[Minor] Dkim_signing: correct is_skip_sign logic

If any of "sign_networks", "auth_only", or "sign_local" are disabled,
then it should not automatically proceed with signing if the enabled
conditions all fail. For example, if only the auth_only setting is
enabled, and is_authed is false, then signing should be skipped.

An earlier check luckily prevents this correctness issue from being
exploitable ("ignoring unauthenticated mail"), but fix the logic anyway.

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 90bff13d5077d5d27f81e275e994f0bd796e0486..42b59567075324b28502dc85f6c0b0789969f7cb 100644 (file)
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,9 +211,9 @@ local function prepare_dkim_signing(N, task, settings)
   end
 
   local function is_skip_sign()
-    return (settings.sign_networks and not is_sign_networks) and
-        (settings.auth_only and not is_authed) and
-        (settings.sign_local and not is_local)
+    return not (settings.sign_networks and is_sign_networks) and
+        not (settings.auth_only and is_authed) and
+        not (settings.sign_local and is_local)
   end
 
   if hdom then