||Allow references to key records formatted for DomainKeys (RFC4870).
This means a key record retrieved from DNS that has no "v=" tag
will be treated slightly differently; specifically, an empty "g="
tag in the key matches all senders (the DomainKeys way) rather than
no senders (the DKIM way). This flag has no other effect.
||Accept signatures with version strings of "0.5", i.e. those which
were based on some draft versions of the DKIM specification. Note that
this does not change or relax the rules applied by this implementation,
and thus these older signatures still may not verify due to evolutions
of the specification that took place during the use of that version
||Create DKIM_SIGINFO handles even for signatures that had syntax errors.
This also means
dkim_chunk() will not return
a syntax error code when it encounters a DKIM signature with a syntax
error in it.
||Maintain a local cache of retrieved key records, rather
than relying on the DNS servers to do so. May improve performance
if, for example, the DNS server is not local. Requires that libopendkim
be compiled with the QUERY_CACHE option since doing so
adds a library dependency to the build.
||Normally the key retrieval and public key validation takes place in
the dkim_eoh() function, and
the body hash verification takes place in
dkim_eom() function. Setting
this flag delays all processing of signatures until dkim_eom().
This means the caller will be unable to evaluate signature validity
on completion of dkim_eoh() and will have to wait until
after dkim_eom() (or the final processing callback if such
||If a caller attempts to generate a signature for which a specific
signer address is requested and the domain of the signer is not the
same as or a subdomain of the signing domain, the default behaviour
is to return an error from
dkim_gensighdr() since a
signature thus generated would violate the DKIM specification. If
this flag is set, the signature will still be generated but the "i="
tag will be omitted so the signature is still compliant.
||Perform a signature check at the end of
This will cause dkim_eoh() to return an error code if no
useable signatures were found in the message.
||Convert "naked" CR and LF characters into CRLFs when canonicalizing.
||Keep temporary files for manual debugging purposes. (Also requires that
DKIM_LIBFLAGS_TMPFILES be set.)
||When doing the ADSP query, a response that is a syntax error will by
default be ignored. Setting this flag causes an error to be returned.
This can be common when, for example, wildcard TXT records are used to
publish other data.
||Includes an "r=y" tag in generated signatures, requesting participating
verifiers send back forensic information about the verified message
when validation fails. Useful for debugging signature validation
||When signing messages, include in the signature the number of bytes
that were canonicalized even when a length limit wasn't specified
by the caller.
||Refuse to sign or verify a message that doesn't conform to the header
field count rules specified in RFC5322 Section 3.6, and have a properly
formed From field. Other checks may also be enforced in the future.
||Refuse to generate a signature from a signing handle bound to a
verifying handle (see dkim_resign())
if the verifying handle yielded no valid signatures.
||Make temporary files for debugging purposes. See
for an example of how this might be useful.
||When verifying, only process signatures until the first good one
is found (by default, all of them will be attempted).
||Include the original header set encoded into a "z=" tag in the
signature for diagnostic use by the receiver.