_fn_log_failure
$at_traceon; }


_ZEOF

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_36
#AT_START_37
at_fn_group_banner 37 'testsuite.at:1392' \
  "Verify author signature with policy: all" "       "
at_xfail=no
(
  printf "%s\n" "37. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=all
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1407: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1407"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=pass (id=author.example, stat=0) adsp:all=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1407"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1416: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1416"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim-adsp=pass header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1416"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_37
#AT_START_38
at_fn_group_banner 38 'testsuite.at:1427' \
  "Verify author signature with policy: discard" "   "
at_xfail=no
(
  printf "%s\n" "38. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1442: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1442"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=pass (id=author.example, stat=0) adsp:discardable=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1442"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1451: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1451"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim-adsp=pass header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1451"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_38
#AT_START_39
at_fn_group_banner 39 'testsuite.at:1462' \
  "Fail author signature with policy: all" "         "
at_xfail=no
(
  printf "%s\n" "39. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=all
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1477: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1477"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=fail (id=author.example, signature verification failed, stat=1) adsp:all=fail
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1477"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1486: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1486"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=author.example;
  dkim-adsp=fail header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1486"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_39
#AT_START_40
at_fn_group_banner 40 'testsuite.at:1497' \
  "Reject author signature with policy: all" "       "
at_xfail=no
(
  printf "%s\n" "40. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=all
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

honor_author_domain

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1513: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1513"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 DKIM signature required by ADSP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1513"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_40
#AT_START_41
at_fn_group_banner 41 'testsuite.at:1522' \
  "Drop author signature with policy: discard" "     "
at_xfail=no
(
  printf "%s\n" "41. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

honor_author_domain

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
fTesT
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1539: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1539"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- TesT
INFO:zdkimfilter[0]:ip=192.0.2.4: drop! ADSP policy=discardable for author.example
INFO:zdkimfilter[0]:drop msg,id=policymsg: ADSP discardable
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1539"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_41
#AT_START_42
at_fn_group_banner 42 'testsuite.at:1551' \
  "Whitelisted sender, failed policy: accept" "      "
at_xfail=no
(
  printf "%s\n" "42. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

honor_author_domain
db_backend test
db_sql_whitelisted sender.example:2
whitelisted_pass 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1560: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1560"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1560"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1571: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1571"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: drop! ADSP policy=discardable for author.example
INFO:zdkimfilter[0]:ip=192.0.2.4: drop->deliver!! sender.example is whitelisted (2) (auth: SPF)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=fail (id=author.example, signature verification failed, stat=1) adsp:discardable=discard
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1571"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1582: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1582"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=author.example;
  dkim-adsp=discard header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1582"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_42
#AT_START_43
at_fn_group_banner 43 'testsuite.at:1593' \
  "Verify sender, fail author, policy: all" "        "
at_xfail=no
(
  printf "%s\n" "43. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=all
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1608: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1608"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=policymsg: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=pass (id=sender.example, stat=0) adsp:all=fail
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1608"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1617: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1617"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=sender.example;
  dkim-adsp=fail header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1617"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_43
#AT_START_44
at_fn_group_banner 44 'testsuite.at:1628' \
  "Verify sender, fail author, policy: discard" "    "
at_xfail=no
(
  printf "%s\n" "44. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267205960; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=bANxWNgMVyGL6Yo2esWSkR3tVTtMX4cTQe6JP01wkm3yCZDUo2kI3Q9NZ6fQ18hCU
	 D2/xuZw293Gx+oetp/j2jksGh+AMVEZ/wSMkYO5Sx4jg1FcbRej2E+BEj//TChzJa+
	 gWyV1/f26deNVeiTYOxgzsW8XUp97eWe5JnK+uYw=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1643: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1643"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1643"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1650: head -n 5 mail"
at_fn_check_prepare_trace "testsuite.at:1650"
( $at_check_trace; head -n 5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=sender.example;
  dkim-adsp=discard header.from=\"user@author.example\"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1650"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_44
#AT_START_45
at_fn_group_banner 45 'testsuite.at:1661' \
  "Missing author signature with policy: all" "      "
at_xfail=no
(
  printf "%s\n" "45. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=all
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >POLICYFILE <<'_ATEOF'
dkim=all
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1679: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1679"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1679"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1686: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:1686"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim-adsp=fail header.from=\"user@author.example\"
Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1686"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_45
#AT_START_46
at_fn_group_banner 46 'testsuite.at:1696' \
  "Missing author signature with policy: discard" "  "
at_xfail=no
(
  printf "%s\n" "46. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >POLICYFILE <<'_ATEOF'
dkim=discardable
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1714: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1714"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1714"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1721: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:1721"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim-adsp=discard header.from=\"user@author.example\"
Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1721"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_46
#AT_START_47
at_fn_group_banner 47 'testsuite.at:1731' \
  "Mandatory author signature without SPF" "         "
at_xfail=no
(
  printf "%s\n" "47. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=discardable
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >POLICYFILE <<'_ATEOF'
dkim=discardable
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1749: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1749"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1749"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1756: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:1756"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim-adsp=discard header.from=\"user@author.example\"
Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1756"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_47
#AT_START_48
at_fn_group_banner 48 'testsuite.at:1765' \
  "Drop missing signature with 1 recipient" "        "
at_xfail=no
(
  printf "%s\n" "48. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=discardable
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

honor_author_domain

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
fTesT
rfoo@example.org
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1784: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1784"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1784"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1790: head -n 6 ctl"
at_fn_check_prepare_trace "testsuite.at:1790"
( $at_check_trace; head -n 6 ctl
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
fTesT
rfoo@example.org
I0 R 250 Dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1790"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_48
#AT_START_49
at_fn_group_banner 49 'testsuite.at:1803' \
  "No signature, no policy, and no SPF" "            "
at_xfail=no
(
  printf "%s\n" "49. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=unknown
author.example X
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

: >database_dump
cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1824: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1824"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1824"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1830: head -n 1 mail"
at_fn_check_prepare_trace "testsuite.at:1830"
( $at_check_trace; head -n 1 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1830"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1834: cat database_dump"
at_fn_check_prepare_trace "testsuite.at:1834"
( $at_check_trace; cat database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1834"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_49
#AT_START_50
at_fn_group_banner 50 'testsuite.at:1838' \
  "Save From: even with no authentication" "         "
at_xfail=no
(
  printf "%s\n" "50. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_adsp._domainkey.author.example dkim=unknown
author.example X
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
save_from_anyway

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mpolicymsg
OTCPREMOTEIP=192.0.2.4
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1859: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1859"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1859"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1865: head -n 1 mail"
at_fn_check_prepare_trace "testsuite.at:1865"
( $at_check_trace; head -n 1 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1865"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1869: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1869"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1869"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1870: grep 'domain: ' database_dump"
at_fn_check_prepare_trace "testsuite.at:1870"
( $at_check_trace; grep 'domain: ' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1870"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_50
#AT_START_51
at_fn_group_banner 51 'testsuite.at:1876' \
  "Cannot write unauthenticated msg w/o From:" "     "
at_xfail=no
(
  printf "%s\n" "51. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
save_from_anyway
still_allow_no_from

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received-SPF: none SPF=HELO sender=server.sender.example;
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
VBR-Info: mc=all; md=author.example; mv=author-cert.example
VBR-Info: mc=all; md=sender.example; mv=sender-cert.example
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Message without From:
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Cannot write this message on the DB, because it wouldn't be
attached to any domain.  Perhaps we could attach it to the
IP address, looking it up in some number-whois server...
_ATEOF

cat >ctl <<'_ATEOF'
Manonymousmsg
usmtp
_ATEOF

: >database_dump
cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1908: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1908"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1908"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1914: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:1914"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim-adsp=nxdomain
Received: from server.example by test.example with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1914"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1920: cat database_dump"
at_fn_check_prepare_trace "testsuite.at:1920"
( $at_check_trace; cat database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1920"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_51
#AT_START_52
at_fn_group_banner 52 'testsuite.at:1924' \
  "Reject missing From:" "                           "
at_xfail=no
(
  printf "%s\n" "52. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

save_from_anyway

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received-SPF: none SPF=HELO sender=server.sender.example;
Message-ID: <123456@author.example>
Date: Fri, 19 Apr 2024 16:11:45 +0200
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Message without From:
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Cannot write this message on the DB, because it wouldn't be
attached to any domain.  Perhaps we could attach it to the
IP address, looking it up in some number-whois server...
_ATEOF

cat >ctl <<'_ATEOF'
Manonymousmsg
usmtp
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1950: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1950"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Messages must have one From: header field.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1950"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_52
#AT_START_53
at_fn_group_banner 53 'testsuite.at:1959' \
  "Logging specific header fields to the DB" "       "
at_xfail=no
(
  printf "%s\n" "53. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1960: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:1960"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1960"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: none SPF=HELO sender=server.sender.example;
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
VBR-Info: mc=all; md=author.example; mv=author-cert.example
VBR-Info: mc=all; md=sender.example; mv=sender-cert.example
MIME-Version: 1.0
From:     The (sender)
	<author@author.example>
To: (undisclosed recipients)
Subject: This continues to the next line;
		 		after the                    semicolon
Content-Type: text/plain; charset=us-ascii

hi there!
_ATEOF

cat >ctl <<'_ATEOF'
sauthor-bounce@author.example
Mloggedmsg
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1991: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:1991"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1991"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:1997: grep 'content_type:' database_dump"
at_fn_check_prepare_trace "testsuite.at:1997"
( $at_check_trace; grep 'content_type:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "content_type: text/plain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:1997"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2000: grep 'content_encoding:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2000"
( $at_check_trace; grep 'content_encoding:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "content_encoding: -- not given --
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2000"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2003: grep 'date:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2003"
( $at_check_trace; grep 'date:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "date: Mon, 08 Feb 2010 13:12:55 +0100
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2003"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2006: grep 'message_id:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2006"
( $at_check_trace; grep 'message_id:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "message_id: <123456@author.example>
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2006"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2009: grep 'from:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2009"
( $at_check_trace; grep 'from:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "from: The (sender) <author@author.example>
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2009"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2012: grep 'subject:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2012"
( $at_check_trace; grep 'subject:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "subject: This continues to the next line; after the semicolon
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2012"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2015: grep 'envelope_sender:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2015"
( $at_check_trace; grep 'envelope_sender:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "envelope_sender: author-bounce@author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2015"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_53
#AT_START_54
at_fn_group_banner 54 'testsuite.at:2072' \
  "Signing after the From field" "                   "
at_xfail=no
(
  printf "%s\n" "54. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
key_choice_header from

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2078: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2078"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.org, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2078"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_54
#AT_START_55
at_fn_group_banner 55 'testsuite.at:2082' \
  "Not signing for missing choice field" "           "
at_xfail=no
(
  printf "%s\n" "55. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
key_choice_header no-such-header-field

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2088: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2088"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: not signing for user@example.com: no domain
INFO:zdkimfilter[0]:id=dyndom: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2088"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_55
#AT_START_56
at_fn_group_banner 56 'testsuite.at:2092' \
  "Not signing for missing key" "                    "
at_xfail=no
(
  printf "%s\n" "56. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
selector given
key_choice_header from

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2099: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2099"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: not signing for user@example.com: no key
INFO:zdkimfilter[0]:id=dyndom: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2099"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_56
#AT_START_57
at_fn_group_banner 57 'testsuite.at:2103' \
  "Default domain even if login domain" "            "
at_xfail=no
(
  printf "%s\n" "57. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.org
key_choice_header - *

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2109: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2109"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.org, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2109"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_57
#AT_START_58
at_fn_group_banner 58 'testsuite.at:2113' \
  "Login domain preferred" "                         "
at_xfail=no
(
  printf "%s\n" "58. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.org
key_choice_header * -

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2119: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2119"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.com, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2119"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_58
#AT_START_59
at_fn_group_banner 59 'testsuite.at:2123' \
  "Login domain not preferred" "                     "
at_xfail=no
(
  printf "%s\n" "59. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.org
key_choice_header from *

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@example.org>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2129: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2129"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.org, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2129"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_59
#AT_START_60
at_fn_group_banner 60 'testsuite.at:2133' \
  "Custom field, second instance overrides" "        "
at_xfail=no
(
  printf "%s\n" "60. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
key_choice_header from x-repeated x-repeated *

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
X-Repeated: me@yet.another.example (format like mailbox)
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@another.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
X-Repeated: (this works) <x@example.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2143: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2143"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.org, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2143"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_60
#AT_START_61
at_fn_group_banner 61 'testsuite.at:2147' \
  "Custom field, second instance does not override" ""
at_xfail=no
(
  printf "%s\n" "61. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
key_choice_header from x-repeated * x-repeated

_ZEOF

cat >linked <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF

$LN_S linked example.com
$LN_S linked example.org


cat >mail <<'_ATEOF'
X-Repeated: me@yet.another.example (format like mailbox)
Message-ID: <123456@author.example>
Received: from test.example
 by another.example
Date: Sun, 05 Sep 2010 15:42:58 +0200
From: Author <user@another.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
X-Repeated: (this worked before) <x@example.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by the domain determined from the header:
the relevant field names have to be configured.

The header of the message has to be read an additional time in order
to check what field, if any, leads to the signing domain.
_ATEOF

cat >ctl <<'_ATEOF'
Mdyndom
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2157: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2157"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dyndom: signing for user@example.com with domain example.com, selector linked, rsa-sha256
INFO:zdkimfilter[0]:id=dyndom: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2157"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_61
#AT_START_62
at_fn_group_banner 62 'testsuite.at:2186' \
  "A-R layout with multiple signatures" "            "
at_xfail=no
(
  printf "%s\n" "62. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2187: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2187"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2187"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2188: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:2188"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2188"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_62
#AT_START_63
at_fn_group_banner 63 'testsuite.at:2198' \
  "Whitelisted domain reported" "                    "
at_xfail=no
(
  printf "%s\n" "63. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
# already defined: db_backend test
report_all_sigs
db_sql_whitelisted sender.example:3

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2199: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2199"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2199"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2203: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2203"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2203"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2204: head -n 6 mail"
at_fn_check_prepare_trace "testsuite.at:2204"
( $at_check_trace; head -n 6 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim=pass (whitelisted) header.d=sender.example;
  dkim=pass header.d=other.example
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2204"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_63
#AT_START_64
at_fn_group_banner 64 'testsuite.at:2216' \
  "Whitelisted domain" "                             "
at_xfail=no
(
  printf "%s\n" "64. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
report_all_sigs
# already defined: db_backend test
db_sql_whitelisted sender.example:3

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2217: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2217"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2217"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2221: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2221"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2221"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2222: head -n 6 mail"
at_fn_check_prepare_trace "testsuite.at:2222"
( $at_check_trace; head -n 6 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim=pass (whitelisted) header.d=sender.example;
  dkim=pass header.d=other.example
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2222"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_64
#AT_START_65
at_fn_group_banner 65 'testsuite.at:2234' \
  "Report all sigs" "                                "
at_xfail=no
(
  printf "%s\n" "65. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
report_all_sigs

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2235: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2235"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2235"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2237: head -n 6 mail"
at_fn_check_prepare_trace "testsuite.at:2237"
( $at_check_trace; head -n 6 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim=pass header.d=sender.example;
  dkim=pass header.d=other.example
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2237"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_65
#AT_START_66
at_fn_group_banner 66 'testsuite.at:2249' \
  "Report all sigs with header.b" "                  "
at_xfail=no
(
  printf "%s\n" "66. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_insert_msg_ref dummy
report_all_sigs

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1350490237; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=mDCtHhur76zwYTOuYoKaBF7WUbx6STaV2hiDSrF1rnGsIwShaopm1gHymPcr9ykHG
	 ilz/gCrdtNlr7SbKfI3z2j7ipXjwMwCrEV8ZkV83r1H5gELVmw+0k1QwUeOkZIPB3Z
	 I1yQbxcXWma6Wq45J0bEscYqHrS2FMHWcb0BXhCs=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2250: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2250"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2250"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2252: head -n 9 mail"
at_fn_check_prepare_trace "testsuite.at:2252"
( $at_check_trace; head -n 9 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dkim=pass header.d=sender.example
    header.b=d6AyU6LW (x2);
  dkim=pass header.d=sender.example
    header.b=mDCtHhur (x2);
  dkim=pass header.d=other.example
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2252"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2264: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2264"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2264"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2265: grep 'dkim_selector: ' database_dump"
at_fn_check_prepare_trace "testsuite.at:2265"
( $at_check_trace; grep 'dkim_selector: ' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "dkim_selector: -- not given --
dkim_selector: x2
dkim_selector: x2
dkim_selector: x3
dkim_selector: x1
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2265"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_66
#AT_START_67
at_fn_group_banner 67 'testsuite.at:2275' \
  "Reject too many signatures" "                     "
at_xfail=no
(
  printf "%s\n" "67. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 2
domain_keys = .
tmp = .
no_signlen

max_signatures 2

_ZEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl

exit


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2291: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2291"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Too many DKIM signatures
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2291"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_67
#AT_START_68
at_fn_group_banner 68 'testsuite.at:2300' \
  "Obfuscate userid" "                               "
at_xfail=no
(
  printf "%s\n" "68. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

default_domain example.com
redact_received_auth using this secret text

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from test.example
 (whatever is going to be written here AUTH: method user, and some more)
 by submission.server.example with ESMTPA
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2317: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2317"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2317"
$at_failed && at_fn_log_failure
$at_traceon; }

obfuscated=`test "$HAVE_NETTLE" = "1" && echo "Xr@LC"`

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2325: sed -n '/^Received: from test/,+2p' mail"
at_fn_check_prepare_trace "testsuite.at:2325"
( $at_check_trace; sed -n '/^Received: from test/,+2p' mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Received: from test.example
 (whatever is going to be written here AUTH: method $obfuscated, and some more)
 by submission.server.example with ESMTPA
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2325"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_68
#AT_START_69
at_fn_group_banner 69 'testsuite.at:2339' \
  "Retrieve obfuscated userid" "                     "
at_xfail=no
(
  printf "%s\n" "69. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

default_domain example.com
redact_received_auth using this secret text

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2343: test \"\$HAVE_NETTLE\" = \"1\" || exit 77"
at_fn_check_prepare_dynamic "test \"$HAVE_NETTLE\" = \"1\" || exit 77" "testsuite.at:2343"
( $at_check_trace; test "$HAVE_NETTLE" = "1" || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2343"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2344: redact -f zftest.conf --decode Xr@LC"
at_fn_check_prepare_trace "testsuite.at:2344"
( $at_check_trace; redact -f zftest.conf --decode Xr@LC
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "user
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2344"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_69
#AT_START_70
at_fn_group_banner 70 'testsuite.at:2350' \
  "Retrieve target domains" "                        "
at_xfail=no
(
  printf "%s\n" "70. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
db_backend test
db_sql_select_target dummy

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
rsomeone@example.org
rmyself@example.com
rsomeone-else@example.org
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2368: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2368"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2368"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2376: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2376"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2376"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2377: grep 'example.org' database_dump"
at_fn_check_prepare_trace "testsuite.at:2377"
( $at_check_trace; grep 'example.org' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: example.org
domain: example.org
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2377"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2382: grep 'rcpt_count' database_dump"
at_fn_check_prepare_trace "testsuite.at:2382"
( $at_check_trace; grep 'rcpt_count' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "rcpt_count: 3
rcpt_count: 3
rcpt_count: 3
rcpt_count: 3
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2382"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_70
#AT_START_71
at_fn_group_banner 71 'testsuite.at:2392' \
  "Check zdkimsign finds the right executable" "     "
at_xfail=no
(
  printf "%s\n" "71. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

default_domain example.com
redact_received_auth using this secret text

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2396: zdkimsign -f zftest.conf --version"
at_fn_check_prepare_trace "testsuite.at:2396"
( $at_check_trace; zdkimsign -f zftest.conf --version
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2396"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_71
#AT_START_72
at_fn_group_banner 72 'testsuite.at:2405' \
  "Sign and verify with no-fork" "                   "
at_xfail=no
(
  printf "%s\n" "72. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Mzdkimsign
uauthsmtp
ipostmaster@example.com
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2413: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig "
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig " "testsuite.at:2413"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=zdkimsign: signing for postmaster@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=zdkimsign: response: 250 Ok.

FILTER-RESPONSE:250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2413"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mailsig
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2437: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2437"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: found Authentication-Results by mail.example.com
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2437"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_72
#AT_START_73
at_fn_group_banner 73 'testsuite.at:2450' \
  "Non filtered file copied to stdout if no-fork" "  "
at_xfail=no
(
  printf "%s\n" "73. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Mzdkimsign
uauthsmtp
ipostmaster@example.com
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2457: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig "
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig " "testsuite.at:2457"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-db --no-fork -t1,zdkimsign ctls  --batch-test <mail >mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=zdkimsign: not signing for postmaster@example.com: no key
INFO:zdkimfilter[0]:id=zdkimsign: response: 250 not filtered.

FILTER-RESPONSE:250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2457"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2466: cmp mail mailsig"
at_fn_check_prepare_trace "testsuite.at:2466"
( $at_check_trace; cmp mail mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2466"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_73
#AT_START_74
at_fn_group_banner 74 'testsuite.at:2470' \
  "Zdkimsign copies pipe to tmp" "                   "
at_xfail=no
(
  printf "%s\n" "74. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2473: cat mail | \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --domain example.com -- --batch-test >mailsig "
at_fn_check_prepare_notrace 'a shell pipeline' "testsuite.at:2473"
( $at_check_trace; cat mail | $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --domain example.com -- --batch-test >mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO: zfilter: zdkimfilter[0]:id=zdkimsign: not signing for postmaster@example.com: no key
INFO: zfilter: zdkimfilter[0]:id=zdkimsign: response: 250 not filtered.
INFO: zfilter: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2473"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2479: cmp mail mailsig"
at_fn_check_prepare_trace "testsuite.at:2479"
( $at_check_trace; cmp mail mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2479"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_74
#AT_START_75
at_fn_group_banner 75 'testsuite.at:2483' \
  "Zdkimsign reads default domain" "                 "
at_xfail=no
(
  printf "%s\n" "75. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


#this is the default domain
default_domain = example.com

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2489: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --domain example.com -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --domain example.com -- --batch-test >mailsig  <mail" "testsuite.at:2489"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --domain example.com -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO: zfilter: zdkimfilter[0]:id=zdkimsign: not signing for postmaster@example.com: no key
INFO: zfilter: zdkimfilter[0]:id=zdkimsign: response: 250 not filtered.
INFO: zfilter: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2489"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2495: cmp mail mailsig"
at_fn_check_prepare_trace "testsuite.at:2495"
( $at_check_trace; cmp mail mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2495"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_75
#AT_START_76
at_fn_group_banner 76 'testsuite.at:2499' \
  "Zdkimsign reads message recipients" "             "
at_xfail=no
(
  printf "%s\n" "76. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2500: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2500"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2500"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


#this is the default domain
default_domain = example.com
db_backend test
db_sql_select_target dummy

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Cc: name@some.example
Bcc: "User" <user2@example.org>, user3@example(user's domain).net
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2512: REMOTE_ADDR=192.0.2.2 \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -t. --domain user@example.com -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "REMOTE_ADDR=192.0.2.2 $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -t. --domain user@example.com -- --batch-test >mailsig  <mail" "testsuite.at:2512"
( $at_check_trace; REMOTE_ADDR=192.0.2.2 $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -t. --domain user@example.com -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2512"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2514: grep 'ip: ::ffff:192.0.2.2' database_dump"
at_fn_check_prepare_trace "testsuite.at:2514"
( $at_check_trace; grep 'ip: ::ffff:192.0.2.2' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ip: ::ffff:192.0.2.2
ip: ::ffff:192.0.2.2
ip: ::ffff:192.0.2.2
ip: ::ffff:192.0.2.2
ip: ::ffff:192.0.2.2
ip: ::ffff:192.0.2.2
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2514"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2523: grep 'domain:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2523"
( $at_check_trace; grep 'domain:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: some.example
domain: some.example
domain: example.org
domain: example.org
domain: example.net
domain: example.net
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2523"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_76
#AT_START_77
at_fn_group_banner 77 'testsuite.at:2535' \
  "Create blocked user list" "                       "
at_xfail=no
(
  printf "%s\n" "77. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2536: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2536"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2536"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


blocked_user_list = bul.txt
db_backend test
db_sql_check_user user: is-naughty

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Cc: name@some.example
Bcc: "User" <user2@example.org>, user3@example(user's domain).net
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2547: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail" "testsuite.at:2547"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2547"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2549: grep 'user@example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2549"
( $at_check_trace; grep 'user@example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2549"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_77
#AT_START_78
at_fn_group_banner 78 'testsuite.at:2553' \
  "Update blocked user list" "                       "
at_xfail=no
(
  printf "%s\n" "78. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2554: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2554"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2554"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


blocked_user_list = bul.txt
db_backend test
db_sql_check_user user: is-naughty

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >bul.txt <<'_ATEOF'
someonelse@another.example is also naughty
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Cc: name@some.example
Bcc: "User" <user2@example.org>, user3@example(user's domain).net
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2567: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail" "testsuite.at:2567"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2567"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2569: grep 'user@example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2569"
( $at_check_trace; grep 'user@example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2569"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2570: grep 'someonelse@another.example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2570"
( $at_check_trace; grep 'someonelse@another.example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "someonelse@another.example is also naughty
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2570"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_78
#AT_START_79
at_fn_group_banner 79 'testsuite.at:2576' \
  "Update blocked user list missing key" "           "
at_xfail=no
(
  printf "%s\n" "79. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2577: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2577"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2577"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


blocked_user_list = bul.txt
db_backend test
db_sql_check_user user: is-naughty

_ZEOF

cat >bul.txt <<'_ATEOF'
someonelse@another.example is also naughty
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Cc: name@some.example
Bcc: "User" <user2@example.org>, user3@example(user's domain).net
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2589: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail" "testsuite.at:2589"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter --domain user@example.com -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2589"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2591: grep 'user@example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2591"
( $at_check_trace; grep 'user@example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2591"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2592: grep 'someonelse@another.example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2592"
( $at_check_trace; grep 'someonelse@another.example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "someonelse@another.example is also naughty
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2592"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_79
#AT_START_80
at_fn_group_banner 80 'testsuite.at:2598' \
  "Update blocked user list missing key and domain" ""
at_xfail=no
(
  printf "%s\n" "80. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2599: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2599"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2599"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


blocked_user_list = bul.txt
db_backend test
db_sql_check_user user: not referenced: postmaster: naughty
default_domain example.net

_ZEOF

cat >bul.txt <<'_ATEOF'
someonelse@another.example is also naughty
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Cc: name@some.example
Bcc: "User" <user2@example.org>, user3@example(user's domain).net
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2612: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -- --batch-test >mailsig  <mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -- --batch-test >mailsig  <mail" "testsuite.at:2612"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --filter --db-filter -- --batch-test >mailsig  <mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2612"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2614: grep 'postmaster' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2614"
( $at_check_trace; grep 'postmaster' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2614"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2615: grep 'someonelse@another.example' bul.txt"
at_fn_check_prepare_trace "testsuite.at:2615"
( $at_check_trace; grep 'someonelse@another.example' bul.txt
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "someonelse@another.example is also naughty
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2615"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_80
#AT_START_81
at_fn_group_banner 81 'testsuite.at:2621' \
  "Reject blocked user" "                            "
at_xfail=no
(
  printf "%s\n" "81. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


blocked_user_list bul.txt

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Moutgoingmsg
uauthsmtp
iuser@example.com
rsomeone@somewhere.example
_ATEOF

cat >bul.txt <<'_ATEOF'
user@example.com is naughty
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2638: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2638"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 BLOCKED: can send to <postmaster@example.com> only.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2638"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_81
#AT_START_82
at_fn_group_banner 82 'testsuite.at:2647' \
  "Reject blocked user missing domain" "             "
at_xfail=no
(
  printf "%s\n" "82. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


blocked_user_list bul.txt
default_domain example.net

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Moutgoingmsg
uauthsmtp
iuser
rsomeone@somewhere.example
_ATEOF

cat >bul.txt <<'_ATEOF'
user is naughty
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2665: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2665"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 BLOCKED: can send to <postmaster@example.net> only.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2665"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_82
#AT_START_83
at_fn_group_banner 83 'testsuite.at:2674' \
  "Reject blocked user sending also to postmaster" " "
at_xfail=no
(
  printf "%s\n" "83. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


blocked_user_list bul.txt

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Moutgoingmsg
uauthsmtp
iuser@example.com
rpostmaster@example.com
rsomeone@somewhere.example
_ATEOF

cat >bul.txt <<'_ATEOF'
user@example.com is naughty
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2692: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2692"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 BLOCKED: can send to <postmaster@example.com> only.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2692"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_83
#AT_START_84
at_fn_group_banner 84 'testsuite.at:2701' \
  "Accept blocked user sending to postmaster only" " "
at_xfail=no
(
  printf "%s\n" "84. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


blocked_user_list bul.txt

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Moutgoingmsg
uauthsmtp
iuser@example.com
rpostmaster@example.com
_ATEOF

cat >bul.txt <<'_ATEOF'
user@example.com is naughty
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2718: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2718"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2718"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_84
#AT_START_85
at_fn_group_banner 85 'testsuite.at:2733' \
  "Check parsing Authentication-Results" "           "
at_xfail=no
(
  printf "%s\n" "85. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >a_r <<'_ATEOF'
example.com; none
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2736: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2736"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2736"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.6.2 policy.txt="test.tana.it http://www.tana.it/";
 spf=pass smtp.mailfrom=bounce.example.org;
 dkim=pass header.d=example.org
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2744: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2744"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.6.2 policy.txt=\"test.tana.it http://www.tana.it/\"
 spf=pass smtp.mailfrom=bounce.example.org
 dkim=pass header.d=example.org
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2744"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com;
 dnswl (comment is allowed here) / (and also) (here) 3 = pass   dns.zone = list.dnswl.org
 	policy.ip=127.0.6.2 policy.txt="test.tana.it http://www.tana.it/";
 spf (and here) = pass smtp.mailfrom=bounce.example.org;
 dkim(evenwithoutspaces)=pass header.d=example.org
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2751: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2751"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.6.2 policy.txt=\"test.tana.it http://www.tana.it/\"
 spf=pass smtp.mailfrom=bounce.example.org
 dkim=pass header.d=example.org
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2751"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com;dnswl/3=pass dns.zone=list.dnswl.org policy.ip=127.0.6.2 policy.txt="test.tana.it\ http://www.tana.it/";spf=pass smtp.mailfrom=bounce.example.org;dkim=pass header.d=example.org
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2754: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2754"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.6.2 policy.txt=\"test.tana.it http://www.tana.it/\"
 spf=pass smtp.mailfrom=bounce.example.org
 dkim=pass header.d=example.org
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2754"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com;p1=v p2=v p3=v p4=v p5=v p6=v p7=v p8=v p9=v p10=v
p11=v p12=v p13=v p14=v p15=v p16=v
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2758: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2758"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
 p1=v p2=v p3=v p4=v p5=v p6=v p7=v p8=v p9=v p10=v p11=v p12=v p13=v p14=v p15=v p16=v
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2758"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com;p1=v p2=v p3=v p4=v p5=v p6=v p7=v p8=v p9=v p10=v
p11=v p12=v p13=v p14=v p15=v p16=v p17=v
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2764: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2764"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 1 $at_status "$at_srcdir/testsuite.at:2764"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >a_r <<'_ATEOF'
example.com/8b 12345678901234567890;
 spf=pass reason = "various tests that \"may\" occur" smtp.mailfrom=bounce.example.org;
 dkim=pass header.d=example.org;
 dkim=pass header.i = thebox (CFWS not allowed here, causes error) @ example.org;
 dkim=pass header.i = "the ugly box"@example.org
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2772: \$VALGRIND_AND_OPTS TESTutil a_r"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS TESTutil a_r" "testsuite.at:2772"
( $at_check_trace; $VALGRIND_AND_OPTS TESTutil a_r
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "example.com;
 spf=pass reason=\"various tests that \\\"may\\\" occur\" smtp.mailfrom=bounce.example.org
 dkim=pass header.d=example.org
 dkim=pass header.i=\"the ugly box@example.org\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 1 $at_status "$at_srcdir/testsuite.at:2772"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_85
#AT_START_86
at_fn_group_banner 86 'testsuite.at:2779' \
  "Check renaming false Authentication-Results" "    "
at_xfail=no
(
  printf "%s\n" "86. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 1
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 renameme=pass reason = "This fields claims to be by test.example"
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <none>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mincomingmsg
usmtp
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2791: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2791"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2791"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2797: grep 'Z-Renamed' mail"
at_fn_check_prepare_trace "testsuite.at:2797"
( $at_check_trace; grep 'Z-Renamed' mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Z-Renamed-Authentication-Results: test.example;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2797"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_86
#AT_START_87
at_fn_group_banner 87 'testsuite.at:2804' \
  "DNSWL sender, non-existent From: domain" "        "
at_xfail=no
(
  printf "%s\n" "87. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

reject_on_nxdomain
trust_a_r
dnswl_worthiness_pass 0

_ZEOF

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="sender.example http://www.dnswl.example/"
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Musenetmsg
OTCPREMOTEIP=192.0.2.2
usmtp
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2821: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2821"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
INFO:zdkimfilter[0]:ip=192.0.2.2: reject->deliver!! sender.example is in dnswl (0)
INFO:zdkimfilter[0]:ip=192.0.2.2: verified: dkim=pass (id=sender.example, stat=0) adsp=nxdomain
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2821"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2832: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:2832"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim=pass header.d=sender.example;
  dkim-adsp=nxdomain header.from=\"user@author.example\"
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2832"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="/NOT expected example http://www.dnswl.example/"
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender.example; s=x2;
	t=1267197537; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=d6AyU6LW/aOb2S0KQjewLe1AApiloi/CZSn9c1WOjZLJmz7govCghGjgI3ebMl5mC
	 cVzheZ+sjWJRFTj+L2Sd30j9L+gOc2ZmJ6wyK/UqhNGPIvZfhn4Sap4J51sk5JhvLr
	 zd6a1TVrz5nYJU3fF6QW7lLPtAcg2v05+UE38Ios=
Received: from mail.example.com by server.example with ESMTPA
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2839: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2839"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=usenetmsg: verify msg from 192.0.2.2 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.2: reject! invalid domain author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Invalid author domain
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2839"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_87
#AT_START_88
at_fn_group_banner 88 'testsuite.at:2850' \
  "DNSWL sender domain logged to the database" "     "
at_xfail=no
(
  printf "%s\n" "88. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

trust_a_r
db_backend test
db_sql_insert_msg_ref dummy

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="sender.example http://www.dnswl.example/"
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Mdnswlmsg
OTCPREMOTEIP=192.0.2.5
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=none
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2869: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2869"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2869"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2870: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2870"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dnswlmsg: verify msg from 192.0.2.5 -- (null)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2870"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2873: grep 'domain: ' database_dump"
at_fn_check_prepare_trace "testsuite.at:2873"
( $at_check_trace; grep 'domain: ' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "domain: sender.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2873"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2875: grep 'auth_type: ' database_dump"
at_fn_check_prepare_trace "testsuite.at:2875"
( $at_check_trace; grep 'auth_type: ' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "auth_type: spf,dnswl
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2875"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="/NOT expected example http://www.dnswl.example/"
Received-SPF: none SPF=MAILFROM sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2878: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2878"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=dnswlmsg: verify msg from 192.0.2.5 -- (null)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2878"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_88
#AT_START_89
at_fn_group_banner 89 'testsuite.at:2884' \
  "Reload config after signing" "                    "
at_xfail=no
(
  printf "%s\n" "89. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl

sleep 1
sighup
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2902: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2902"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2902"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_89
#AT_START_90
at_fn_group_banner 90 'testsuite.at:2917' \
  "Check parsing split_verify option" "              "
at_xfail=no
(
  printf "%s\n" "90. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

split_verify zdkimfilter

_ZEOF

cat >batch <<'_ATEOF'
sighup


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2922: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2922"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:zdkimfilter configured to verify only
INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:zdkimfilter configured to verify only
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2922"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

split_verify dkimfilter

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2932: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2932"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:zdkimfilter configured to sign only
INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:zdkimfilter configured to sign only
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2932"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_90
#AT_START_91
at_fn_group_banner 91 'testsuite.at:2956' \
  "Check complaint_flag values" "                    "
at_xfail=no
(
  printf "%s\n" "91. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2957: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:2957"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2957"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen

db_backend test
db_sql_select_user dummy

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
suser-bounce@author.example
Msignmsg
uauthsmtp
iuser@example.com
rrecipient@another.example
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2969: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2969"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2969"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2970: grep 'complaint_flag:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2970"
( $at_check_trace; grep 'complaint_flag:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "complaint_flag: 0
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2970"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: none SPF=HELO sender=server.sender.example;
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
VBR-Info: mc=all; md=author.example; mv=author-cert.example
VBR-Info: mc=all; md=sender.example; mv=sender-cert.example
MIME-Version: 1.0
From:     The (sender <faked@example.com>)
	<postmaster@author.example>
To: whoever is concerned:;
Subject: This may be a complaint
Content-Type: text/plain; charset=us-ascii

hi there!
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2991: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:2991"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2991"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:2992: grep 'complaint_flag:' database_dump"
at_fn_check_prepare_trace "testsuite.at:2992"
( $at_check_trace; grep 'complaint_flag:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "complaint_flag: 0
complaint_flag: 2
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:2992"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >ctl <<'_ATEOF'
s
Msignmsg
uauthsmtp
iuser@example.com
rrecipient@another.example
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3003: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3003"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3003"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3004: grep 'complaint_flag:' database_dump"
at_fn_check_prepare_trace "testsuite.at:3004"
( $at_check_trace; grep 'complaint_flag:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "complaint_flag: 0
complaint_flag: 2
complaint_flag: 3
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3004"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3011: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3011"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3011"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3012: grep 'complaint_flag:' database_dump"
at_fn_check_prepare_trace "testsuite.at:3012"
( $at_check_trace; grep 'complaint_flag:' database_dump
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "complaint_flag: 0
complaint_flag: 2
complaint_flag: 3
complaint_flag: 1
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3012"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_91
#AT_START_92
at_fn_group_banner 92 'testsuite.at:3059' \
  "Verify action_header drop and 127.0.0.255" "      "
at_xfail=no
(
  printf "%s\n" "92. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.0.255 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3076: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3076"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
CRIT:zdkimfilter[0]:Zone list.dnswl.org lookup has invalid IP 127.0.0.255
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3076"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted author.example:-1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3093: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3093"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3093"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3094: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3094"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
CRIT:zdkimfilter[0]:Zone list.dnswl.org lookup has invalid IP 127.0.0.255
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3094"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.0.255 policy.txt="/NOT expected example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3106: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3106"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
CRIT:zdkimfilter[0]:Zone list.dnswl.org lookup has invalid IP 127.0.0.255
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by server.example: no dnswl domain found
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3106"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_92
#AT_START_93
at_fn_group_banner 93 'testsuite.at:3120' \
  "Not dropped if worthiness 2 (signed)" "           "
at_xfail=no
(
  printf "%s\n" "93. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3139: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3139"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is in dnswl (2)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3139"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted author.example:-1

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3157: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3157"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3157"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3158: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3158"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is in dnswl (2)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3158"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="/NOT expected example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3170: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3170"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3170"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_93
#AT_START_94
at_fn_group_banner 94 'testsuite.at:3181' \
  "Still dropped if shot worth sender" "             "
at_xfail=no
(
  printf "%s\n" "94. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3182: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3182"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3182"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted sender.example:-1

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.1 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3203: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3203"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3203"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_94
#AT_START_95
at_fn_group_banner 95 'testsuite.at:3215' \
  "Not dropped if worthiness 2 (not signed)" "       "
at_xfail=no
(
  printf "%s\n" "95. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="sender.example and some other stuff"
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3232: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3232"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is in dnswl (2)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3232"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight author
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted author.example:-1

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="sender.example and some other stuff"
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3249: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3249"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3249"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3250: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3250"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is in dnswl (2)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3250"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.2 policy.txt="sender.example and some other stuff"
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3261: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3261"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is in dnswl (2)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3261"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_95
#AT_START_96
at_fn_group_banner 96 'testsuite.at:3273' \
  "Not dropped if whitelisted (author signature)" "  "
at_xfail=no
(
  printf "%s\n" "96. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3274: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3274"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3274"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted author.example:3

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3295: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3295"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! author.example is whitelisted (3) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3295"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted author.example:3 sender.example:-1

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3313: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3313"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3313"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3314: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3314"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! author.example is whitelisted (3) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3314"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_96
#AT_START_97
at_fn_group_banner 97 'testsuite.at:3327' \
  "Not dropped if whitelisted (SPF auth)" "          "
at_xfail=no
(
  printf "%s\n" "97. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3328: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3328"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3328"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted sender.example:3
whitelisted_pass 2

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3347: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3347"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is whitelisted (3) (auth: SPF)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3347"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted sender.example:3 author.example:-1
whitelisted_pass 2

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3365: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3365"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3365"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3366: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3366"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is whitelisted (3) (auth: SPF)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3366"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_97
#AT_START_98
at_fn_group_banner 98 'testsuite.at:3378' \
  "Not dropped if whitelisted (SPF auth, signed)" "  "
at_xfail=no
(
  printf "%s\n" "98. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3379: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3379"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3379"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted sender.example:3

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3400: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3400"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is whitelisted (3) (auth: SPF)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3400"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
db_backend test
db_sql_whitelisted sender.example:3 author.example:-1

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.0 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3418: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3418"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3418"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3419: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3419"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: drop->deliver!! sender.example is whitelisted (3) (auth: SPF)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3419"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_98
#AT_START_99
at_fn_group_banner 99 'testsuite.at:3433' \
  "Verify action_header reject" "                    "
at_xfail=no
(
  printf "%s\n" "99. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
dnswl_worthiness_pass 4
header_action_is_reject

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.3 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3452: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3452"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! drop-me: file name
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 drop-me.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3452"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3462: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3462"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3462"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
dnswl_worthiness_pass 4
header_action_is_reject
db_backend test
db_sql_whitelisted sender.example:-1 author.example:-1 other.example:-1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3470: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3470"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! drop-me: file name
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 drop-me.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3470"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_99
#AT_START_100
at_fn_group_banner 100 'testsuite.at:3481' \
  "Verify action_header drop and save message" "     "
at_xfail=no
(
  printf "%s\n" "100. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
dnswl_worthiness_pass 4
save_drop .

_ZEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: server.example; dnswl=pass dns.zone=list.dnswl.org
  policy.ip=127.0.2.3 policy.txt="sender.example and some other stuff"
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Drop-Me: file name
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=other.example; s=x3;
	t=1267197617; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ejTAOxjZ1TFzdE0KT0/I/Dd7dL76iPzUq3sc4ngUt/78pFSFSL4p3nXNIMYeGHVT6
	 7kwAhFlmpT0UgBaisyjfyGTgx4k/N2+Kbbne1NV/kYG9wYRylk9fooS08ZRkY7Ieuu
	 K5pYsL12X5UfS1+TRnv2ONLxQDgSn+4r8ZwaEWZ8=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
recipient@1
recipient@2
recipient@3
_ATEOF

cat >batch <<'_ATEOF'
test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3503: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3503"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3503"
$at_failed && at_fn_log_failure
$at_traceon; }

tail -n +9 zdrop-file_name* > no-preheader

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3515: cmp mail no-preheader"
at_fn_check_prepare_trace "testsuite.at:3515"
( $at_check_trace; cmp mail no-preheader
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3515"
$at_failed && at_fn_log_failure
$at_traceon; }


# same with shoot on sight
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3518: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3518"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3518"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

action_header drop-me
trust_a_r
dnswl_worthiness_pass 4
save_drop .
db_backend test
db_sql_whitelisted sender.example:-1 author.example:-1 other.example:-1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3526: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3526"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: drop! drop-me: file name
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0)
INFO:zdkimfilter[0]:drop msg,id=verifymsg: drop-me
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "050 Message dropped.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3526"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_100
#AT_START_101
at_fn_group_banner 101 'testsuite.at:3602' \
  "DMARC non-none policy reported" "                 "
at_xfail=no
(
  printf "%s\n" "101. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=quarantine; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1267195653; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	 Content-Transfer-Encoding;
	b=ZmMMHnWo7xMM2V1zZEYWp7jCXHB7hJ/D8TpCleG0SZ8njWjXaspgOtD/F52SJK90G
	 tx3/m0Y3F58NBVjVfTeAq+znjGER6TbwOQQfbpkHb0jvcgrSYCWVcekS7hIlCtT5mF
	 8gZbgYgOo3rIFUy9vdHkse1jzNR8kxrIYv3aZ0tc=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3606: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3606"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=author.example, stat=0) dmarc:quarantine=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3606"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3607: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:3607"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3607"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_101
#AT_START_102
at_fn_group_banner 102 'testsuite.at:3616' \
  "DMARC failed quarantine reported" "               "
at_xfail=no
(
  printf "%s\n" "102. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=quarantine; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3620: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3620"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3620"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3621: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3621"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dmarc=fail header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3621"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_102
#AT_START_103
at_fn_group_banner 103 'testsuite.at:3629' \
  "DMARC failed quarantine honored" "                "
at_xfail=no
(
  printf "%s\n" "103. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=quarantine; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3633: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3633"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: quarantine! DMARC policy=quarantine for author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3633"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3634: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3634"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dmarc=fail (QUARANTINE) header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3634"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_103
#AT_START_104
at_fn_group_banner 104 'testsuite.at:3642' \
  "DMARC failed reject reported" "                   "
at_xfail=no
(
  printf "%s\n" "104. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3646: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3646"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3646"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3647: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3647"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  dmarc=fail header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3647"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_104
#AT_START_105
at_fn_group_banner 105 'testsuite.at:3655' \
  "DMARC failed reject honored" "                    "
at_xfail=no
(
  printf "%s\n" "105. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3659: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3659"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3659"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_105
#AT_START_106
at_fn_group_banner 106 'testsuite.at:3663' \
  "DMARC failed reject pct=0" "                      "
at_xfail=no
(
  printf "%s\n" "106. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; pct=0; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3667: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3667"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: author.example dmarc=fail, but toss >= 0%
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3667"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_106
#AT_START_107
at_fn_group_banner 107 'testsuite.at:3671' \
  "DMARC failed reject honored from database" "      "
at_xfail=no
(
  printf "%s\n" "107. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3672: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3672"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3672"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags author.example:0:1:1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3676: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3676"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3676"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_107
#AT_START_108
at_fn_group_banner 108 'testsuite.at:3680' \
  "DMARC failed subdomain honored from database" "   "
at_xfail=no
(
  printf "%s\n" "108. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3681: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3681"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3681"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags author.example:0:1:1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3685: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3685"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for subdomain.author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3685"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_108
#AT_START_109
at_fn_group_banner 109 'testsuite.at:3689' \
  "DMARC reject not honored if whitelisted" "        "
at_xfail=no
(
  printf "%s\n" "109. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3690: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3690"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3690"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted sender.example:3


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3696: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3696"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
INFO:zdkimfilter[0]:ip=192.0.2.1: reject->deliver!! sender.example is whitelisted (3) (auth: SPF)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3696"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3699: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3699"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.helo=sender.example;
  dmarc=fail header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3699"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_109
#AT_START_110
at_fn_group_banner 110 'testsuite.at:3707' \
  "DMARC reject not honored if dnswl'd" "            "
at_xfail=no
(
  printf "%s\n" "110. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
trust_a_r
dnswl_worthiness_pass 0


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="sender.example http://www.dnswl.example/"
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3714: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3714"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
INFO:zdkimfilter[0]:ip=192.0.2.1: reject->deliver!! sender.example is in dnswl (0)
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3714"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3717: head -n 2 mail"
at_fn_check_prepare_trace "testsuite.at:3717"
( $at_check_trace; head -n 2 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dmarc=fail header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3717"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Authentication-Results: test.example;
 dnswl=pass dns.zone=list.dnswl.org policy.ip=127.0.10.0
 policy.txt="/NOT expected example http://www.dnswl.example/"
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3724: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3724"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3724"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_110
#AT_START_111
at_fn_group_banner 111 'testsuite.at:3728' \
  "DMARC pass signed by subdomain" "                 "
at_xfail=no
(
  printf "%s\n" "111. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425475173;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=QB5afafnvYV8ML6CPwhzNAAwt7mVdy5zUxqjKWv155g+/bZcZYQjNpj7kIIkTFQ/S
	 XXHm7ajuXdB01ZqQnvfHe6mbDiB4VPReSIKEE8Q4znyoODdWDVmwqVBmmj1YjDHePc
	 0CrmhdsaCX4FW+X8td1hOcopogke4e3CrWy7vr8k=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3732: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3732"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=subdomain.author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3732"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3733: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3733"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim=pass header.d=subdomain.author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3733"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_111
#AT_START_112
at_fn_group_banner 112 'testsuite.at:3741' \
  "DMARC reject signed by subdomain shot" "          "
at_xfail=no
(
  printf "%s\n" "112. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3742: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3742"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3742"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425475173;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=QB5afafnvYV8ML6CPwhzNAAwt7mVdy5zUxqjKWv155g+/bZcZYQjNpj7kIIkTFQ/S
	 XXHm7ajuXdB01ZqQnvfHe6mbDiB4VPReSIKEE8Q4znyoODdWDVmwqVBmmj1YjDHePc
	 0CrmhdsaCX4FW+X8td1hOcopogke4e3CrWy7vr8k=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3747: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3747"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3747"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_112
#AT_START_113
at_fn_group_banner 113 'testsuite.at:3750' \
  "DMARC pass SPF HELO by subdomain" "               "
at_xfail=no
(
  printf "%s\n" "113. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3754: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3754"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3754"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3755: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3755"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.helo=subdomain.author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3755"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_113
#AT_START_114
at_fn_group_banner 114 'testsuite.at:3763' \
  "DMARC reject SPF HELO by subdomain shot" "        "
at_xfail=no
(
  printf "%s\n" "114. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3764: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3764"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3764"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3769: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3769"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3769"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_114
#AT_START_115
at_fn_group_banner 115 'testsuite.at:3772' \
  "DMARC pass SPF MAILFROM by subdomain" "           "
at_xfail=no
(
  printf "%s\n" "115. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3776: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3776"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3776"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3777: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3777"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=subdomain.author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3777"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_115
#AT_START_116
at_fn_group_banner 116 'testsuite.at:3785' \
  "DMARC reject SPF MAILFROM by subdomain shot" "    "
at_xfail=no
(
  printf "%s\n" "116. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3786: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3786"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3786"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3791: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3791"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3791"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_116
#AT_START_117
at_fn_group_banner 117 'testsuite.at:3794' \
  "DMARC pass SPF FROM (non standard) by subdomain" ""
at_xfail=no
(
  printf "%s\n" "117. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=FROM sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3798: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3798"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: author.example pass only because BOFHSPFFROM
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3798"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3799: head -n 2 mail"
at_fn_check_prepare_trace "testsuite.at:3799"
( $at_check_trace; head -n 2 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3799"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_117
#AT_START_118
at_fn_group_banner 118 'testsuite.at:3806' \
  "DMARC reject SPF FROM by subdomain shot" "        "
at_xfail=no
(
  printf "%s\n" "118. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3807: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3807"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3807"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=FROM sender=someone@subdomain.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3812: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3812"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
INFO:zdkimfilter[0]:ip=192.0.2.1: author.example pass only because BOFHSPFFROM
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3812"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_118
#AT_START_119
at_fn_group_banner 119 'testsuite.at:3816' \
  "DMARC subdomain signed by domain" "               "
at_xfail=no
(
  printf "%s\n" "119. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1425636964; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301; h=Date:From:To:Subject;
	b=Z9W9qCvybTs80lAmboko3ZFAxfYiSJW/l8r7Azpp4BLDrXB3kOYFcERRn6k6L70jv
	 VOj7WwFIbLDHrk5W/XhveRu4lChRqDetyrqy+hOsrYbnJgbOCizi439JtYMub+zTwm
	 d8PidNs04FFInGGUE2zRaD6AT/M+fz5J41uvs3oE=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3820: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3820"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3820"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3821: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3821"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim=pass header.d=author.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3821"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_119
#AT_START_120
at_fn_group_banner 120 'testsuite.at:3829' \
  "DMARC subdomain shot signed by domain" "          "
at_xfail=no
(
  printf "%s\n" "120. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3830: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3830"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3830"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1425636964; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301; h=Date:From:To:Subject;
	b=Z9W9qCvybTs80lAmboko3ZFAxfYiSJW/l8r7Azpp4BLDrXB3kOYFcERRn6k6L70jv
	 VOj7WwFIbLDHrk5W/XhveRu4lChRqDetyrqy+hOsrYbnJgbOCizi439JtYMub+zTwm
	 d8PidNs04FFInGGUE2zRaD6AT/M+fz5J41uvs3oE=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3835: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3835"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3835"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_120
#AT_START_121
at_fn_group_banner 121 'testsuite.at:3838' \
  "DMARC subdomain shot signed by domain white" "    "
at_xfail=no
(
  printf "%s\n" "121. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3839: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3839"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3839"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted author.example:3 subdomain.author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1425636964; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301; h=Date:From:To:Subject;
	b=Z9W9qCvybTs80lAmboko3ZFAxfYiSJW/l8r7Azpp4BLDrXB3kOYFcERRn6k6L70jv
	 VOj7WwFIbLDHrk5W/XhveRu4lChRqDetyrqy+hOsrYbnJgbOCizi439JtYMub+zTwm
	 d8PidNs04FFInGGUE2zRaD6AT/M+fz5J41uvs3oE=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3844: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3844"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
INFO:zdkimfilter[0]:ip=192.0.2.1: reject->deliver!! author.example is whitelisted (3) (auth: DKIM)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3844"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_121
#AT_START_122
at_fn_group_banner 122 'testsuite.at:3849' \
  "DMARC subdomain white signed by domain shot" "    "
at_xfail=no
(
  printf "%s\n" "122. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3850: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3850"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3850"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted author.example:-1 subdomain.author.example:3

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=x1;
	t=1425636964; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	l=301; h=Date:From:To:Subject;
	b=Z9W9qCvybTs80lAmboko3ZFAxfYiSJW/l8r7Azpp4BLDrXB3kOYFcERRn6k6L70jv
	 VOj7WwFIbLDHrk5W/XhveRu4lChRqDetyrqy+hOsrYbnJgbOCizi439JtYMub+zTwm
	 d8PidNs04FFInGGUE2zRaD6AT/M+fz5J41uvs3oE=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3855: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3855"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3855"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_122
#AT_START_123
at_fn_group_banner 123 'testsuite.at:3858' \
  "DMARC subdomain SPF HELO by domain" "             "
at_xfail=no
(
  printf "%s\n" "123. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3862: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3862"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3862"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3863: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3863"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.helo=author.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3863"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_123
#AT_START_124
at_fn_group_banner 124 'testsuite.at:3871' \
  "DMARC subdomain SPF MAILFROM by domain" "         "
at_xfail=no
(
  printf "%s\n" "124. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3875: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3875"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3875"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3876: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3876"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=author.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3876"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_124
#AT_START_125
at_fn_group_banner 125 'testsuite.at:3884' \
  "DMARC subdomain SPF MAILFROM by domain shot" "    "
at_xfail=no
(
  printf "%s\n" "125. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3885: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3885"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3885"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3890: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3890"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3890"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_125
#AT_START_126
at_fn_group_banner 126 'testsuite.at:3893' \
  "DMARC sub SPF FROM (non standard) by domain" "    "
at_xfail=no
(
  printf "%s\n" "126. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.subdomain.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@subdomain.author.example

_dmarc.author.example v=DMARC1; p=none; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=FROM sender=someone@author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3898: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3898"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: subdomain.author.example pass only because BOFHSPFFROM
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3898"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3899: head -n 2 mail"
at_fn_check_prepare_trace "testsuite.at:3899"
( $at_check_trace; head -n 2 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3899"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_126
#AT_START_127
at_fn_group_banner 127 'testsuite.at:3906' \
  "DMARC subdomain signed by subdomain" "            "
at_xfail=no
(
  printf "%s\n" "127. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425636862;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=t1ZnIYMPY41Vq/Gy8S12eTEqBFVa7mkoMj23TZCeuuPadOQN4SEcSHqQ1qTPXzn0b
	 zuy3hJAoIDneoRzgkCAIJAHtX2hZWFBv5FUJ0IvaFpc4TIj6ElJj1oepyUSZ1rYIIA
	 a9ovpSSgMLOnle66Dc6xIGHU3/0PaKIR4zBxTK4k=
]Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3910: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3910"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=subdomain.author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3910"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3911: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3911"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dkim=pass header.d=subdomain.author.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3911"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_127
#AT_START_128
at_fn_group_banner 128 'testsuite.at:3919' \
  "DMARC subdomain signed, domain shot" "            "
at_xfail=no
(
  printf "%s\n" "128. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3920: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3920"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3920"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
subdomain.author.example X
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc
db_sql_whitelisted author.example:-1

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425636862;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=t1ZnIYMPY41Vq/Gy8S12eTEqBFVa7mkoMj23TZCeuuPadOQN4SEcSHqQ1qTPXzn0b
	 zuy3hJAoIDneoRzgkCAIJAHtX2hZWFBv5FUJ0IvaFpc4TIj6ElJj1oepyUSZ1rYIIA
	 a9ovpSSgMLOnle66Dc6xIGHU3/0PaKIR4zBxTK4k=
]Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3925: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3925"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! shoot on sight
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Rejected for policy reasons (blacklisted).
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3925"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_128
#AT_START_129
at_fn_group_banner 129 'testsuite.at:3928' \
  "DMARC subdomain SPF by another subdomain" "       "
at_xfail=no
(
  printf "%s\n" "129. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@anothersub.author.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@subdomain.author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3932: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3932"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3932"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3933: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:3933"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=anothersub.author.example;
  dmarc=pass header.from=subdomain.author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3933"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_129
#AT_START_130
at_fn_group_banner 130 'testsuite.at:3946' \
  "DMARC auth by subdomain strict dkim" "            "
at_xfail=no
(
  printf "%s\n" "130. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; adkim=s; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@subdomain.author.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425475173;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=QB5afafnvYV8ML6CPwhzNAAwt7mVdy5zUxqjKWv155g+/bZcZYQjNpj7kIIkTFQ/S
	 XXHm7ajuXdB01ZqQnvfHe6mbDiB4VPReSIKEE8Q4znyoODdWDVmwqVBmmj1YjDHePc
	 0CrmhdsaCX4FW+X8td1hOcopogke4e3CrWy7vr8k=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3950: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3950"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=subdomain.author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3950"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3951: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:3951"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=subdomain.author.example;
  dkim=pass header.d=subdomain.author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3951"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_130
#AT_START_131
at_fn_group_banner 131 'testsuite.at:3960' \
  "DMARC auth by subdomain strict spf" "             "
at_xfail=no
(
  printf "%s\n" "131. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; aspf=s; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@subdomain.author.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425475173;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=QB5afafnvYV8ML6CPwhzNAAwt7mVdy5zUxqjKWv155g+/bZcZYQjNpj7kIIkTFQ/S
	 XXHm7ajuXdB01ZqQnvfHe6mbDiB4VPReSIKEE8Q4znyoODdWDVmwqVBmmj1YjDHePc
	 0CrmhdsaCX4FW+X8td1hOcopogke4e3CrWy7vr8k=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3964: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3964"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=subdomain.author.example, stat=0) dmarc:reject=pass
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3964"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3965: head -n 4 mail"
at_fn_check_prepare_trace "testsuite.at:3965"
( $at_check_trace; head -n 4 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=subdomain.author.example;
  dkim=pass header.d=subdomain.author.example;
  dmarc=pass header.from=author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3965"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_131
#AT_START_132
at_fn_group_banner 132 'testsuite.at:3974' \
  "DMARC auth by subdomain strict both" "            "
at_xfail=no
(
  printf "%s\n" "132. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.author.example v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:dmarc-feedback@author.example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
honor_dmarc

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@subdomain.author.example;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=subdomain.author.example; s=x4; t=1425475173;
	bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=; l=301;
	h=Date:From:To:Subject;
	b=QB5afafnvYV8ML6CPwhzNAAwt7mVdy5zUxqjKWv155g+/bZcZYQjNpj7kIIkTFQ/S
	 XXHm7ajuXdB01ZqQnvfHe6mbDiB4VPReSIKEE8Q4znyoODdWDVmwqVBmmj1YjDHePc
	 0CrmhdsaCX4FW+X8td1hOcopogke4e3CrWy7vr8k=
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3978: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3978"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for author.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3978"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_132
#AT_START_133
at_fn_group_banner 133 'testsuite.at:3982' \
  "DMARC forced with no policy, auth SPF" "          "
at_xfail=no
(
  printf "%s\n" "133. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3983: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3983"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3983"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags example.com:0:2

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@user@example.com;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >KEYFILE <<'_ATEOF'
example.com v=DKIM1;
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3988: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3988"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3988"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_133
#AT_START_134
at_fn_group_banner 134 'testsuite.at:3991' \
  "DMARC forced with no policy, no auth" "           "
at_xfail=no
(
  printf "%s\n" "134. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3992: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:3992"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3992"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags example.com:0:2

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >KEYFILE <<'_ATEOF'
example.com v=DKIM1;
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:3997: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:3997"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! Forced authentication policy for example.com
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject for authentication policy reasons.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:3997"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_134
#AT_START_135
at_fn_group_banner 135 'testsuite.at:4001' \
  "DMARC forced with p=none, auth SPF" "             "
at_xfail=no
(
  printf "%s\n" "135. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4002: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:4002"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4002"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags example.com:0:2

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=HELO sender=someone@user@example.com;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.example.com v=DMARC1; p=none;; rua=mailto:dmarc-feedback@example.com
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4006: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4006"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4006"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_135
#AT_START_136
at_fn_group_banner 136 'testsuite.at:4009' \
  "DMARC forced with p=none, no auth" "              "
at_xfail=no
(
  printf "%s\n" "136. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4010: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:4010"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4010"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_insert_msg_ref dummy
db_sql_domain_flags example.com:0:2

_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >KEYFILE <<'_ATEOF'
x1._domainkey.author.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
x2._domainkey.sender.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz8gES8szE0tPe1NgAENU7BoVZHZRhWiPs6MdCCIYJ06RoV9vmAXlXzcHK/IM7fSHVQKYvf1E7dUwQIwCUe5S+qdkB0KxtmzCCBqjqcju8b6EEJb5e6HiMHjErS+33fNtS8qYCQNt1Xl5Ga94o1oXeZxroYSjeps8z82j/JQsPswIDAQAB
x3._domainkey.other.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTpY+8YuikRLRfNLU3krD8h7lNnbK4eZ0TuPfRur6TDEg+bOQD1g1yJ1bnyQ1uCtwEkZ54Zs56C8PVpvU7jjR2/YcS92PiOhm3MXWyD3caekCZ7ezXvEkD/KaTkuKypiTmDlefQ39t5oq60fufb61/lUGzLech/kKLOexYohqEwIDAQAB
x4._domainkey.subdomain.author.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHoVBC8uC7kB90cJZBirpAxJjqv5rgWwk7yE9zjWeCsvxqisIP0hLT4ffQFSk6NcnxD6cm67FIOKKSY0jznzvObyqndBn4jNYIcjdfUY+Erq/2dtcKljeYdR63N9QNgP8un4/taLqkNBZ+H3hhFLqY5V65+CnlclAnERcpJ+wl9wIDAQAB
_dmarc.example.com v=DMARC1; p=none;; rua=mailto:dmarc-feedback@example.com
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'
sighup

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4014: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4014"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:New config file read from zftest.conf
INFO:zdkimfilter[0]:publicsuffix not changed
INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! Forced authentication policy for example.com
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject for authentication policy reasons.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4014"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_136
#AT_START_137
at_fn_group_banner 137 'testsuite.at:4041' \
  "Find PSD quarantine" "                            "
at_xfail=no
(
  printf "%s\n" "137. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4042: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:4042"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4042"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
_dmarc.example v=DMARC1; p=quarantine; rua=mailto:dmarc-feedback@example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_domain_flags example:0:1:0:1
db_sql_insert_msg_ref dummy


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <author@nxdomain.subdomain.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4046: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4046"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: quarantine! DMARC policy=quarantine for nxdomain.subdomain.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4046"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4047: head -n 2 mail"
at_fn_check_prepare_trace "testsuite.at:4047"
( $at_check_trace; head -n 2 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  dmarc=fail (QUARANTINE) header.from=nxdomain.subdomain.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4047"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_137
#AT_START_138
at_fn_group_banner 138 'testsuite.at:4054' \
  "Find PSD with np=reject" "                        "
at_xfail=no
(
  printf "%s\n" "138. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4055: \$HAVE_OPENDBX || exit 77"
at_fn_check_prepare_dynamic "$HAVE_OPENDBX || exit 77" "testsuite.at:4055"
( $at_check_trace; $HAVE_OPENDBX || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4055"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >KEYFILE <<'_ATEOF'
_dmarc.example v=DMARC1; p=quarantine; np=reject ; rua=mailto:dmarc-feedback@example
_ATEOF

cat >zftest.conf <<'_ZEOF'
verbose = 3
domain_keys = .
tmp = .
no_signlen

publicsuffix=publicsuffix
db_backend test
db_sql_domain_flags example:0:1:0:1
db_sql_insert_msg_ref dummy


_ZEOF

cat >publicsuffix <<'_ATEOF'
example
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <author@nxdomain.subdomain.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
sbounces@server.example
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
fdns; [192.0.2.1] (server.example [192.0.2.1])
_ATEOF

cat >batch <<'_ATEOF'

test2
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4059: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4059"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- dns; [192.0.2.1] (server.example [192.0.2.1])
INFO:zdkimfilter[0]:ip=192.0.2.1: reject! DMARC policy=reject for nxdomain.subdomain.example
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "550 Reject after DMARC policy.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4059"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_138
#AT_START_139
at_fn_group_banner 139 'testsuite.at:4064' \
  "Check wrapping long lines on signing" "           "
at_xfail=no
(
  printf "%s\n" "139. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain example.com
disable_experimental

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Message-ID: <123456@author.example>
Date: Fri, 10 Apr 2015 19:35:00 +0200
From: Author One <user@author.example>,user2@author.example(Author Two), user3@author.example
MIME-Version: 1.0
To  : (XYZ) x@y.z, and a bunch of people: Rc1 <rc1@dest.example>, Rc2 <rc2@dest.example>, Rc3 <rc3@dest.example>;
Reply-To:
 Author
  One
   <user@author.example>       ,
    user2@author.example
     (Author Two),
         user3@author.example
Subject: Test address wrapping
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

The header will be wrapped before being signed!
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4096: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4096"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4096"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4104: head -17 mail | tail -11"
at_fn_check_prepare_notrace 'a shell pipeline' "testsuite.at:4104"
( $at_check_trace; head -17 mail | tail -11
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Received: from server.example by test.example with ESMTP
Message-ID: <123456@author.example>
Date: Fri, 10 Apr 2015 19:35:00 +0200
From: Author One <user@author.example>,
  user2@author.example (Author Two), user3@author.example
MIME-Version: 1.0
To: x@y.z (XYZ), and a bunch of people: Rc1 <rc1@dest.example>,
  Rc2 <rc2@dest.example>, Rc3 <rc3@dest.example>;
Reply-To: Author One <user@author.example>,
  user2@author.example (Author Two), user3@author.example
Subject: Test address wrapping
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4104"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_139
#AT_START_140
at_fn_group_banner 140 'testsuite.at:4121' \
  "Header with empty lines" "                        "
at_xfail=no
(
  printf "%s\n" "140. $at_setup_line: testing $at_desc ..."
  $at_traceon

printf "%s\n" "testsuite.at:4122" >"$at_check_line_file"
(test "$BASE64" != "base64") \
  && at_fn_check_skip 77 "$at_srcdir/testsuite.at:4122"
cat >zftest.conf <<'_ZEOF'
verbose = 0
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >mail64 <<'_ATEOF'
UmVjZWl2ZWQ6IGZyb20gbGlzdHMuZXhhbXBsZS5uZXQgYnkgY291cmllci5leGFtcGxlIHdpdGgg
RVNNVFAKUmVjZWl2ZWQ6IGZyb20gc29tZW1haWwudnJ0LnNvdXJjZWZpcmUuZXhhbXBsZSB7bG9j
YWxob3N0IHsxMjcuMC4wLjF9fQoJYnkgbGlzdHMuZXhhbXBsZS5uZXQge1Bvc3RmaXh9IHdpdGgg
RVNNVFAgaWQgNzQzNDcxODdFRDI7CglXZWQsIDE0IEp1biAyMDE3IDAyOjA5OjA0IC0wNDAwIHtF
RFR9CkRlbGl2ZXJlZC1UbzogbWFpbC11c2Vyc0BsaXN0cy5leGFtcGxlLm5ldApSZWNlaXZlZDog
ZnJvbSBleGFtcGxlLmNvbSB7ZXhhbXBsZS5jb20gezE2Mi4yNDkuNi4xMDF9fQoge3VzaW5nIFRM
U3YxIHdpdGggY2lwaGVyIEFFUzI1Ni1TSEEgezI1Ni8yNTYgYml0c319CiB7Tm8gY2xpZW50IGNl
cnRpZmljYXRlIHJlcXVlc3RlZH0KIGJ5IGxpc3RzLmV4YW1wbGUubmV0IHtQb3N0Zml4fSB3aXRo
IEVTTVRQUyBpZCBCMkNGQjE4N0U3RQogZm9yIDxtYWlsLXVzZXJzQGxpc3RzLmV4YW1wbGUubmV0
PjsgV2VkLCAxNCBKdW4gMjAxNyAwMjowOTowMSAtMDQwMCB7RURUfQpES0lNLVNpZ25hdHVyZTog
dj0xOyBhPXJzYS1zaGEyNTY7IHE9ZG5zL3R4dDsgYz1yZWxheGVkL3JlbGF4ZWQ7IGQ9ZXhhbXBs
ZS5jb207IAogcz0xNDA1Nzk7CiBoPVRvOkRhdGU6TWVzc2FnZS1JZDpTdWJqZWN0Ok1pbWUtVmVy
c2lvbjpDb250ZW50LVR5cGU6RnJvbTpTZW5kZXIKIDpSZXBseS1UbzpDYzpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOkNvbnRlbnQtSUQ6Q29udGVudC1EZXNjcmlwdGlvbjoKIFJlc2VudC1EYXRl
OlJlc2VudC1Gcm9tOlJlc2VudC1TZW5kZXI6UmVzZW50LVRvOlJlc2VudC1DYzpSZXNlbnQtTWVz
c2FnZS1JRDoKIEluLVJlcGx5LVRvOlJlZmVyZW5jZXM6TGlzdC1JZDpMaXN0LUhlbHA6TGlzdC1V
bnN1YnNjcmliZTpMaXN0LVN1YnNjcmliZToKIExpc3QtUG9zdDpMaXN0LU93bmVyOkxpc3QtQXJj
aGl2ZTsKIGJoPW9XUkR1czBHYmgzb29raHh0REQxK28xc0FQc2dZSWxiZVJZWGhHeHVpdTg9OyBi
PXBpQ0FiaUsrMEtqRDNsdGNsQkhMM0h6bytmCiBZV0xTZDBsd1ZSUi9ha1VCMFYwWGhCa3liZHNP
ZXpjT2pVZXBWK3lpVE5RL1laWmxJL2IxckpBQ29zaWdPNlNlV2lKRWc1TmNXRFhYcAogdVFvdDdF
czQydC9mam9MU2JRNGJOVWhzaW96KzljeUxnell6b0YxdXozWXNxNkpIaGVCeTFqRVdWZHdScWph
aENyd2M9OwpSZWNlaXZlZDogZnJvbSB7NDEuMjEyLjY3LjEyfSB7aGVsbz17MTkyLjE2OC4xMDAu
MTR9fQogYnkgZXhhbXBsZS5jb20gd2l0aCBlc210cHNhIHtUTFMxLjI6RUNESEVfUlNBX0FFU18y
NTZfR0NNX1NIQTM4NDoyNTZ9CiB7RXhpbSA0Ljg5fSB7ZW52ZWxvcGUtZnJvbSA8c2VuZGVyQGV4
YW1wbGUuY29tPn0gaWQgMWRMMVUwLTAwMDdLSS1ISwogZm9yIG1haWwtdXNlcnNAbGlzdHMuZXhh
bXBsZS5uZXQ7IFdlZCwgMTQgSnVuIDIwMTcgMDk6MDg6NTcgKzAzMDAKRnJvbTogVGVzdCBNZXNz
YWdlIDxzZW5kZXJAZXhhbXBsZS5jb20+Ck1pbWUtVmVyc2lvbjogMS4wIHtNYWMgT1MgWCBNYWls
IDEwLjMgXHszMjczXH19Ck1lc3NhZ2UtSWQ6IDw0RkJBOTBEMS04NUEwLTQ5MEEtQjEzOS0zNENC
RERFQzFCQURAZXhhbXBsZS5jb20+CkRhdGU6IFdlZCwgMTQgSnVuIDIwMTcgMDk6MDg6NDMgKzAz
MDAKVG86IG1haWwtdXNlcnNAbGlzdHMuZXhhbXBsZS5uZXQKWC1NYWlsZXI6IEFwcGxlIE1haWwg
ezIuMzI3M30KWC1TcGFtLVNjb3JlOiAwLjggey99ClgtU3BhbS1SZXBvcnQ6IFNwYW0gZGV0ZWN0
aW9uIHNvZnR3YXJlLCBydW5uaW5nIG9uIHRoZSBzeXN0ZW0gImV4YW1wbGUuY29tIiwKIGhhcyBO
T1QgaWRlbnRpZmllZCB0aGlzIGluY29taW5nIGVtYWlsIGFzIHNwYW0uICBUaGUgb3JpZ2luYWwK
IG1lc3NhZ2UgaGFzIGJlZW4gYXR0YWNoZWQgdG8gdGhpcyBzbyB5b3UgY2FuIHZpZXcgaXQgb3Ig
bGFiZWwKIHNpbWlsYXIgZnV0dXJlIGVtYWlsLiAgSWYgeW91IGhhdmUgYW55IHF1ZXN0aW9ucywg
c2VlCiB0aGUgYWRtaW5pc3RyYXRvciBvZiB0aGF0IHN5c3RlbSBmb3IgZGV0YWlscy4KIAogQ29u
dGVudCBwcmV2aWV3OiAgR29vZCBNb3JuaW5nIHRvbyBhbGwhIEknbSBoYXZpbmcgYW4gaXNzdWUg
d2hpdGggdGhpcwogICB6ZGtpbWZpbHRlciBicmVha2luZyBoZWFkZXIgbGluZXMgd2hpY2ggY29u
dGFpbiBvbmx5IHNwYWNlcy4KIAogQ29udGVudCBhbmFseXNpcyBkZXRhaWxzOiAgIHswLjggcG9p
bnRzLCA1LjAgcmVxdWlyZWR9CiAKICBwdHMgcnVsZSBuYW1lICAgICAgICAgICAgICBkZXNjcmlw
dGlvbgogLS0tLSAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgMS4wIFNVUkJMX0JMT0NLRUQgICAgICAgICAg
QURNSU5JU1RSQVRPUiBOT1RJQ0U6IFRoZSBxdWVyeSB0byBTVVJCTCB3YXMgYmxvY2tlZC4KICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBTZWUKICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBodHRwOi8vd2lraS5hcGFjaGUub3JnL3NwYW1hc3Nhc3Npbi9EbnNCbG9ja2xpc3RzI2Ruc2Js
LWJsb2NrCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZvciBtb3JlIGluZm9ybWF0aW9u
LgogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHtVUklzOiBleGFtcGxlLmNvbX0KICAwLjAg
VVJJQkxfQkxPQ0tFRCAgICAgICAgICBBRE1JTklTVFJBVE9SIE5PVElDRTogVGhlIHF1ZXJ5IHRv
IFVSSUJMIHdhcyBibG9ja2VkLgogICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNlZQogICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIGh0dHA6Ly93aWtpLmFwYWNoZS5vcmcvc3BhbWFzc2Fz
c2luL0Ruc0Jsb2NrbGlzdHMjZG5zYmwtYmxvY2sKICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgZm9yIG1vcmUgaW5mb3JtYXRpb24uCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAge1VS
SXM6IGV4YW1wbGUuY29tfQogLTEuMCBBTExfVFJVU1RFRCAgICAgICAgICAgIFBhc3NlZCB0aHJv
dWdoIHRydXN0ZWQgaG9zdHMgb25seSB2aWEgU01UUAogIDAuMCBIVE1MX01FU1NBR0UgICAgICAg
ICAgIEJPRFk6IEhUTUwgaW5jbHVkZWQgaW4gbWVzc2FnZQogIDAuOCBIVE1MX0lNQUdFX1JBVElP
XzAyICAgIEJPRFk6IEhUTUwgaGFzIGEgbG93IHJhdGlvIG9mIHRleHQgdG8gaW1hZ2UgYXJlYQog
IDAuMCBIVE1MX0lNQUdFX09OTFlfMzIgICAgIEJPRFk6IEhUTUw6IGltYWdlcyB3aXRoIDI4MDAt
MzIwMCBieXRlcyBvZiB3b3JkcwpYLUNvbnRlbnQtRmlsdGVyZWQtQnk6IE1haWxtYW4vTWltZURl
bCAyLjEuMjAKU3ViamVjdDoge21haWwtdXNlcnN9IEhlYWRlciBsaW5lcyBjb250YWluaW5nIG9u
bHkgc3BhY2VzClgtQmVlblRoZXJlOiBtYWlsLXVzZXJzQGxpc3RzLmV4YW1wbGUubmV0ClgtTWFp
bG1hbi1WZXJzaW9uOiAyLjEuMjAKUHJlY2VkZW5jZTogbGlzdApMaXN0LUlkOiBNYWlsIHVzZXJz
IE1MIDxtYWlsLXVzZXJzLmxpc3RzLmV4YW1wbGUubmV0PgpMaXN0LVVuc3Vic2NyaWJlOiA8aHR0
cDovL2xpc3RzLmV4YW1wbGUubmV0L2NnaS1iaW4vbWFpbG1hbi9vcHRpb25zL21haWwtdXNlcnM+
LCAKIDxtYWlsdG86bWFpbC11c2Vycy1yZXF1ZXN0QGxpc3RzLmV4YW1wbGUubmV0P3N1YmplY3Q9
dW5zdWJzY3JpYmU+Ckxpc3QtQXJjaGl2ZTogPGh0dHA6Ly9saXN0cy5leGFtcGxlLm5ldC9waXBl
cm1haWwvbWFpbC11c2Vycy8+Ckxpc3QtUG9zdDogPG1haWx0bzptYWlsLXVzZXJzQGxpc3RzLmV4
YW1wbGUubmV0PgpMaXN0LUhlbHA6IDxtYWlsdG86bWFpbC11c2Vycy1yZXF1ZXN0QGxpc3RzLmV4
YW1wbGUubmV0P3N1YmplY3Q9aGVscD4KTGlzdC1TdWJzY3JpYmU6IDxodHRwOi8vbGlzdHMuZXhh
bXBsZS5uZXQvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL21haWwtdXNlcnM+LCAKIDxtYWlsdG86
bWFpbC11c2Vycy1yZXF1ZXN0QGxpc3RzLmV4YW1wbGUubmV0P3N1YmplY3Q9c3Vic2NyaWJlPgpD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpDb250ZW50LVRyYW5zZmVy
LUVuY29kaW5nOiBiYXNlNjQKClIyOXZaQ0JOYjNKdWFXNW5JSFJ2YnlCaGJHd2hJRWtuYlNCb1lY
WnBibWNnWVc0Z2FYTnpkV1VnZDJocGRHZ2dkR2hwY3dwNlpHdHAKYldacGJIUmxjaUJpY21WaGEy
bHVaeUJvWldGa1pYSWdiR2x1WlhNZ2QyaHBZMmdnWTI5dWRHRnBiaUJ2Ym14NUlITndZV05sY3k0
SwoK
_ATEOF

cat >head <<'_ATEOF'
Authentication-Results: courier.example;
  dkim=permerror header.d=example.com;
  dmarc=fail header.from=example.com
_ATEOF

# build the resulting mail for later compare
$BASE64 -d mail64 > mail
cat head mail > mail2
cat >ctl <<'_ATEOF'
ssender@example.com
Mfunnymsg
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test3
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4142: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4142"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4142"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4144: diff -u mail2 mail"
at_fn_check_prepare_trace "testsuite.at:4144"
( $at_check_trace; diff -u mail2 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4144"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_140
#AT_START_141
at_fn_group_banner 141 'testsuite.at:4148' \
  "Undo percent relay basic" "                       "
at_xfail=no
(
  printf "%s\n" "141. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >dist_test <<'_ATEOF'
# This is not a real ctlfile, it only serves to test that function
# fl_undo_percent_relay() replaces recipient addresses (lines starting
# with 'r') from:
#     local-part%target.domain@RELAYCLIENT
# to:
#     local-part@target.domain
#
# The file is split at 20, 40, 60, 80, 100, 120, 140, 160, 180
# the 2nd half (line no > 100) is the expected output

s
fdns; localhost (softdnserr ::ffff:127.0.0.1)
t
M00000000003C7562.000000005A2C265F.00005518
rlocal-part%target.domain@example.com
N
ORELAYCLIENT=@example.com
OTCPREMOTEIP=::ffff:127.0.0.1
uauthsmtp

r
r@short
r@stillshort
r@same-length
r@example.com
r@example.com.
ru@short
ru@stillshort
ru@same-length
ru@example.com
ru@example.com.
ru%@short
ru%@stillshort
ru%@same-length
ru%@example.com
ru%@example.com.
ru%a@short
ru%a@stillshort
ru%a@same-length
ru%a@example.com
ru%a@example.com.
ru%%@short
ru%%@stillshort
ru%%@same-length
ru%%@example.com
ru%%@example.com.
ru%a%b@short
ru%a%b@stillshort
ru%a%b@same-length
ru%a%b@example.com
ru%a%b@example.com.









# no ORELAYCLIENT
s
fdns; localhost (softdnserr ::ffff:127.0.0.1)
t
M00000000003C7562.000000005A2C265F.00005518
rlocal-part%target.domain@example.com

r
r@short
r@stillshort
r@same-length
r@example.com
r@example.com.
ru@short
ru@stillshort
ru@same-length
ru@example.com
ru@example.com.
ru%@short
ru%@stillshort
ru%@same-length
ru%@example.com
ru%@example.com.
ru%a@short
ru%a@stillshort
ru%a@same-length
ru%a@example.com
ru%a@example.com.
ru%%@short
ru%%@stillshort
ru%%@same-length
ru%%@example.com
ru%%@example.com.
ru%a%b@short
ru%a%b@stillshort
ru%a%b@same-length
ru%a%b@example.com
ru%a%b@example.com.


# This is not a real ctlfile, it only serves to test that function
# fl_undo_percent_relay() replaces recipient addresses (lines starting
# with 'r') from:
#     local-part%target.domain@RELAYCLIENT
# to:
#     local-part@target.domain
#
# The file is split at 20, 40, 60, 80, 100, 120, 140, 160, 180
# the 2nd half (line no > 100) is the expected output

s
fdns; localhost (softdnserr ::ffff:127.0.0.1)
t
M00000000003C7562.000000005A2C265F.00005518
rlocal-part@target.domain
N
ORELAYCLIENT=@example.com
OTCPREMOTEIP=::ffff:127.0.0.1
uauthsmtp

r
r@short
r@stillshort
r@same-length
r
r@example.com.
ru@short
ru@stillshort
ru@same-length
ru
ru@example.com.
ru%@short
ru%@stillshort
ru%@same-length
ru@
ru%@example.com.
ru%a@short
ru%a@stillshort
ru%a@same-length
ru@a
ru%a@example.com.
ru%%@short
ru%%@stillshort
ru%%@same-length
ru%@
ru%%@example.com.
ru%a%b@short
ru%a%b@stillshort
ru%a%b@same-length
ru%a@b
ru%a%b@example.com.









# no ORELAYCLIENT
s
fdns; localhost (softdnserr ::ffff:127.0.0.1)
t
M00000000003C7562.000000005A2C265F.00005518
rlocal-part%target.domain@example.com

r
r@short
r@stillshort
r@same-length
r@example.com
r@example.com.
ru@short
ru@stillshort
ru@same-length
ru@example.com
ru@example.com.
ru%@short
ru%@stillshort
ru%@same-length
ru%@example.com
ru%@example.com.
ru%a@short
ru%a@stillshort
ru%a@same-length
ru%a@example.com
ru%a@example.com.
ru%%@short
ru%%@stillshort
ru%%@same-length
ru%%@example.com
ru%%@example.com.
ru%a%b@short
ru%a%b@stillshort
ru%a%b@same-length
ru%a%b@example.com
ru%a%b@example.com.


_ATEOF

sed -n 1,20p dist_test > ctl1
sed -n 21,40p dist_test > ctl2
sed -n 41,60p dist_test > ctl3
sed -n 61,80p dist_test > ctl4
sed -n 81,100p dist_test > ctl5
sed -n 101,120p dist_test > chk1
sed -n 121,140p dist_test > chk2
sed -n 141,160p dist_test > chk3
sed -n 161,180p dist_test > chk4
sed -n 181,200p dist_test > chk5
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4160: TESTundo_percent_relay ctl1 ctl2 ctl3"
at_fn_check_prepare_trace "testsuite.at:4160"
( $at_check_trace; TESTundo_percent_relay ctl1 ctl2 ctl3
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4160"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4161: diff -u ctl1 chk1"
at_fn_check_prepare_trace "testsuite.at:4161"
( $at_check_trace; diff -u ctl1 chk1
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4161"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4162: diff -u ctl2 chk2"
at_fn_check_prepare_trace "testsuite.at:4162"
( $at_check_trace; diff -u ctl2 chk2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4162"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4163: diff -u ctl3 chk3"
at_fn_check_prepare_trace "testsuite.at:4163"
( $at_check_trace; diff -u ctl3 chk3
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4163"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4164: TESTundo_percent_relay ctl4 ctl5"
at_fn_check_prepare_trace "testsuite.at:4164"
( $at_check_trace; TESTundo_percent_relay ctl4 ctl5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4164"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4165: diff -u ctl4 chk4"
at_fn_check_prepare_trace "testsuite.at:4165"
( $at_check_trace; diff -u ctl4 chk4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4165"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4166: diff -u ctl5 chk5"
at_fn_check_prepare_trace "testsuite.at:4166"
( $at_check_trace; diff -u ctl5 chk5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4166"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_141
#AT_START_142
at_fn_group_banner 142 'testsuite.at:4171' \
  "Sign with RELAYCLIENT" "                          "
at_xfail=no
(
  printf "%s\n" "142. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >author.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
ORELAYCLIENT=@author.example
s
rrecipient%target.domain.example@author.example
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4185: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4185"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for @author.example with domain author.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4185"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4193: sed -n /^r/p ctl"
at_fn_check_prepare_trace "testsuite.at:4193"
( $at_check_trace; sed -n /^r/p ctl
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "rrecipient@target.domain.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4193"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_142
#AT_START_143
at_fn_group_banner 143 'testsuite.at:4198' \
  "Prevent signing with let_relayclient_alone" "     "
at_xfail=no
(
  printf "%s\n" "143. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

let_relayclient_alone

_ZEOF

cat >author.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
ORELAYCLIENT=@author.example
s
rrecipient%target.domain.example@author.example
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4213: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4213"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "WARN:zdkimfilter[0]:Cannot sign message: no authenticated sender, empty or disabled RELAYCLIENT, and no default_domain
INFO:zdkimfilter[0]:id=signmsg: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4213"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4221: sed -n /^r/p ctl"
at_fn_check_prepare_trace "testsuite.at:4221"
( $at_check_trace; sed -n /^r/p ctl
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "rrecipient%target.domain.example@author.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4221"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_143
#AT_START_144
at_fn_group_banner 144 'testsuite.at:4226' \
  "Publicsuffix operation" "                         "
at_xfail=no
(
  printf "%s\n" "144. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >short-list <<'_ATEOF'
*.*.foo
!not.foo
!x.y.foo
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4231: TESTpublicsuffix short-list foo a.foo b.a.foo c.b.a.foo d.c.b.a.foo e.d.c.b.a.foo not.foo a.not.foo a.b.not.foo y.foo x.y.foo c.x.y.foo b.c.x.y.foo"
at_fn_check_prepare_trace "testsuite.at:4231"
( $at_check_trace; TESTpublicsuffix short-list foo a.foo b.a.foo c.b.a.foo d.c.b.a.foo e.d.c.b.a.foo not.foo a.not.foo a.b.not.foo y.foo x.y.foo c.x.y.foo b.c.x.y.foo
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "foo -> null
a.foo -> null
b.a.foo -> null
c.b.a.foo -> c.b.a.foo
d.c.b.a.foo -> c.b.a.foo
e.d.c.b.a.foo -> c.b.a.foo
not.foo -> not.foo
a.not.foo -> not.foo
a.b.not.foo -> not.foo
y.foo -> null
x.y.foo -> x.y.foo
c.x.y.foo -> x.y.foo
b.c.x.y.foo -> x.y.foo
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4231"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_144
#AT_START_145
at_fn_group_banner 145 'testsuite.at:4249' \
  "Sign and verify EAI" "                            "
at_xfail=no
(
  printf "%s\n" "145. $at_setup_line: testing $at_desc ..."
  $at_traceon

printf "%s\n" "testsuite.at:4250" >"$at_check_line_file"
(test "$ZDKIM_EAI_TEST" != "yes") \
  && at_fn_check_skip 77 "$at_srcdir/testsuite.at:4250"
cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
sign_hfields Date From To Subject Authentication-Results

_ZEOF

cat >παράδειγμα.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <χρήστης@παράδειγμα.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iχρήστης@παράδειγμα.example
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4265: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4265"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for χρήστης@παράδειγμα.example with domain παράδειγμα.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4265"
$at_failed && at_fn_log_failure
$at_traceon; }

# make a modified copy of mail for later
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4274: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:4274"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4274"
$at_failed && at_fn_log_failure
$at_traceon; }

# verify mail normally
cat >ctlv <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.παράδειγμα.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4290: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4290"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by παράδειγμα.example: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=παράδειγμα.example, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4290"
$at_failed && at_fn_log_failure
$at_traceon; }

# now repeat the test with modified mail
cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4307: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4307"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=παράδειγμα.example, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4307"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_145
#AT_START_146
at_fn_group_banner 146 'testsuite.at:4319' \
  "Sign without uauthsmtp" "                         "
at_xfail=no
(
  printf "%s\n" "146. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

key_choice_header from * -
default_domain another.example

_ZEOF

cat >author.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >another.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
ORELAYCLIENT=
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4333: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4333"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for @another.example with domain author.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4333"
$at_failed && at_fn_log_failure
$at_traceon; }


# Same without equal sign (v3.19)
cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
ORELAYCLIENT
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4351: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4351"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for @another.example with domain author.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4351"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_146
#AT_START_147
at_fn_group_banner 147 'testsuite.at:4362' \
  "Check cstring utility" "                          "
at_xfail=no
(
  printf "%s\n" "147. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4363: TESTcstring printf"
at_fn_check_prepare_trace "testsuite.at:4363"
( $at_check_trace; TESTcstring printf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4363"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_147
#AT_START_148
at_fn_group_banner 148 'testsuite.at:4367' \
  "Check MLM trans text/plain" "                     "
at_xfail=no
(
  printf "%s\n" "148. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1603889824; bh=9ImFtfKhox5SKGFGyCyg9so70HuU3ggAE7PcgJvzgg0=;
	h=Date:From:To:Subject;
	b=mzkjnUTCd17Y6Ev45i/uXFP2WiZJf3qg45RlTdfr3JFVQnLQ/XK9mKmvbt9R4dKl1
	 ofgMSPaWf0vqI5uG6ZVRkVQQ5tejKrIQDDfNtPpwxDfg4PMfTRL+lg5iY88KWyfcOR
	 ZoG0K/KUCw53MKRJvz1KBMxNIi/Dcqy4I67PvaGc=
Old-Authentication-Results: lists.example;
  dkim=pass header.d=example.com
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1603889142; bh=hrDXocZNPy1+eUFYIk1PVRKa6mUMb8+ql9CFNABacww=;
	h=Date:From:To:Subject;
	b=YFLwvvW5bGbE5HpJwBM1JoL1F9b8AxdVFlwE/vOkL0p/pPpr7g9KnPXqwoEXZgFI0
	 /kkTHK/Afy4gaWZQfwDZ77LuxYSMFjwpNorSc0YEGzHYzLCN7rL1e+xE7B7kOCThiq
	 ebaMdcaHeZF6QUmWcUkEj8LVkxrvWi+bTzd3RnaA=
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Best
Author

________________________________________
this message was modified by MLM example
adding this footer and the subject tag
(note that l= is not set)
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4425: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4425"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with footer.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4425"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4439: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:4439"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4439"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_148
#AT_START_149
at_fn_group_banner 149 'testsuite.at:4448' \
  "Check MLM trans text/plain base64 encoded" "      "
at_xfail=no
(
  printf "%s\n" "149. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1603901305; bh=MjC5ikx26j8beyDJiz7Rk/4W+ppdGOmqh6koz0gLa8o=;
	h=Date:From:To:Subject;
	b=PNIYHGd7aytHEvew44WRpSfl4Py3c/9mKjovvQ1ps/xdpkl1/z+gWeu8e8ZmR7gdE
	 iT2TsJ7ni3Lfp5oUpGCko5MvCoqcKX7Zmq3CmXTxRTwwvVZrAp/ir8UTvG+rJFnyEZ
	 Yi3dSTX4rKe2LotyLkqcs+/uXaWEADbqcBp/9iHo=
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1603889142; bh=hrDXocZNPy1+eUFYIk1PVRKa6mUMb8+ql9CFNABacww=;
	h=Date:From:To:Subject;
	b=YFLwvvW5bGbE5HpJwBM1JoL1F9b8AxdVFlwE/vOkL0p/pPpr7g9KnPXqwoEXZgFI0
	 /kkTHK/Afy4gaWZQfwDZ77LuxYSMFjwpNorSc0YEGzHYzLCN7rL1e+xE7B7kOCThiq
	 ebaMdcaHeZF6QUmWcUkEj8LVkxrvWi+bTzd3RnaA=
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: base64

VGhpcyBpcyBhIHBsYWluIHRleHQgbWVzc2FnZSBzdWJtaXR0ZWQgdG8gYSBtYWlsaW5nIGxpc3Qu
ClRoZSBtYWlsaW5nIGxpc3QgaXMgZXhwZWN0ZWQgdG8gYWRkIGEgZm9vdGVyIGFuZCBhIHN1Ympl
Y3QgdGFnLgoKQmVzdApBdXRob3IKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX18KdGhpcyBtZXNzYWdlIHdhcyBtb2RpZmllZCBieSBNTE0gZXhhbXBsZQphZGRpbmcgdGhp
cyBmb290ZXIgYW5kIHRoZSBzdWJqZWN0IHRhZwoobm90ZSB0aGF0IGw9IGlzIG5vdCBzZXQpCg==
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4499: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4499"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message from base64 back to identity  with footer.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4499"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4513: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:4513"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4513"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_149
#AT_START_150
at_fn_group_banner 150 'testsuite.at:4522' \
  "Quoted-printable conversion to base64" "          "
at_xfail=no
(
  printf "%s\n" "150. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen


_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
test4
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: Check simple MLM message
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Although it's not actually base64-encoded, the C-T-E says so.
In this case, zdkimfilter autoconverts to base64.  This is useful
in case a MLM re-encodes the text before adding a footer, because
base64 encoding is easily reproducible, while quoted-printable can
vary widely on which characters are encoded and where are soft line
breaks placed.

Best
Author
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4557: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4557"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: re-encode qp message to base64
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4557"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4566: cat mail"
at_fn_check_prepare_trace "testsuite.at:4566"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=ysoVnAJmKDvSHJLR87FwWCOW/YghqjSbZqog/2ZYs5w=;
	h=Date:From:To:Subject;
	b=LY9kTpzVHnxvvm/4VdwREWy8YiYj8fHBuOoyzHb1v6fy8Ff7dCma3ZzyfzwmILuaS
	 4gjwsY93/SZpVppKBJQ2YN/F4TkxT6uk0s5XayWXAZdhquTNyoaAUUbuD5jfpisS4v
	 HAtLcMlhWrrRtyXrB/E0k52lEY7ATavhT/zEgeSE=
Original-Content-Transfer-Encoding: base64
Original-Subject: Check simple MLM message
Author: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: Check simple MLM message
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: base64

VGhpcyBpcyBhIHBsYWluIHRleHQgbWVzc2FnZSBzdWJtaXR0ZWQgdG8gYSBtYWlsaW5nIGxpc3Qu
DQpUaGUgbWFpbGluZyBsaXN0IGlzIGV4cGVjdGVkIHRvIGFkZCBhIGZvb3RlciBhbmQgYSBzdWJq
ZWN0IHRhZy4NCg0KQWx0aG91Z2ggaXQncyBub3QgYWN0dWFsbHkgYmFzZTY0LWVuY29kZWQsIHRo
ZSBDLVQtRSBzYXlzIHNvLg0KSW4gdGhpcyBjYXNlLCB6ZGtpbWZpbHRlciBhdXRvY29udmVydHMg
dG8gYmFzZTY0LiAgVGhpcyBpcyB1c2VmdWwNCmluIGNhc2UgYSBNTE0gcmUtZW5jb2RlcyB0aGUg
dGV4dCBiZWZvcmUgYWRkaW5nIGEgZm9vdGVyLCBiZWNhdXNlDQpiYXNlNjQgZW5jb2RpbmcgaXMg
ZWFzaWx5IHJlcHJvZHVjaWJsZSwgd2hpbGUgcXVvdGVkLXByaW50YWJsZSBjYW4NCnZhcnkgd2lk
ZWx5IG9uIHdoaWNoIGNoYXJhY3RlcnMgYXJlIGVuY29kZWQgYW5kIHdoZXJlIGFyZSBzb2Z0IGxp
bmUNCmJyZWFrcyBwbGFjZWQuDQoNCkJlc3QNCkF1dGhvcg0K
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4566"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_150
#AT_START_151
at_fn_group_banner 151 'testsuite.at:4598' \
  "Quoted-printable not converted to base64" "       "
at_xfail=no
(
  printf "%s\n" "151. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

no_qp_conversion

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctl <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: Check simple MLM message
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Although it's not actually base64-encoded, the C-T-E says so.
In this case, zdkimfilter autoconverts to base64.  This is useful
in case a MLM re-encodes the text before adding a footer, because
base64 encoding is easily reproducible, while quoted-printable can
vary widely on which characters are encoded and where are soft line
breaks placed.

Best
Author
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4633: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4633"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4633"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4641: grep -E ^Content-Transfer-Encoding: mail"
at_fn_check_prepare_trace "testsuite.at:4641"
( $at_check_trace; grep -E ^Content-Transfer-Encoding: mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Content-Transfer-Encoding: quoted-printable
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4641"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_151
#AT_START_152
at_fn_group_banner 152 'testsuite.at:4648' \
  "Check MLM trans text/plain base64 both" "         "
at_xfail=no
(
  printf "%s\n" "152. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1603913850; bh=MjC5ikx26j8beyDJiz7Rk/4W+ppdGOmqh6koz0gLa8o=;
	h=Date:From:To:Subject;
	b=g8sqxUBJbngAWMz/PY3Bi2S3BVxQfWZffiV5KxNT1u3QFajzUTrDI3Eb9isGsz41l
	 E+yKtMYLa1pbprinRRzztHbWAIT72kCf3OTovoP1s0Z3UJ9nj7KzVmFCF8gSPgtFOF
	 cVegEVVos2oZSWOEZgrGaKVG0uktD1ph6N8Tl2+A=
Old-Authentication-Results: lists.example;
  dkim=pass header.d=example.com
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1603913652; bh=Y1DjyTuC0BarSNa6SMTOfuoLu6j68tEOcNb7VJdoJjk=;
	h=Date:From:To:Subject;
	b=g92QozuNIwzzyZWfhRPR0PXDrh4Y5RW14ku38IeAGd6Gn72ZnKg+ePevPuxEeHKBm
	 lADv36Kbm25B3sypKwvbdpLI8kBiyW9eUvIeMUzF7FueysKQaImhY7Xe0xoDpKNwV0
	 o1dLCum0QQoYTL9C+sw/0wvfzDGyul7HsVDZrceA=
Old-Authentication-Results: example.com; auth=pass (details omitted)
Original-Content-Transfer-Encoding: base64
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: base64

VGhpcyBpcyBhIHBsYWluIHRleHQgbWVzc2FnZSBzdWJtaXR0ZWQgdG8gYSBtYWlsaW5nIGxpc3Qu
ClRoZSBtYWlsaW5nIGxpc3QgaXMgZXhwZWN0ZWQgdG8gYWRkIGEgZm9vdGVyIGFuZCBhIHN1Ympl
Y3QgdGFnLgoKQmVzdApBdXRob3IKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX18KdGhpcyBtZXNzYWdlIHdhcyBtb2RpZmllZCBieSBNTE0gZXhhbXBsZQphZGRpbmcgdGhp
cyBmb290ZXIgYW5kIHRoZSBzdWJqZWN0IHRhZwoobm90ZSB0aGF0IGw9IGlzIG5vdCBzZXQpCg==
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4703: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4703"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with footer.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4703"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4717: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:4717"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4717"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_152
#AT_START_153
at_fn_group_banner 153 'testsuite.at:4726' \
  "Check MLM trans multipart mime-wrap" "            "
at_xfail=no
(
  printf "%s\n" "153. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1603962061; bh=n4/RahgnfVg7htgJtCr7TwEW4eKA1O5oiNaQFA5HU+A=;
	h=Date:From:To:Subject;
	b=RJlq/Fu40AC1hdJfljd+KPU69Vq2M7capbGQyEMhDWvaN7xDPJdXotwnTwiz91iZY
	 5W3ITY7YXKHsWweLxu1Rph3ST3bbYQ1cifztpmtu4VPifBkm9MAe7OMDLHhk5ua9YL
	 VzJOsXieiIw5a8JhOsr6F/05/K05kNiEXvuLgKd8=
Old-Authentication-Results: lists.example;
  dkim=pass header.d=example.com
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1603961679; bh=XiCPbOV1vcu2Q2TyEUOuT4SMun2AjYj/Va6KRPa1lv0=;
	h=Date:From:To:Subject;
	b=gvM5grV2dbtinFMLcExv+gMATILzY+c8RY7QPVBJSFohH5HMgOLwrgSH8uwOcZxq0
	 FoXtBcHnukonqo97l8nY0faHi0Dp0LAmqn9e4ijwXw9IWwhFuUiCwICRaLEzrNUVBN
	 TWtzkQKnHpEXnPGBD7Q9f924mBe+eZsDyRc41ZvQ=
Old-Authentication-Results: example.com; auth=pass (details omitted)
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author via MLM <MLM@lists.example>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: multipart/mixed; boundary=MLM-boundary

This is the MLM preamble, not signed by Author.

--MLM-boundary
Content-Type: multipart/alternative; boundary=original-boundary

Original preamble must be preserved!

--original-boundary
Content-Type: text/plain;

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Best
Author

--original-boundary
Content-Type: text/html;

<p>This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

<p>Best<br>
Author<br>

--original-boundary--

Original epilogue

--MLM-boundary
Content-Type: text/plain

________________________________________
this message was modified by MLM example
adding this footer and the subject tag
(note that l= is not set)

--MLM-boundary--

MLM epilogue
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4814: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4814"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with mime-wrap.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4814"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4828: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:4828"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"Original-From: transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4828"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_153
#AT_START_154
at_fn_group_banner 154 'testsuite.at:4837' \
  "Check MLM trans multipart add-part" "             "
at_xfail=no
(
  printf "%s\n" "154. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1603974193; bh=sEPYSlJlh90leqy5+63oPn1iU+9P684R92cZHXa9ENw=;
	h=Date:From:To:Subject;
	b=fTSAMcaEatofQCuAeUhlTXmVl5j9bPbwWgc84NWtoSt5zT+SSNp37DTzhYIGHozEk
	 bpldArGQ+GygJE1b2witi6NctBd1O/xsUwDcJQxDXkF63QlCcalbKWypHZOhRqncUQ
	 zgUzdcuYgqTYMJ0NoTP8fqu0HdgmjD2LJXjV3pVI=
Old-Authentication-Results: lists.example;
  dkim=pass header.d=example.com
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1603973996; bh=eWqyE53pjRVCFGyHY1zGQTkCEvucN1vNN4cTcWk90WU=;
	h=Date:From:To:Subject;
	b=LGP1M3IX6XORfLs8HRLCFOcymzsPn+8+ljgQlmeNlCC/2Cl1+aBDCIEnzWI0pceCb
	 zg32vFfEeryvRDHB1L1K4rrKCEznvO0J3p1xkUPEWpSpzxUGw+PK9KA9ePZ5qdz7cI
	 /hXf7zjebznNdDQJnxajf7QHnx1tXmxijsJ1jiGQ=
Old-Authentication-Results: example.com; auth=pass (details omitted)
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author via MLM <MLM@lists.example>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: multipart/mixed; boundary=original-boundary

Original preamble must be preserved!

--original-boundary
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Best
Author

--original-boundary
Content-Type: image/png
Content-Transfer-Encoding: base64

iVBORw0KGgoAAAANSUhEUgAAAAYAAAAGCAYAAADgzO9IAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz
AAAHKgAAByoB49HU1wAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAB+SURB
VAiZNcGxDYUgAEXRhxTMYWLFVlDTOAUjOIEzWDqEC1igCQ0LSLi/+ueotUZKieu6uO+bdV2ptaLz
PDHGsG0b+74jieM40Pd91Fr5K6UAMC3LImutxhgaY8g5p3meNcUYFULQ+756nkchBMUYpd47OWe8
93jvyTnTe+cHXqRZbKSV4EoAAAAASUVORK5CYII=

--original-boundary
Content-Tyep: text/plain

________________________________________
this message was modified by MLM example
adding this footer and the subject tag
(note that l= cannot work in this case)

--original-boundary--
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4916: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:4916"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with add-part.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4916"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:4930: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:4930"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"Original-From: transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:4930"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_154
#AT_START_155
at_fn_group_banner 155 'testsuite.at:4939' \
  "Check MLM trans multipart add-part 2" "           "
at_xfail=no
(
  printf "%s\n" "155. $at_setup_line: testing $at_desc ..."
  $at_traceon

# epilogue, original-subject, from: unaltered
cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.lists.example v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgnLb2TZ6KECBMBo9ZLqDFt4ZBzNHFrgBj/LVJVFU8IQP8uH4G8Pj0mEHRo1qpf0vuFI2HVpe/3NhzkT4Ay/1ZIIsxY754f2thlhBvKh4AAgZFmzRvA3aZs6Tb/ERmD+a51liEMFaTOmY4mWeLi9wOM51usQ9Q65i8IP/vjHM3rQIDAQAB
whatever.author.example domain exists
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Received: from lists.example by subscriber.example.org with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.example; s=s;
	t=1604599746; bh=BsmaFXWrYYN9qzYutUg9J626PJiqszUf8Y5vntxTP3o=;
	h=Date:From:To:Subject;
	b=gZWHhpRyt8sqn+jYA00uv62YYbEKry1TazjIFDxocTJv6nl5GgqeVeOADGMOQuA+A
	 V5TpG7WoBNIRLlqCI6Sk8fiTB1oODQB+ALBupf2nS9DKG+3gAxOTjK/+8eqgrt+1eX
	 GH+BBkds2aKjELAuQyeE4M9x7vuL57GnkHtevvfA=
Old-Authentication-Results: lists.example;
  dkim=pass header.d=example.com
Received: from mail.example.com by lists.example with ESMTP
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1604599594; bh=5W7fIKY5Rjj5l39AxoF3U3u+MQncHhjaf7si+vQRLVQ=;
	h=Date:From:To:Subject;
	b=i4HXpKaBTtpna2KrWHC641MfSwIwiFo8+sDvYEtLFhbhoRInrvmyOYfy0cwMervTu
	 W0j0eGiR7F7tnVENgad8xKS6Od5F+1d2h7t5ghJNiWx2ae64bDdKS3UIG6jSAfCqI+
	 VrB5yTq2F4j5jNuIbqbb9otEkajTLYb3+JEjxNac=
Old-Authentication-Results: example.com; auth=pass (details omitted)
Original-Subject: [example] Check simple MLM message
Original-From: Author <user@example.com>
Received: from mua.example.com by mail.example.com with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 28 Oct 2020 13:12:55 +0100
From: Author <user@example.com>
MIME-Version: 1.0
To: MLM@lists.example
Subject: [example] Check simple MLM message
List-Post: <mailto:MLM@lists.example>
Content-Type: multipart/mixed; boundary=original-boundary

Original preamble must be preserved!

--original-boundary
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is a plain text message submitted to a mailing list.
The mailing list is expected to add a footer and a subject tag.

Best
Author

--original-boundary
Content-Type: image/png
Content-Transfer-Encoding: base64

iVBORw0KGgoAAAANSUhEUgAAAAYAAAAGCAYAAADgzO9IAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz
AAAHKgAAByoB49HU1wAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAB+SURB
VAiZNcGxDYUgAEXRhxTMYWLFVlDTOAUjOIEzWDqEC1igCQ0LSLi/+ueotUZKieu6uO+bdV2ptaLz
PDHGsG0b+74jieM40Pd91Fr5K6UAMC3LImutxhgaY8g5p3meNcUYFULQ+756nkchBMUYpd47OWe8
93jvyTnTe+cHXqRZbKSV4EoAAAAASUVORK5CYII=

--original-boundary
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

________________________________________
this message was modified by MLM example
adding this footer and the subject tag
(note that l= cannot work in this case)

--original-boundary--

Original epilogue must be preserved!
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5024: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5024"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 1, could pass: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 0; pass, bh bad: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Author <user@example.com>\" retry body only
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with add-part.
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by example.com, s=s recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5024"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5038: head -n 3 mail"
at_fn_check_prepare_trace "testsuite.at:5038"
( $at_check_trace; head -n 3 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: subscriber.example.org;
  dkim=pass reason=\"transformed\" header.d=example.com;
  dkim=pass header.d=lists.example
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5038"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_155
#AT_START_156
at_fn_group_banner 156 'testsuite.at:5046' \
  "Check MLM trans with base64-encoded footer" "     "
at_xfail=no
(
  printf "%s\n" "156. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
default._domainkey.digilicious.com v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1xy76Lem4aIcXXE0iZeMerfr9K1sOaGgvm+CB6hJt4nMP0Ed6Ar5/arYG8D1Gh4P2+WxQhqLY5bYZPvz31QOaFu7NJZaerWsrYuqpCcpWOZTr+ecxa2mJoV3ZnFHOzDaxQeeLr1V1qLdERBi13pqZix/d1vWrIPzKLl1P8YAnwwIDAQAB
whatever.mailop.org domain exists
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Return-Path: <mailop-bounces@mailop.org>
Received-SPF: pass (Address passes the Sender Policy Framework)
  SPF=HELO;
  sender=mx.mailop.org;
  remoteip=91.132.147.157;
  remotehost=mx.mailop.org;
  helo=mx.mailop.org;
  receiver=wmail.tana.it;
Received-SPF: pass (Address passes the Sender Policy Framework)
  SPF=MAILFROM;
  sender=mailop-bounces@mailop.org;
  remoteip=91.132.147.157;
  remotehost=mx.mailop.org;
  helo=mx.mailop.org;
  receiver=wmail.tana.it;
Received: from mx.mailop.org (mx.mailop.org 91.132.147.157)
  (TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384)
  by wmail.tana.it with ESMTPS
  id 00000000005DC008.0000000060BD206E.00002361; Sun, 06 Jun 2021 21:22:22 +0200
Authentication-Results: wmail.tana.it;
    dnswl=pass dns.zone=list.dnswl.org
    policy.ip=127.0.4.2
    policy.txt="mailop.org https://dnswl.org/s/?s=74361"
Received: from mx.mailop.org (localhost.localdomain 127.0.0.1)
	by mx.mailop.org (Postfix) with ESMTP id 4FymR446GYz8tlS;
	Sun,  6 Jun 2021 21:14:56 +0200 (CEST)
X-Original-To: mailop@mailop.org
Delivered-To: mailop@mailop.org
X-Virus-Scanned: Debian amavisd-new at mailop.org
Received: from digilicious.com (digilicious.com 108.83.36.113)
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by mx.mailop.org (Postfix) with ESMTPS id 4FymR15NPPz8tkq
 for <mailop@mailop.org>; Sun,  6 Jun 2021 21:14:53 +0200 (CEST)
Received: from digilicious.com (digilicious.com 108.83.36.113)
 by digilicious.com (Postfix) with ESMTPSA id 588CE261576;
 Sun,  6 Jun 2021 12:14:48 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 digilicious.com 588CE261576
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digilicious.com;
 s=default; t=1623006888;
 bh=nL4TukNeuKPCK188r+7NoOXe6+0gf6m11se/XuP2puw=;
 h=Subject:To:References:From:Date:In-Reply-To:From;
 b=L3z7guYTsrouYgKMWEsdhX4GEX9O9fE62RNlCjDC5POTNZSbfP1FzDYMxOjmC4Rvo
 xSk66O9w5lpNM4FVIPFpyxWiXqYPVHDeWf+pkw93essrpTFwABMxdRE5CUWMCymDqQ
 ab+NuEbk8GndyZVcdsOnct5aj5wc9TnrrNf/tIfc=
To: "Larry M. Smith" <mailop.org@fahq2.com>, mailop@mailop.org
References: <74d1feaf-2ff7-fa0f-46e4-227f098fd1e9@FahQ2.com>
Message-ID: <71b021c1-a7a4-5f17-6177-071701ca7b60@digilicious.com>
Date: Sun, 6 Jun 2021 12:14:47 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <74d1feaf-2ff7-fa0f-46e4-227f098fd1e9@FahQ2.com>
Subject: Re: mailop Gmail's MTA is broken
X-BeenThere: mailop@mailop.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: For mail operators <mailop.mailop.org>
List-Unsubscribe: <https://list.mailop.org/options/mailop>,
 <mailto:mailop-request@mailop.org?subject=unsubscribe>
List-Archive: <https://list.mailop.org/private/mailop/>
List-Post: <mailto:mailop@mailop.org>
List-Help: <mailto:mailop-request@mailop.org?subject=help>
List-Subscribe: <https://list.mailop.org/listinfo/mailop>,
 <mailto:mailop-request@mailop.org?subject=subscribe>
From: Gene Hightower via mailop <mailop@mailop.org>
Reply-To: Gene Hightower <mailop@digilicious.com>
Content-Type: multipart/mixed; boundary="===============1138884042080988580=="
Errors-To: mailop-bounces@mailop.org
Sender: "mailop" <mailop-bounces@mailop.org>
Received-SPF: pass (Address passes the Sender Policy Framework)
  SPF=FROM;
  sender=mailop@mailop.org;
  remoteip=91.132.147.157;
  remotehost=mx.mailop.org;
  helo=mx.mailop.org;
  receiver=wmail.tana.it;

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1138884042080988580==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="7IH105CLucjPLqPzVYDLt9CqnOT4eE0d1"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7IH105CLucjPLqPzVYDLt9CqnOT4eE0d1
Content-Type: multipart/mixed; boundary="GUDroQA5l7nonx1JphPHUiQE7AX0qRKtb";
 protected-headers="v1"
From: Gene Hightower <mailop@digilicious.com>
To: "Larry M. Smith" <mailop.org@fahq2.com>, mailop@mailop.org
Message-ID: <71b021c1-a7a4-5f17-6177-071701ca7b60@digilicious.com>
Subject: Re: mailop Gmail's MTA is broken
References: <74d1feaf-2ff7-fa0f-46e4-227f098fd1e9@FahQ2.com>
In-Reply-To: <74d1feaf-2ff7-fa0f-46e4-227f098fd1e9@FahQ2.com>

--GUDroQA5l7nonx1JphPHUiQE7AX0qRKtb
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 06/06/2021 07:34, Larry M. Smith via mailop wrote:

> Seems that gmail.com's MTA can't properly speak SMTP.  ...

$ telnet imp.fahq2.com smtp
Trying 47.12.77.216...
Connected to imp.fahq2.com.
Escape character is '^'.
220 "helob0gus.fahq2.com ESMTP"

The syntax of the initial greeting offered by your MX includes double
quote characters which don't look to be complaint with the syntax of an
SMTP reply as specified by RFC 5321 section 4.2. SMTP Replies.

Perhaps your MTA might be the problem?



--GUDroQA5l7nonx1JphPHUiQE7AX0qRKtb--

--7IH105CLucjPLqPzVYDLt9CqnOT4eE0d1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCAAdFiEEWOWxKLajOgqXlD8w8MVtphHqSPUFAmC9HqcACgkQ8MVtphHq
SPXl0w/2PzdnNz2HkQQuyWfY7Zd/7RDxLNAoJ1x1/e4OtUnudZsmkcPoiW5ZU7eh
TXb+l6PvthqoqDM8I4dYzklPnSnSwVcSiYpSz9kIz0ZczIAeLjzuk4e10EyCku91
Vif9f61OhRjnJSplBqki7RuS96gMlSbWbDoUukLm5moCPFfk/nejpResu+me0YzM
3BU3ajWmKu2bladdQ+zBvkp6DrbK87MKDwhgNpHBFBvzwit6qI2Vzdew8iWkLPbP
X2u0GJn7U9GCmIgT0U6CiAnt1/5eKCdlKX0QIs6OjO30a/xqtBp/O7S7wZ3WFoJy
ifF7BtXhf4SYpDMnTPsg99VjSwcgq585O22mTniW7Kt4SKRphECOdL+J8jSJOTA3
RsCLgKb3eJFQ5FsACKWcxSk97XpoD0e/rakg31fdIcW4sJSOImYeAy94VFETVzcP
mq7itfthXMD2/nvB2o4hKz/K03bUU9VycU0N/U/7Y2GUn1ZUy+muMbxv42/z9jKm
EXW0PPrlntA16GQFyrxBjN9JSN8wkVsnaUQEOBY+HXCKV9IMY4OARMD9SJV9+1Be
QaXdUiTcB7ZAaOD0BRAS63csLsKpED6jNfAafQIhLsxSXy3d+tQgujFRnuDC2k5g
ej/Y2y4NiRAxqWE5TX8GMLXaSKRottT0FSAJgCjvOGyPpjM+pA==
=DlBK
-----END PGP SIGNATURE-----

--7IH105CLucjPLqPzVYDLt9CqnOT4eE0d1--

--===============1138884042080988580==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbWFpbG9wIG1h
aWxpbmcgbGlzdAptYWlsb3BAbWFpbG9wLm9yZwpodHRwczovL2xpc3QubWFpbG9wLm9yZy9saXN0
aW5mby9tYWlsb3AK

--===============1138884042080988580==--
_ATEOF
]
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5221: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5221"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: domain mailop.org whitelisted by list.dnswl.org
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling body parse (sigs pass: 0, could pass: 1)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 0; badsig, bh bad: 1; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Gene Hightower <mailop@digilicious.com>\" retry header and body
INFO:zdkimfilter[0]:ip=192.0.2.1: transform message with mime-wrap.
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=fail (id=digilicious.com, signature verification failed, stat=1)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5221"
$at_failed && at_fn_log_failure
$at_traceon; }


  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_156
#AT_START_157
at_fn_group_banner 157 'testsuite.at:5238' \
  "Check MLM trans header only" "                    "
at_xfail=no
(
  printf "%s\n" "157. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
delta._domainkey.tana.it v=DKIM1; k=rsa; p=MIGuMA0GCSqGSIb3DQEBAQUAA4GcADCBmAKBkA5YMrfcQD3kzCQJFRXLatbXbl6h07EE1TrJOVp94EeBV50QFuBIk0igZgPTA39O77mUyNii81hD4q2g9/Hoj9asqQHTTKjqk+gwZWC+X46K5BYSRPTCC9sidg20Laubyn0ATGaz+OyIl4JcE2rsEXwXLJ98OFEaa3gWyUVO9+lNwebs932bOtHbM2YpzJzEPQIDAQAB
whatever.example.com domain exists
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Return-Path: <vesely@tana.it>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
	t=1622215204; bh=LbtKmYmb0AYuqmLosy6d8z3lUbe9bySycLmt7spvoos=;
	l=129; h=To:From:Date;
	b=DF3LTTYsDjy3uIFszGHjyd8hMAR4t8+uq9GMUnlpffjAlKYUUdn3tsaegLm/JoMCc
	 1+AjNriC92jwpBXmBYW3g/0Y7ema7N7wqkYAfZ7NRjqjwHLKsYmGFjENWZhYMdLZv9
	 s/nWz080dY+fObgdrhac5rfMbucn6VCuxujS0t5uevJXuAVFdA+mnu7GxmAnn
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from 172.25.197.111 (pcale.tana 172.25.197.111)
  (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256)
  by wmail.tana.it with ESMTPSA
  id 00000000005DC03D.0000000060B10A24.00001BB5; Fri, 28 May 2021 17:20:04 +0200
To: Alessandro Vesely <vesely@tana.it>
From: Alessandro Vesely via Anelli <whatever@example.com>
Subject: Retry header only, with l=
Message-ID: <f31b2555-7602-fff7-f36d-55c7e73c135a@tana.it>
Date: Fri, 28 May 2021 17:20:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.9.0
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

This is a test program.  The header is going to be transformed, while the body
hash matches, featuring an l= tag.

Verify it!
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5286: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5286"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: enabling retry (badsig, bh ok: 1; badsig, bh bad: 0; pass, bh bad: 0)
INFO:zdkimfilter[0]:ip=192.0.2.1: transformation enabled for \"Alessandro Vesely <vesely@tana.it>\" retry header only
INFO:zdkimfilter[0]:ip=192.0.2.1: signature by tana.it, s=delta recovered by transformation
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=tana.it, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5286"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_157
#AT_START_158
at_fn_group_banner 158 'testsuite.at:5300' \
  "Check MLM trans header only not signed" "         "
at_xfail=no
(
  printf "%s\n" "158. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

report_all_sigs
trust_a_r

_ZEOF

cat >KEYFILE <<'_ATEOF'
delta._domainkey.tana.it v=DKIM1; k=rsa; p=MIGuMA0GCSqGSIb3DQEBAQUAA4GcADCBmAKBkA5YMrfcQD3kzCQJFRXLatbXbl6h07EE1TrJOVp94EeBV50QFuBIk0igZgPTA39O77mUyNii81hD4q2g9/Hoj9asqQHTTKjqk+gwZWC+X46K5BYSRPTCC9sidg20Laubyn0ATGaz+OyIl4JcE2rsEXwXLJ98OFEaa3gWyUVO9+lNwebs932bOtHbM2YpzJzEPQIDAQAB
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl



exit
_ATEOF

cat >mail <<'_ATEOF'
Return-Path: <vesely@tana.it>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
	t=1622215204; bh=LbtKmYmb0AYuqmLosy6d8z3lUbe9bySycLmt7spvoos=;
	l=129; h=To:From:Date;
	b=BAD_TTYsDjy3uIFszGHjyd8hMAR4t8+uq9GMUnlpffjAlKYUUdn3tsaegLm/JoMCc
	 1+AjNriC92jwpBXmBYW3g/0Y7ema7N7wqkYAfZ7NRjqjwHLKsYmGFjENWZhYMdLZv9
	 s/nWz080dY+fObgdrhac5rfMbucn6VCuxujS0t5uevJXuAVFdA+mnu7GxmAnn
Received: from 172.25.197.111 (pcale.tana 172.25.197.111)
  (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256)
  by wmail.tana.it with ESMTPSA
  id 00000000005DC03D.0000000060B10A24.00001BB5; Fri, 28 May 2021 17:20:04 +0200
To: Alessandro Vesely <vesely@tana.it>
From: Alessandro Vesely <vesely@tana.it>
Subject: unsigned Retry header only, with l=
Message-ID: <f31b2555-7602-fff7-f36d-55c7e73c135a@tana.it>
Date: Fri, 28 May 2021 17:20:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.9.0
Precedence: list
List-Post: <mailto:pretend-to-be-a-list@example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

This is a test program.  The header is going to be transformed, while the body
hash matches, featuring an l= tag.

Verify it!
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5348: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5348"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=fail (id=tana.it, signature verification failed, stat=1)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5348"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_158
#AT_START_159
at_fn_group_banner 159 'testsuite.at:5364' \
  "Sign and verify Ed25519 signature" "              "
at_xfail=no
(
  printf "%s\n" "159. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5365: \$HAVE_ED25519 || exit 77"
at_fn_check_prepare_dynamic "$HAVE_ED25519 || exit 77" "testsuite.at:5365"
( $at_check_trace; $HAVE_ED25519 || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5365"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
sign_hfields Date From To Subject Authentication-Results

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIJ1hsZ3v/VpguoRK9JLsLMREScVpezJpGXA7rAMcrn9g
-----END PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5380: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5380"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, ed25519-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5380"
$at_failed && at_fn_log_failure
$at_traceon; }

# make a modified copy of mail for later
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5389: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:5389"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5389"
$at_failed && at_fn_log_failure
$at_traceon; }

# verify mail normally
cat >ctlv <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5406: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5406"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by example.com: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by mail.example.com: empty
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5406"
$at_failed && at_fn_log_failure
$at_traceon; }

# now repeat the test with modified mail
cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5424: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5424"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5424"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_159
#AT_START_160
at_fn_group_banner 160 'testsuite.at:5449' \
  "Verify RFC 8463" "                                "
at_xfail=no
(
  printf "%s\n" "160. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5450: \$HAVE_ED25519 || exit 77"
at_fn_check_prepare_dynamic "$HAVE_ED25519 || exit 77" "testsuite.at:5450"
( $at_check_trace; $HAVE_ED25519 || exit 77
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5450"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
sign_hfields from to subject date message-id
oversign_hfields from subject date
header_canon_relaxed
body_canon_relaxed
selector brisbane
i_signer @football.example.com

_ZEOF


cat >football.example.com <<'_ATEOF'
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIJ1hsZ3v/VpguoRK9JLsLMREScVpezJpGXA7rAMcrn9g
-----END PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
From: Joe SixPack <joe@football.example.com>
To: Suzie Q <suzie@shopping.example.net>
Subject: Is dinner ready?
Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
Message-ID: <20030712040037.46341.5F8J@football.example.com>

Hi.

We lost the game.  Are you hungry yet?

Joe.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@football.example.com
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5471: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5471"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@football.example.com with domain football.example.com, selector brisbane, ed25519-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5471"
$at_failed && at_fn_log_failure
$at_traceon; }


# Verify the signature given in the RFC.
cat >mail1 <<'_ATEOF'
Received: from server.example.com by test.example with ESMTP
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
 d=football.example.com; i=@football.example.com;
 q=dns/txt; s=brisbane; t=1528637909; h=from : to :
 subject : date : message-id : from : subject : date;
 bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
 b=/gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11Bus
 Fa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw==
From: Joe SixPack <joe@football.example.com>
To: Suzie Q <suzie@shopping.example.net>
Subject: Is dinner ready?
Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
Message-ID: <20030712040037.46341.5F8J@football.example.com>

Hi.

We lost the game.  Are you hungry yet?

Joe.
_ATEOF

cat >ctlv <<'_ATEOF'
Mverifymsg
OTCPREMOTEIP=192.0.2.1
usmtp
_ATEOF

cat >KEYFILE <<'_ATEOF'
brisbane._domainkey.football.example.com v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail1
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5504: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5504"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: dkim=pass (id=football.example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5504"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_160
#AT_START_161
at_fn_group_banner 161 'testsuite.at:5516' \
  "Check sign local" "                               "
at_xfail=no
(
  printf "%s\n" "161. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >author.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctl <<'_ATEOF'
Msignmsg
ulocal
_ATEOF

cat >batch <<'_ATEOF'
mail
ctl



exit
_ATEOF


cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain author.example
sign_local = 0

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5530: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5530"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5530"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain author.example
sign_local = 1

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5541: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5541"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for @author.example with domain author.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5541"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

default_domain author.example
sign_local = 2

_ZEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5553: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5553"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: Ignoring already signed local message: DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=author.example; s=s;
INFO:zdkimfilter[0]:id=signmsg: response: 250 already signed.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 already signed.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5553"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_161
#AT_START_162
at_fn_group_banner 162 'testsuite.at:5564' \
  "mailto_domain() function" "                       "
at_xfail=no
(
  printf "%s\n" "162. $at_setup_line: testing $at_desc ..."
  $at_traceon

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5565: TESTmailto '<mailto:whatever> or <mailto:user@exa mple.com,who@EX%41MPLE.com?subject=\"unsubscribe\">'"
at_fn_check_prepare_trace "testsuite.at:5565"
( $at_check_trace; TESTmailto '<mailto:whatever> or <mailto:user@exa mple.com,who@EX%41MPLE.com?subject="unsubscribe">'
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "0 example.com
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5565"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_162
#AT_START_163
at_fn_group_banner 163 'testsuite.at:5587' \
  "Seal and verify ARC set" "                        "
at_xfail=no
(
  printf "%s\n" "163. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
sign_hfields Date From To Subject Authentication-Results

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5593: \$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --arcseal --filter --domain example.com -- --batch-test >mailsig  < mail"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimsign -f zftest.conf --arcseal --filter --domain example.com -- --batch-test >mailsig  < mail" "testsuite.at:5593"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimsign -f zftest.conf --arcseal --filter --domain example.com -- --batch-test >mailsig  < mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO: zfilter: zdkimfilter[0]:id=zdkimsign: sealing for postmaster@example.com with domain example.com, selector s, rsa-sha256
INFO: zfilter: zdkimfilter[0]:id=zdkimsign: response: 250 Ok.
INFO: zfilter: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5593"
$at_failed && at_fn_log_failure
$at_traceon; }


# verify mail
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mailsig
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5617: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5617"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5617"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5625: head -5 mailsig"
at_fn_check_prepare_trace "testsuite.at:5625"
( $at_check_trace; head -5 mailsig
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: test.example;
  spf=pass smtp.mailfrom=sender.example;
  arc=pass header.oldest-pass=0 (1 set(s)) smtp.remote-ip=192.0.2.1
ARC-Authentication-Results: i=1; mail.example.com; none
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5625"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_163
#AT_START_164
at_fn_group_banner 164 'testsuite.at:5634' \
  "Copy A-R to ARC-Authentication-Results" "         "
at_xfail=no
(
  printf "%s\n" "164. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
sign_hfields Date From To Subject
oversign_hfields From To

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctl <<'_ATEOF'
Msealmsg
uauthsmtp
iuser@example.com
_ATEOF

cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >batch <<'_ATEOF'
test4
mail
ctl


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5649: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5649"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5649"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5656: cat mail"
at_fn_check_prepare_trace "testsuite.at:5656"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=1; example.com; none
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject:From:To;
	b=Ey85VmRd/AG0GeWNMPgiJFCRZNZmW+GIMCL24mCPlh2BZCEKP/hylKOWlBwqAri3K
	 p4J8YGuXZHEwxuQClL+LzW5inaRmvGvhWBv9wPiOfuEujHiHvOpDZp8Lj88nFRobFE
	 fChKkTgX4hzuwgg/1t+9lWvW82RyRXX5u9A6SKTM=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=example.com; s=s; t=1671190000;
	b=RSjSRbGUIkhsT66QRuGNJywxYqTon/+1S2HUk/eqlN6b/UeiZYSLJ8GzRmuaYv/8R
	 C2/7Lkpe2zA6j8bBeWD9q8EX0dyj5hu/o9DqE31AuH5jaHtD4+bfjsr/eylqIrCJF1
	 jGADMQkQvo06WSvAKiiWNOL61Fk63reqXrGL87YM=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5656"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Authentication-Results:
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5672: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5672"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "ERR:zdkimfilter[0]:id=sealmsg: A-R ignored on sealing: Scan error: \"\"
INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5672"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5680: cat mail"
at_fn_check_prepare_trace "testsuite.at:5680"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=1; example.com; none
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject:From:To;
	b=Ey85VmRd/AG0GeWNMPgiJFCRZNZmW+GIMCL24mCPlh2BZCEKP/hylKOWlBwqAri3K
	 p4J8YGuXZHEwxuQClL+LzW5inaRmvGvhWBv9wPiOfuEujHiHvOpDZp8Lj88nFRobFE
	 fChKkTgX4hzuwgg/1t+9lWvW82RyRXX5u9A6SKTM=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=example.com; s=s; t=1671190000;
	b=RSjSRbGUIkhsT66QRuGNJywxYqTon/+1S2HUk/eqlN6b/UeiZYSLJ8GzRmuaYv/8R
	 C2/7Lkpe2zA6j8bBeWD9q8EX0dyj5hu/o9DqE31AuH5jaHtD4+bfjsr/eylqIrCJF1
	 jGADMQkQvo06WSvAKiiWNOL61Fk63reqXrGL87YM=
Authentication-Results:
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5680"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Authentication-Results: mail.example.com;
  spf = pass  (Address passes the Sender Policy Framework)
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5698: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5698"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5698"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5705: cat mail"
at_fn_check_prepare_trace "testsuite.at:5705"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=1; mail.example.com;
  spf=pass
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject:From:To;
	b=Ey85VmRd/AG0GeWNMPgiJFCRZNZmW+GIMCL24mCPlh2BZCEKP/hylKOWlBwqAri3K
	 p4J8YGuXZHEwxuQClL+LzW5inaRmvGvhWBv9wPiOfuEujHiHvOpDZp8Lj88nFRobFE
	 fChKkTgX4hzuwgg/1t+9lWvW82RyRXX5u9A6SKTM=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=example.com; s=s; t=1671190000;
	b=L41GVsUZ5MZ402qKpSN6SidtWfH8EnEwJ6L1/xrewp2URDZYt1A3vdmGIq/se7rWx
	 mJZk54yPaFFivShzAnWglc7IQMhB3Et9zZuV/qhg4K7+uD91s3pnkh3abHkPELf9Wb
	 5j0lirqD1AcBeaWpNzQif2bsJ67iYqFTjGviB6dI=
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5705"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Authentication-Results: mail.example.com;
  spf = pass  (Address passes the Sender Policy Framework)
Received: from server.example by test.example with ESMTP
Authentication-Results: someone.else.example;
  dkim=pass header.d=bungabunga.com
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5725: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5725"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: A-R ignored on sealing: Extraneous ID: \" someone.else.exampl[...]\"
INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5725"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5733: cat mail"
at_fn_check_prepare_trace "testsuite.at:5733"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=1; mail.example.com;
  spf=pass
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject:From:To;
	b=Ey85VmRd/AG0GeWNMPgiJFCRZNZmW+GIMCL24mCPlh2BZCEKP/hylKOWlBwqAri3K
	 p4J8YGuXZHEwxuQClL+LzW5inaRmvGvhWBv9wPiOfuEujHiHvOpDZp8Lj88nFRobFE
	 fChKkTgX4hzuwgg/1t+9lWvW82RyRXX5u9A6SKTM=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=example.com; s=s; t=1671190000;
	b=L41GVsUZ5MZ402qKpSN6SidtWfH8EnEwJ6L1/xrewp2URDZYt1A3vdmGIq/se7rWx
	 mJZk54yPaFFivShzAnWglc7IQMhB3Et9zZuV/qhg4K7+uD91s3pnkh3abHkPELf9Wb
	 5j0lirqD1AcBeaWpNzQif2bsJ67iYqFTjGviB6dI=
Received: from server.example by test.example with ESMTP
Authentication-Results: someone.else.example;
  dkim=pass header.d=bungabunga.com
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5733"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Authentication-Results: mail.example.com;
  spf = pass  (Address passes the Sender Policy Framework)
Received: from server.example by test.example with ESMTP
Authentication-Results: someone.else.example;
  dkim=pass header.d=bungabunga.com
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Authentication-Results: mail.example.COM (this is the same);
  whatever = result prop1 = value1 (these are not checked) prop2 = rrr2
  reason="some longer stuff" xxx=12345678 yyyy=10 you.said=yes
  some.more = "anything U like" no.idea=yes funny=no third.line=yes
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5759: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5759"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: A-R ignored on sealing: Extraneous ID: \" someone.else.exampl[...]\"
INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5759"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5767: cat mail"
at_fn_check_prepare_trace "testsuite.at:5767"
( $at_check_trace; cat mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=1; mail.example.com;
  spf=pass;
  whatever=result prop1=value1 prop2=rrr2 reason=\"some longer stuff\"
    xxx=12345678 yyyy=10 you.said=yes some.more=\"anything U like\" no.idea=yes funny=no
    third.line=yes
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject:From:To;
	b=Ey85VmRd/AG0GeWNMPgiJFCRZNZmW+GIMCL24mCPlh2BZCEKP/hylKOWlBwqAri3K
	 p4J8YGuXZHEwxuQClL+LzW5inaRmvGvhWBv9wPiOfuEujHiHvOpDZp8Lj88nFRobFE
	 fChKkTgX4hzuwgg/1t+9lWvW82RyRXX5u9A6SKTM=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=example.com; s=s; t=1671190000;
	b=S1R0mPdYi7y1+zlnHuSFyIdPJsWl6wBBO31FGcm8dD0R7rhE5LymZAcPhIFEihEHn
	 QksCCjIzccdDu4c1wo1/ExxG95s79fv9FLAshW+zAsF7KUqcaCoe4fT35nvKUTSFbz
	 PU7JTwvrbhPMZDK9MnFjE8QVgfeCipkl4/8JylCA=
Received: from server.example by test.example with ESMTP
Authentication-Results: someone.else.example;
  dkim=pass header.d=bungabunga.com
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5767"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_164
#AT_START_165
at_fn_group_banner 165 'testsuite.at:5789' \
  "ARC sets sequence" "                              "
at_xfail=no
(
  printf "%s\n" "165. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
report_all_sigs
sign_hfields Date From To Subject

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
test4
mail
ctls


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5805: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5805"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5805"
$at_failed && at_fn_log_failure
$at_traceon; }

# A-R -> Old-
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5814: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:5814"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5814"
$at_failed && at_fn_log_failure
$at_traceon; }

# verifyreceived mail
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.test.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.example.net v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5832: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5832"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5832"
$at_failed && at_fn_log_failure
$at_traceon; }


# MLM Subject
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5843: sed 's/^Subject:/Subject: tag/' mail2 > mail3"
at_fn_check_prepare_trace "testsuite.at:5843"
( $at_check_trace; sed 's/^Subject:/Subject: tag/' mail2 > mail3
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5843"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >test.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctls <<'_ATEOF'
Msealmsg
uauthsmtp
iuser@test.example
OTCPREMOTEIP=192.0.2.3
_ATEOF

cat >batch <<'_ATEOF'
test4
mail3
ctls


exit
_ATEOF


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5855: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5855"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@test.example with domain test.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5855"
$at_failed && at_fn_log_failure
$at_traceon; }


# receive and verify
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5864: echo \"Received: from test.example by example.net with ESMTP\" > mail4"
at_fn_check_prepare_trace "testsuite.at:5864"
( $at_check_trace; echo "Received: from test.example by example.net with ESMTP" > mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5864"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5865: cat mail3 >> mail4"
at_fn_check_prepare_trace "testsuite.at:5865"
( $at_check_trace; cat mail3 >> mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5865"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverify3
usmtp
OTCPREMOTEIP=192.0.2.4
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail4
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5876: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5876"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verify3: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=fail (id=example.com, stat=0), arc=pass (id=test.example)
INFO:zdkimfilter[0]:ip=192.0.2.4: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5876"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5886: head -24 mail4"
at_fn_check_prepare_trace "testsuite.at:5886"
( $at_check_trace; head -24 mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=example.com;
  arc=pass header.oldest-pass=0 (1 set(s)) smtp.remote-ip=192.0.2.4
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=test.example; s=s; t=1671190000;
	b=kWOPTKGWvvWhT31oerW5k4TAqLPnFQZQr7Zo9xEQaV0fJYdXrj+HdbIEatS5hpSGR
	 KAUXa5noSL3eoRy+gT8m2TFwlqZl3iHTpoXRags1iUBAIcbnF1AD4T8Tcaqg8kP9ns
	 PHSvIClkr2/xqNWCd5k4xpTz+/n6AXiXB1pgbwYs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=WnPXxvD85E/0WzZXA3A8tZf7pO2RQkye+AFrW9gtuZPLTc27y91UcSxBLl9FVI8d5
	 XSpuB/GDoJpedjgr4fAx9f59+D1gHgChUDkv8s/kicxqUa3KT/WEOaYEdXvb/vCo6+
	 yFv7Hv+/stvMk/2mPhTds+ZofX59ngzmYuZNyJAg=
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5886"
$at_failed && at_fn_log_failure
$at_traceon; }


# seal again a modified message
cat >footer <<'_ATEOF'

--
spam check by example.net
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5918: cat footer >> mail4"
at_fn_check_prepare_trace "testsuite.at:5918"
( $at_check_trace; cat footer >> mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5918"
$at_failed && at_fn_log_failure
$at_traceon; }



cat >example.net <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctls <<'_ATEOF'
Msealmsg
uauthsmtp
iuser@example.net
_ATEOF

cat >batch <<'_ATEOF'
test2
test4
mail4
ctls


exit
_ATEOF


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5932: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:5932"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.net with domain example.net, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: ARC sealing after i=1 test.example
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5932"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5941: head -24 mail4"
at_fn_check_prepare_trace "testsuite.at:5941"
( $at_check_trace; head -24 mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=pass header.oldest-pass=0 smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=jFKb9TjMneMjjUzNSLV0yThCSQd+DUDAs0wF2flLC5E=;
	h=Date:From:To:Subject;
	b=aazz9WMASTPy9Cf7luZg2N1Of+uNB3Ve3teGrrt+P1WdLxfM/ZyJwDkUpfwgJCr9W
	 PYOUdnnMbSMRt5UYcYIta84yvkLqnoSvvmr81Y2sljw5TQkPoLumzCsC7A+D3rhW7P
	 ZU7aAAhz3L7NmMrfjr41fp9c0OTJcMo+JVVpsDuU=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=example.net; s=s; t=1671190000;
	b=EKt+VfE1K5Qyo4nU9SlJLXilQzZ7O11VPxSxXxNiKv1DVuBwVGFdMC45kX6x3S/T3
	 ae4U+UNkNZVItMp50QxH416Dw0mLzPzJtZPVm37MR5Wy8o5T2Fi1gvP9gX2vLRBmbG
	 JLC/ZB9hSznnu4Bc5xTEh5rqDYnSywX9b9hR3MHc=
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5941"
$at_failed && at_fn_log_failure
$at_traceon; }


# receive and verify
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5969: echo \"Received: from example.net by example.org with ESMTP\" > mail5"
at_fn_check_prepare_trace "testsuite.at:5969"
( $at_check_trace; echo "Received: from example.net by example.org with ESMTP" > mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5969"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5970: cat mail4 >> mail5"
at_fn_check_prepare_trace "testsuite.at:5970"
( $at_check_trace; cat mail4 >> mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5970"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverify4
usmtp
OTCPREMOTEIP=192.0.2.12
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail5
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5981: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:5981"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verify4: verify msg from 192.0.2.12 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.12: verified: spf=pass, dkim=fail (id=example.com, stat=0), arc=pass (id=example.net)
INFO:zdkimfilter[0]:ip=192.0.2.12: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5981"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:5991: head -9 mail5"
at_fn_check_prepare_trace "testsuite.at:5991"
( $at_check_trace; head -9 mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.org;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=example.com;
  arc=pass header.oldest-pass=2 (2 set(s)) smtp.remote-ip=192.0.2.12
Received: from example.net by example.org with ESMTP
ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=pass header.oldest-pass=0 smtp.remote-ip=192.0.2.4
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:5991"
$at_failed && at_fn_log_failure
$at_traceon; }


  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_165
#AT_START_166
at_fn_group_banner 166 'testsuite.at:6006' \
  "ARC fail after Authentication-Results" "          "
at_xfail=no
(
  printf "%s\n" "166. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
report_all_sigs
sign_hfields Date From To Subject

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
test4
mail
ctls


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6022: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6022"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6022"
$at_failed && at_fn_log_failure
$at_traceon; }

# A-R -> Old-
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6031: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:6031"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6031"
$at_failed && at_fn_log_failure
$at_traceon; }

# verifyreceived mail
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.test.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.example.net v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6049: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6049"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6049"
$at_failed && at_fn_log_failure
$at_traceon; }


# MLM Subject
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6060: sed 's/^Subject:/Subject: tag/' mail2 > mail3"
at_fn_check_prepare_trace "testsuite.at:6060"
( $at_check_trace; sed 's/^Subject:/Subject: tag/' mail2 > mail3
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6060"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >test.example <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctls <<'_ATEOF'
Msealmsg
uauthsmtp
iuser@test.example
OTCPREMOTEIP=192.0.2.3
_ATEOF

cat >batch <<'_ATEOF'
test4
mail3
ctls


exit
_ATEOF


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6072: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:6072"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@test.example with domain test.example, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6072"
$at_failed && at_fn_log_failure
$at_traceon; }


# modify sealed message, so it won't verify
cat >footer <<'_ATEOF'

--
footer added after sealing
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6085: cat footer >> mail3"
at_fn_check_prepare_trace "testsuite.at:6085"
( $at_check_trace; cat footer >> mail3
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6085"
$at_failed && at_fn_log_failure
$at_traceon; }



# receive and verify
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6089: echo \"Received: from test.example by example.net with ESMTP\" > mail4"
at_fn_check_prepare_trace "testsuite.at:6089"
( $at_check_trace; echo "Received: from test.example by example.net with ESMTP" > mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6089"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6090: cat mail3 >> mail4"
at_fn_check_prepare_trace "testsuite.at:6090"
( $at_check_trace; cat mail3 >> mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6090"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverify3
usmtp
OTCPREMOTEIP=192.0.2.4
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail4
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6101: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6101"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verify3: verify msg from 192.0.2.4 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.4: verified: spf=pass, dkim=fail (id=example.com, signature verification failed, stat=1), arc=fail (id=test.example, Top (i=1) AMS failed: body hash mismatch)
INFO:zdkimfilter[0]:ip=192.0.2.4: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6101"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6111: head -24 mail4"
at_fn_check_prepare_trace "testsuite.at:6111"
( $at_check_trace; head -24 mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=example.com;
  arc=fail (1 set(s)) smtp.remote-ip=192.0.2.4
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=test.example; s=s; t=1671190000;
	b=kWOPTKGWvvWhT31oerW5k4TAqLPnFQZQr7Zo9xEQaV0fJYdXrj+HdbIEatS5hpSGR
	 KAUXa5noSL3eoRy+gT8m2TFwlqZl3iHTpoXRags1iUBAIcbnF1AD4T8Tcaqg8kP9ns
	 PHSvIClkr2/xqNWCd5k4xpTz+/n6AXiXB1pgbwYs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=WnPXxvD85E/0WzZXA3A8tZf7pO2RQkye+AFrW9gtuZPLTc27y91UcSxBLl9FVI8d5
	 XSpuB/GDoJpedjgr4fAx9f59+D1gHgChUDkv8s/kicxqUa3KT/WEOaYEdXvb/vCo6+
	 yFv7Hv+/stvMk/2mPhTds+ZofX59ngzmYuZNyJAg=
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6111"
$at_failed && at_fn_log_failure
$at_traceon; }



cat >example.net <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >ctls <<'_ATEOF'
Msealmsg
uauthsmtp
iuser@example.net
_ATEOF

cat >batch <<'_ATEOF'
test2
test4
mail4
ctls


exit
_ATEOF


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6150: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch" "testsuite.at:6150"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --do-seal --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=sealmsg: sealing for user@example.net with domain example.net, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=sealmsg: ARC sealing after i=1 test.example
INFO:zdkimfilter[0]:id=sealmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6150"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6159: head -24 mail4"
at_fn_check_prepare_trace "testsuite.at:6159"
( $at_check_trace; head -24 mail4
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=fail smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=mfkzvBHVy2Jx55LryXnA0Hp7AaEVvZ/N6UnDs6GgN3Q=;
	h=Date:From:To:Subject;
	b=O4ai44nPNEZ1dZ2/VYJrIzbiXq4J1IAGpiCAGzv3UUEncoNNni1adxmxx+7KH83yJ
	 PVD0EHyWyiAOYZmktwnoJhTFGXTaqFZvY3AwjWBkZBa3aP9Z+O1o0YUXP7jP5TDEw3
	 MqXv5ePFF2dYyX6nXaSdfVWeyKCS83Y13YAyURII=
ARC-Seal: i=2; a=rsa-sha256; cv=fail; d=example.net; s=s; t=1671190000;
	b=e2eKB5lRp4ovOR2+H9WrxjBOrkum0A2jXPgJltSyONdXi9vjUNFJrYNBxD7KRbVua
	 TiSrhPoW0AivQ2D4VyBwvGHthSGNCYh8D7PnE+hXGp7xkau01WFAEhGjbAAvyT1XLX
	 Vsj38dzkrQ1N4VJI8RsnzPOoaVsgi+pcq9wwHcrw=
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6159"
$at_failed && at_fn_log_failure
$at_traceon; }


# receive and verify
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6187: echo \"Received: from example.net by example.org with ESMTP\" > mail5"
at_fn_check_prepare_trace "testsuite.at:6187"
( $at_check_trace; echo "Received: from example.net by example.org with ESMTP" > mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6187"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6188: cat mail4 >> mail5"
at_fn_check_prepare_trace "testsuite.at:6188"
( $at_check_trace; cat mail4 >> mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6188"
$at_failed && at_fn_log_failure
$at_traceon; }

cat >ctlv <<'_ATEOF'
Mverify4
usmtp
OTCPREMOTEIP=192.0.2.12
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail5
ctlv


exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6199: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6199"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verify4: verify msg from 192.0.2.12 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.12: verified: spf=pass, dkim=fail (id=example.com, signature verification failed, stat=1), arc=fail (2 set(s), Inconsistent ARC chain)
INFO:zdkimfilter[0]:ip=192.0.2.12: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6199"
$at_failed && at_fn_log_failure
$at_traceon; }


{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6209: head -19 mail5"
at_fn_check_prepare_trace "testsuite.at:6209"
( $at_check_trace; head -19 mail5
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.org;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail (signature verification failed) header.d=example.com;
  arc=fail (2 set(s)) smtp.remote-ip=192.0.2.12
Received: from example.net by example.org with ESMTP
ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=fail smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=mfkzvBHVy2Jx55LryXnA0Hp7AaEVvZ/N6UnDs6GgN3Q=;
	h=Date:From:To:Subject;
	b=O4ai44nPNEZ1dZ2/VYJrIzbiXq4J1IAGpiCAGzv3UUEncoNNni1adxmxx+7KH83yJ
	 PVD0EHyWyiAOYZmktwnoJhTFGXTaqFZvY3AwjWBkZBa3aP9Z+O1o0YUXP7jP5TDEw3
	 MqXv5ePFF2dYyX6nXaSdfVWeyKCS83Y13YAyURII=
ARC-Seal: i=2; a=rsa-sha256; cv=fail; d=example.net; s=s; t=1671190000;
	b=e2eKB5lRp4ovOR2+H9WrxjBOrkum0A2jXPgJltSyONdXi9vjUNFJrYNBxD7KRbVua
	 TiSrhPoW0AivQ2D4VyBwvGHthSGNCYh8D7PnE+hXGp7xkau01WFAEhGjbAAvyT1XLX
	 Vsj38dzkrQ1N4VJI8RsnzPOoaVsgi+pcq9wwHcrw=
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6209"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_166
#AT_START_167
at_fn_group_banner 167 'testsuite.at:6234' \
  "Detect bad ARC chains" "                          "
at_xfail=no
(
  printf "%s\n" "167. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
report_all_sigs
sign_hfields Date From To Subject

_ZEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.test.example v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
s._domainkey.example.net v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctl


exit
_ATEOF

cat >ctl <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF


cat >mail <<'_ATEOF'
Received: from example.net by example.org with ESMTP
ARC-Authentication-Results: i=3; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=pass header.oldest-pass=0 smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=jFKb9TjMneMjjUzNSLV0yThCSQd+DUDAs0wF2flLC5E=;
	h=Date:From:To:Subject;
	b=aazz9WMASTPy9Cf7luZg2N1Of+uNB3Ve3teGrrt+P1WdLxfM/ZyJwDkUpfwgJCr9W
	 PYOUdnnMbSMRt5UYcYIta84yvkLqnoSvvmr81Y2sljw5TQkPoLumzCsC7A+D3rhW7P
	 ZU7aAAhz3L7NmMrfjr41fp9c0OTJcMo+JVVpsDuU=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=example.net; s=s; t=1671190000;
	b=EKt+VfE1K5Qyo4nU9SlJLXilQzZ7O11VPxSxXxNiKv1DVuBwVGFdMC45kX6x3S/T3
	 ae4U+UNkNZVItMp50QxH416Dw0mLzPzJtZPVm37MR5Wy8o5T2Fi1gvP9gX2vLRBmbG
	 JLC/ZB9hSznnu4Bc5xTEh5rqDYnSywX9b9hR3MHc=
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=test.example; s=s; t=1671190000;
	b=kWOPTKGWvvWhT31oerW5k4TAqLPnFQZQr7Zo9xEQaV0fJYdXrj+HdbIEatS5hpSGR
	 KAUXa5noSL3eoRy+gT8m2TFwlqZl3iHTpoXRags1iUBAIcbnF1AD4T8Tcaqg8kP9ns
	 PHSvIClkr2/xqNWCd5k4xpTz+/n6AXiXB1pgbwYs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=WnPXxvD85E/0WzZXA3A8tZf7pO2RQkye+AFrW9gtuZPLTc27y91UcSxBLl9FVI8d5
	 XSpuB/GDoJpedjgr4fAx9f59+D1gHgChUDkv8s/kicxqUa3KT/WEOaYEdXvb/vCo6+
	 yFv7Hv+/stvMk/2mPhTds+ZofX59ngzmYuZNyJAg=
Original-Subject: Test multiple signatures
Author: Author <user@author.example>
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Old-Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6294: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6294"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: missing or incomplete ARC set at instance 2
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0), arc=fail (3 set(s), Inconsistent ARC chain)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6294"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6304: head -5 mail"
at_fn_check_prepare_trace "testsuite.at:6304"
( $at_check_trace; head -5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.org;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com;
  arc=fail (3 set(s)) smtp.remote-ip=192.0.2.1
Received: from example.net by example.org with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6304"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from example.net by example.org with ESMTP
ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=pass header.oldest-pass=0 smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=kFKb9TjMneMjjUzNSLV0yThCSQd+DUDAs0wF2flLC5E=;
	h=Date:From:To:Subject;
	b=aazz9WMASTPy9Cf7luZg2N1Of+uNB3Ve3teGrrt+P1WdLxfM/ZyJwDkUpfwgJCr9W
	 PYOUdnnMbSMRt5UYcYIta84yvkLqnoSvvmr81Y2sljw5TQkPoLumzCsC7A+D3rhW7P
	 ZU7aAAhz3L7NmMrfjr41fp9c0OTJcMo+JVVpsDuU=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=example.net; s=s; t=1671190000;
	b=EKt+VfE1K5Qyo4nU9SlJLXilQzZ7O11VPxSxXxNiKv1DVuBwVGFdMC45kX6x3S/T3
	 ae4U+UNkNZVItMp50QxH416Dw0mLzPzJtZPVm37MR5Wy8o5T2Fi1gvP9gX2vLRBmbG
	 JLC/ZB9hSznnu4Bc5xTEh5rqDYnSywX9b9hR3MHc=
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	s=s; t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=test.example; s=s; t=1671190000;
	b=kWOPTKGWvvWhT31oerW5k4TAqLPnFQZQr7Zo9xEQaV0fJYdXrj+HdbIEatS5hpSGR
	 KAUXa5noSL3eoRy+gT8m2TFwlqZl3iHTpoXRags1iUBAIcbnF1AD4T8Tcaqg8kP9ns
	 PHSvIClkr2/xqNWCd5k4xpTz+/n6AXiXB1pgbwYs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=WnPXxvD85E/0WzZXA3A8tZf7pO2RQkye+AFrW9gtuZPLTc27y91UcSxBLl9FVI8d5
	 XSpuB/GDoJpedjgr4fAx9f59+D1gHgChUDkv8s/kicxqUa3KT/WEOaYEdXvb/vCo6+
	 yFv7Hv+/stvMk/2mPhTds+ZofX59ngzmYuZNyJAg=
Original-Subject: Test multiple signatures
Author: Author <user@author.example>
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Old-Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6350: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6350"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0), arc=fail (id=example.net, ARC-Seal at i=2 failed: signature verification failed)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6350"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6359: head -5 mail"
at_fn_check_prepare_trace "testsuite.at:6359"
( $at_check_trace; head -5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.org;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com;
  arc=fail (2 set(s)) smtp.remote-ip=192.0.2.1
Received: from example.net by example.org with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6359"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >mail <<'_ATEOF'
Received: from example.net by example.org with ESMTP
ARC-Authentication-Results: i=2; example.net;
  spf=pass smtp.mailfrom=sender.example;
  dkim=fail header.d=example.com;
  arc=pass header.oldest-pass=0 smtp.remote-ip=192.0.2.4
ARC-Message-Signature: i=2; a=rsa-sha256; c=simple/simple; d=example.net;
	s=s; t=1671190000; bh=jFKb9TjMneMjjUzNSLV0yThCSQd+DUDAs0wF2flLC5E=;
	h=Date:From:To:Subject;
	b=aazz9WMASTPy9Cf7luZg2N1Of+uNB3Ve3teGrrt+P1WdLxfM/ZyJwDkUpfwgJCr9W
	 PYOUdnnMbSMRt5UYcYIta84yvkLqnoSvvmr81Y2sljw5TQkPoLumzCsC7A+D3rhW7P
	 ZU7aAAhz3L7NmMrfjr41fp9c0OTJcMo+JVVpsDuU=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=example.net; s=s; t=1671190000;
	b=EKt+VfE1K5Qyo4nU9SlJLXilQzZ7O11VPxSxXxNiKv1DVuBwVGFdMC45kX6x3S/T3
	 ae4U+UNkNZVItMp50QxH416Dw0mLzPzJtZPVm37MR5Wy8o5T2Fi1gvP9gX2vLRBmbG
	 JLC/ZB9hSznnu4Bc5xTEh5rqDYnSywX9b9hR3MHc=
Received: from test.example by example.net with ESMTP
ARC-Authentication-Results: i=1; test.example;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=HH0cg8+r7uiOL5ZOyqmKUhR1No5RR4TQUYBuX+8tpFfnixo3Ui2GROm6lSL4BORtZ
	 bBCd6sj9Aw/LiJeSJJnnHItXagFgB4X+AT/zsYVLmIqGbVeD2fQEgoK1LQFKq+1fSl
	 KQguFsBdwQMvPjHFhkusNZ9yeHGpEcUcpxtjVGT4=
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=test.example; s=s; t=1671190000;
	b=kWOPTKGWvvWhT31oerW5k4TAqLPnFQZQr7Zo9xEQaV0fJYdXrj+HdbIEatS5hpSGR
	 KAUXa5noSL3eoRy+gT8m2TFwlqZl3iHTpoXRags1iUBAIcbnF1AD4T8Tcaqg8kP9ns
	 PHSvIClkr2/xqNWCd5k4xpTz+/n6AXiXB1pgbwYs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=s;
	t=1671190000; bh=L8QGcsUoP9USzqJEAQJWO+T54ucacbfWHYBLHXpfgpM=;
	h=Date:From:To:Subject;
	b=WnPXxvD85E/0WzZXA3A8tZf7pO2RQkye+AFrW9gtuZPLTc27y91UcSxBLl9FVI8d5
	 XSpuB/GDoJpedjgr4fAx9f59+D1gHgChUDkv8s/kicxqUa3KT/WEOaYEdXvb/vCo6+
	 yFv7Hv+/stvMk/2mPhTds+ZofX59ngzmYuZNyJAg=
Original-Subject: Test multiple signatures
Author: Author <user@author.example>
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Old-Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is going to be signed by multiple signers:
author, sender, and other. The filter only reports
one signature: the first valid one in the order
1) author,
2) sender, and
3) other

Note that to distinguish the sender we need a valid
SPF record. We relay on Courier's SPF checking for that.
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6405: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6405"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
ERR:zdkimfilter[0]:ip=192.0.2.1: bad header field \"ARC-Message-Signature: i=1; a=rsa-sha256; c=simple/simple; d=test.example;...\": missing parameter(s) in ARC-Message-Signature data
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0), arc=fail (2 set(s), Inconsistent ARC chain)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6405"
$at_failed && at_fn_log_failure
$at_traceon; }

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6415: head -5 mail"
at_fn_check_prepare_trace "testsuite.at:6415"
( $at_check_trace; head -5 mail
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "Authentication-Results: example.org;
  spf=pass smtp.mailfrom=sender.example;
  dkim=pass header.d=example.com;
  arc=fail (2 set(s)) smtp.remote-ip=192.0.2.1
Received: from example.net by example.org with ESMTP
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6415"
$at_failed && at_fn_log_failure
$at_traceon; }



# Hanno's check

cat >KEYFILE <<'_ATEOF'
arcselector9901._domainkey.microsoft.com v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohCECx8ACVIj42taMc8G2ljiDmsboUW4mgasOg3/2Ay1D37DwK0CE1aok6x0x6dQ4FC/NGdeksPjT/ZLYH+zwwUvElJwd8adtZK4E7AT9Rzr6WPtTiFHi87em6n12HTvp8plpGHXnm8vdFrTxcCUguwUBzbe6MB12Dc3vSURcOUqfa6Dlj/6cNehl+PMonqlLxOl2KmpTJ/Vy9jhdFOu50xEhXIT5ocOa4tX12hfoMpZfBW6iU5QIyvnEFkJuF8Ibs7Hhr7Ec1GZc6tgOd5uNTAnnvh+xiYs8e722H5iDecMsBzj+I9U+CBY1ACwY9hTC1UDNu3xS+WKQNgvnifdIQIDAQAB
whatever.x domain exists
whatever.0 domain exists
_ATEOF


cat >mail <<'_ATEOF'
Received: from example.net by example.org with ESMTP
ARC-Seal: i=3;a=rsa-sha256;s=arcselector9901;d=microsoft.com;cv=pass;b=xxxx
ARC-Message-Signature: i=3;a=;c=;d=;s=;h=;bh=;b=
ARC-Authentication-Results: i=3
ARC-Seal: i=2;a=;s=;d=; cv=pass; b=xxxx
ARC-Message-Signature: i=2;a=;c=;d=;s=;h=;bh=;b=
ARC-Authentication-Results: i=2
ARC-Seal: i=1;a=rsa-sha256;s=arcselector9901;d=microsoft.com;cv=none;b=xxxx
ARC-Message-Signature:i=1;a=;c=;d=;s=;h=;bh=;b=
ARC-Authentication-Results: i=1
From: <x@x>
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6444: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6444"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: arc=fail (id=microsoft.com, ARC-Seal at i=1 failed: signature verification failed)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6444"
$at_failed && at_fn_log_failure
$at_traceon; }


# Another Hanno's check

cat >mail <<'_ATEOF'
Received: by 0 with
DKIM-Signature:v=;a=;d=0;s=;h=;b=
From:<0@0>
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6460: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-write --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-write --batch-test <batch" "testsuite.at:6460"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf --no-write --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: ignoring signature by 0: selector tag empty
INFO:zdkimfilter[0]:ip=192.0.2.1: all signatures ignored by caller
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 not filtered.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 not filtered.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6460"
$at_failed && at_fn_log_failure
$at_traceon; }


  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_167
#AT_START_168
at_fn_group_banner 168 'testsuite.at:6476' \
  "Sign and verify message with no body" "           "
at_xfail=no
(
  printf "%s\n" "168. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >zftest.conf <<'_ZEOF'
verbose = 6
domain_keys = .
tmp = .
no_signlen

trust_a_r
add_auth_pass
sign_hfields Date From To Subject

_ZEOF

cat >example.com <<'_ATEOF'
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk
5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9
GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
AoGARPaCa4eHJWQnF2MwB2cQD7MdUsizx6GFs5ms9bGxxwyknTmmT2PA/rFEYjb+
V8PmTCu4Y/Nk88IzgXTfJ8pN6GfnN1O0qMTUoMuHTf/LMWT/WsFstjiuuFCQddBz
xVyup6Rnl30mYU5WE0PheUTG0AVbzMn2Aj/SEYXlEYPnENECQQDbsLlcEitqnj+i
ipFz9H5RnfoDC4pFHSSqMlddYIA9e2DoNdxjU275eyt2g2p9hQMMXdB7LnoyFeHz
jeRpK3RlAkEAxsj5uOvBctleM2ERPPXTm0nYUWSH4aPZkE/olThgQMogTwSQc6vI
M6RkzKfF5Dr5g/b2kyoZhxIvdtUcPzfGVwJBALrZaA3C9mJMDdt095kjzXwlXMrS
OdvmmZSYFG468VdZZGabyMJB6BUQiTrXMu9m/dy6veLG+O84ZWD8wdQhPXECQBf4
nlyVWXOfEMQDXY/LWSQtyH8wL06fcpn7eOGdtcW6WiENPNomCfNoTJt9U9jM38/x
FRT0C7YFFGIxGsHo2OsCQF2PGJ3yKn2l9VX+M6qj4hE+POdgnJLqNMp5kRIBj9De
rlKqG0nWxNFVhVzXsgeNUTDCmVm3cdODa94wXn9WNvY=
-----END RSA PRIVATE KEY-----
_ATEOF



cat >mail <<'_ATEOF'
Received: from server.example by test.example with ESMTP
Received-SPF: pass SPF=MAILFROM sender=someone@sender.example;
Received-SPF: pass SPF=HELO sender=server.sender.example;
Authentication-Results: (with a (nested) comment) mail.example.com; none
Received: from mail.example.com by server.example with ESMTPA
Message-ID: <123456@author.example>
Date: Mon, 08 Feb 2010 13:12:55 +0100
From: Author <user@author.example>
MIME-Version: 1.0
To: (undisclosed recipients)
Subject: Test multiple signatures
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
_ATEOF

cat >ctls <<'_ATEOF'
Msignmsg
uauthsmtp
iuser@example.com
OTCPREMOTEIP=192.0.2.9
_ATEOF

cat >batch <<'_ATEOF'
mail
ctls



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6492: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6492"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=signmsg: signing for user@example.com with domain example.com, selector s, rsa-sha256
INFO:zdkimfilter[0]:id=signmsg: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6492"
$at_failed && at_fn_log_failure
$at_traceon; }

# make a modified copy of mail for later
{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6501: sed '/^Authentication-Results:/s/^/Old-/' mail > mail2"
at_fn_check_prepare_trace "testsuite.at:6501"
( $at_check_trace; sed '/^Authentication-Results:/s/^/Old-/' mail > mail2
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6501"
$at_failed && at_fn_log_failure
$at_traceon; }

# verify mail normally
cat >ctlv <<'_ATEOF'
Mverifymsg
usmtp
OTCPREMOTEIP=192.0.2.1
_ATEOF

cat >KEYFILE <<'_ATEOF'
s._domainkey.example.com v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqlye7m5zLLXoIpBp2OO05LNMqKu0zKowoHOpyRpviOVqOaNCk5uZ+wY00JwrKbt5u1G1ghuXsFkFkl0h00LBurz7ivyZH3LohSWOZ8okgR+8kuGu9GHtQ+MqgRd16tlCF8PlWS2kGaBQKua1zk+ZCDwFy82Uo5G21nu/+Nn2sUwIDAQAB
whatever.author.example domain exists
_ATEOF

cat >POLICYFILE <<'_ATEOF'
dkim=unknown
_ATEOF

cat >batch <<'_ATEOF'
test2
test3
mail
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6518: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6518"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by example.com: please check ALLOW_EXCLUSIVE is set
INFO:zdkimfilter[0]:ip=192.0.2.1: Authentication-Results by mail.example.com: empty
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6518"
$at_failed && at_fn_log_failure
$at_traceon; }

# now repeat the test with modified mail
cat >batch <<'_ATEOF'
test2
test3
mail2
ctlv



exit
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6536: \$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch"
at_fn_check_prepare_dynamic "$VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch" "testsuite.at:6536"
( $at_check_trace; $VALGRIND_AND_OPTS zdkimfilter -f zftest.conf  --batch-test <batch
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; printf "%s\n" "INFO:zdkimfilter[0]:id=verifymsg: verify msg from 192.0.2.1 -- (null)
INFO:zdkimfilter[0]:ip=192.0.2.1: verified: spf=pass, dkim=pass (id=example.com, stat=0)
INFO:zdkimfilter[0]:ip=192.0.2.1: response: 250 Ok.
" | \
  $at_diff - "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "250 Ok.
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6536"
$at_failed && at_fn_log_failure
$at_traceon; }

  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_168
#AT_START_169
at_fn_group_banner 169 'testsuite.at:6547' \
  "Tree Walk definitions" "                          "
at_xfail=no
(
  printf "%s\n" "169. $at_setup_line: testing $at_desc ..."
  $at_traceon

cat >KEYFILE <<'_ATEOF'
_dmarc.a.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.c.d.e.f.g.h.i v=DMARC1;
_dmarc.d.e.f.g.h.i v=DMARC1;
_dmarc.e.f.g.h.i v=DMARC1;
_dmarc.f.g.h.i v=DMARC1;
_dmarc.g.h.i v=DMARC1;
_dmarc.h.i v=DMARC1;
_dmarc.i v=DMARC1;
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6559: TESTtreewalk -f a.b.c.d.e.f.g.h.i i"
at_fn_check_prepare_trace "testsuite.at:6559"
( $at_check_trace; TESTtreewalk -f a.b.c.d.e.f.g.h.i i
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "7 domains, 7 records:
0: POLICY  a.b.c.d.e.f.g.h.i
1:  d.e.f.g.h.i
2:  e.f.g.h.i
3:  f.g.h.i
4:  g.h.i
5:  h.i
6: ORG  i
effective p: n
i IS aligned with a.b.c.d.e.f.g.h.i
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6559"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >KEYFILE <<'_ATEOF'
_dmarc.a.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.c.d.e.f.g.h.i v=DMARC1;
_dmarc.d.e.f.g.h.i v=DMARC1;
_dmarc.e.f.g.h.i v=DMARC1; psd=n
_dmarc.f.g.h.i v=DMARC1;
_dmarc.g.h.i v=DMARC1;
_dmarc.h.i v=DMARC1;
_dmarc.i v=DMARC1;
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6583: TESTtreewalk -f a.b.c.d.e.f.g.h.i i"
at_fn_check_prepare_trace "testsuite.at:6583"
( $at_check_trace; TESTtreewalk -f a.b.c.d.e.f.g.h.i i
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "7 domains, 7 records:
0: POLICY  a.b.c.d.e.f.g.h.i
1:  d.e.f.g.h.i
2: ORG  e.f.g.h.i
3:  f.g.h.i
4:  g.h.i
5:  h.i
6:  i
effective p: n
i IS NOT aligned with a.b.c.d.e.f.g.h.i
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6583"
$at_failed && at_fn_log_failure
$at_traceon; }


cat >KEYFILE <<'_ATEOF'
_dmarc.a.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.b.c.d.e.f.g.h.i v=DMARC1;
_dmarc.c.d.e.f.g.h.i v=DMARC1;
_dmarc.d.e.f.g.h.i v=DMARC1;
_dmarc.e.f.g.h.i v=DMARC1;
_dmarc.f.g.h.i v=DMARC1; psd=y
_dmarc.g.h.i v=DMARC1;
_dmarc.h.i v=DMARC1;
_dmarc.i v=DMARC1;
_ATEOF

{ set +x
printf "%s\n" "$at_srcdir/testsuite.at:6607: TESTtreewalk -f a.b.c.d.e.f.g.h.i i"
at_fn_check_prepare_trace "testsuite.at:6607"
( $at_check_trace; TESTtreewalk -f a.b.c.d.e.f.g.h.i i
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo >>"$at_stdout"; printf "%s\n" "7 domains, 7 records:
0: POLICY  a.b.c.d.e.f.g.h.i
1:  d.e.f.g.h.i
2: ORG  e.f.g.h.i
3:  f.g.h.i
4:  g.h.i
5:  h.i
6:  i
effective p: n
i IS NOT aligned with a.b.c.d.e.f.g.h.i
" | \
  $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/testsuite.at:6607"
$at_failed && at_fn_log_failure
$at_traceon; }


  set +x
  $at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
#AT_STOP_169
