From: Art Cancro <ajc@citadel.org>
Date: Wed, 22 May 2024 03:24:53 +0000 (+0000)
Subject: Remove preprocessor tests for OpenSSL.  It's a requirement.
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=HEAD;hp=fd9570c14521f696cccaaf8b8e7e0fa75cfddc2a

Remove preprocessor tests for OpenSSL.  It's a requirement.
---

diff --git a/citadel/configure b/citadel/configure
index ad136e3ac..381a2544c 100755
--- a/citadel/configure
+++ b/citadel/configure
@@ -74,7 +74,6 @@ int main(int argc, char **argv) {
 }
 !
 $CC $CFLAGS $CPPFLAGS $tempcc -o $tempfile $LDFLAGS -lssl -lcrypto && $tempfile >/dev/null 2>&1 && {
-	CFLAGS=${CFLAGS}' -DHAVE_OPENSSL'
 	LDFLAGS=${LDFLAGS}' -lssl -lcrypto -lz'
 } || {
 	echo Citadel Server requires OpenSSL which is not present.
diff --git a/citadel/dumploadtest.sh b/citadel/dumploadtest.sh
index 7179f3991..835986ec7 100755
--- a/citadel/dumploadtest.sh
+++ b/citadel/dumploadtest.sh
@@ -1,20 +1,31 @@
 #!/bin/bash
 
-
 # This script dumps the database, deletes the database, loads the database, dumps it again...
 # ...and then compares the two dumps to see if we have full fidelity between them.
 #
 # Did you read that correctly?  Yes, it will DELETE your database.  So don't run this.
 
-exit 0		# In fact, here's an exit statement you must delete before you can even run it.
+
+if [ "${YES_DELETE_MY_DATABASE}" != '' ] ; then
+	echo Ah, I see you have set YES_DELETE_MY_DATABASE to a non-empty value.
+	echo The dump and load test will now proceed.
+else
+	echo 'This script dumps the database, deletes the database, loads the database, dumps it again...'
+	echo '...and then compares the two dumps to see if we have full fidelity between them.'
+	echo 'Did you read that correctly?  Yes, it will DELETE your database.'
+	echo 'If this is really what you want, set the environment variable YES_DELETE_MY_DATABASE'
+	echo 'to a non-empty value, and run it again.'
+	exit 0
+fi
 
 ps ax | grep citserver | grep -v grep >/dev/null 2>/dev/null && {
-	echo dont do this while the server is running
+	echo Do not do this while the server is running.
 	exit 1
 }
 
 ./ctdldump -y >dump.dat
 first=$(md5sum dump.dat | awk ' { print $1 } ' )
+
 rm -fv data/*
 ./ctdlload -y <dump.dat
 ./ctdldump -y >dump.dat
diff --git a/citadel/server/citadel_defs.h b/citadel/server/citadel_defs.h
index 4ee0cd060..0ed7a5a63 100644
--- a/citadel/server/citadel_defs.h
+++ b/citadel/server/citadel_defs.h
@@ -21,7 +21,7 @@
 #include "typesize.h"
 #include "ipcdef.h"
 
-#define REV_LEVEL 999		// This version
+#define REV_LEVEL 1000		// This version
 #define REV_MIN		591	// Oldest compatible database
 #define EXPORT_REV_MIN	931	// Oldest compatible export files
 #define LIBCITADEL_MIN	951	// Minimum required version of libcitadel
diff --git a/citadel/server/citserver.c b/citadel/server/citserver.c
index da0865899..a6c950596 100644
--- a/citadel/server/citserver.c
+++ b/citadel/server/citserver.c
@@ -29,24 +29,8 @@ int panic_fd;
 
 // We need pseudo-random numbers for a few things.  Seed generously.
 void seed_random_number_generator(void) {
-	FILE *urandom;
-	struct timeval tv;
-	unsigned int seed;
-
-	syslog(LOG_INFO, "Seeding the pseudo-random number generator...");
-	urandom = fopen("/dev/urandom", "r");
-	if (urandom != NULL) {
-		if (fread(&seed, sizeof seed, 1, urandom) == -1) {
-			syslog(LOG_ERR, "citserver: failed to read random seed: %m");
-		}
-		fclose(urandom);
-	}
-	else {
-		gettimeofday(&tv, NULL);
-		seed = tv.tv_usec;
-	}
-	srand(seed);
-	srandom(seed);
+	syslog(LOG_INFO, "citserver: seeding the pseudo-random number generator");
+	srand(time(NULL) + getpid() + clock());
 }
 
 
@@ -56,10 +40,10 @@ void master_startup(void) {
 	struct passwd *pw;
 	gid_t gid;
 
-	syslog(LOG_DEBUG, "master_startup() started");
+	syslog(LOG_DEBUG, "citserver: master_startup() started");
 	time(&server_startup_time);
 
-	syslog(LOG_INFO, "Checking directory access");
+	syslog(LOG_INFO, "citserver: checking directory access");
 	if ((pw = getpwuid(ctdluid)) == NULL) {
 		gid = getgid();
 	}
@@ -77,13 +61,13 @@ void master_startup(void) {
 	syslog(LOG_DEBUG, "citserver: ctdl_key_dir is %s", ctdl_key_dir);
 	syslog(LOG_DEBUG, "citserver: ctdl_run_dir is %s", ctdl_run_dir);
 
-	syslog(LOG_INFO, "Opening databases");
+	syslog(LOG_INFO, "citserver: opening databases");
 	cdb_init_backends();
 	cdb_open_databases();
 
 	// Load site-specific configuration
 	seed_random_number_generator();					// must be done before config system
-	syslog(LOG_INFO, "Initializing configuration system");
+	syslog(LOG_INFO, "citserver: initializing configuration system");
 	initialize_config_system();
 	validate_config();
 	migrate_legacy_control_record();
@@ -98,7 +82,7 @@ void master_startup(void) {
 	// Check floor reference counts
 	check_ref_counts();
 
-	syslog(LOG_INFO, "Creating base rooms (if necessary)");
+	syslog(LOG_INFO, "citserver: creating base rooms (if necessary)");
 	CtdlCreateRoom(CtdlGetConfigStr("c_baseroom"), 0, "", 0, 1, 0, VIEW_BBS);
 	CtdlCreateRoom(AIDEROOM, 3, "", 0, 1, 0, VIEW_BBS);
 	CtdlCreateRoom(SYSCONFIGROOM, 3, "", 0, 1, 0, VIEW_BBS);
@@ -116,7 +100,7 @@ void master_startup(void) {
 		CtdlPutRoomLock(&qrbuf);
 	}
 
-	syslog(LOG_DEBUG, "master_startup() finished");
+	syslog(LOG_DEBUG, "citserver: master_startup() finished");
 }
 
 
diff --git a/citadel/server/context.c b/citadel/server/context.c
index 6415ce12a..81709b5b5 100644
--- a/citadel/server/context.c
+++ b/citadel/server/context.c
@@ -318,10 +318,7 @@ CitContext *CloneContext(CitContext *CloneMe) {
 	me->MigrateBuf = NULL;
 	me->sMigrateBuf = NULL;
 	me->redirect_buffer = NULL;
-#ifdef HAVE_OPENSSL
 	me->ssl = NULL;
-#endif
-
 	me->download_fp = NULL;
 	me->upload_fp = NULL;
 	me->ma = NULL;
diff --git a/citadel/server/context.h b/citadel/server/context.h
index d28dff7a7..1b207b645 100644
--- a/citadel/server/context.h
+++ b/citadel/server/context.h
@@ -56,10 +56,8 @@ struct CitContext {
 	// Redirect this session's output to a memory buffer?
 	StrBuf *redirect_buffer;		// the buffer
 	StrBuf *StatusMessage;
-#ifdef HAVE_OPENSSL
 	SSL *ssl;
 	int redirect_ssl;
-#endif
 
 	char curr_user[USERNAME_SIZE];	// name of current user
 	int logged_in;		// logged in?
diff --git a/citadel/server/control.c b/citadel/server/control.c
index b3df0ae3f..9be3addeb 100644
--- a/citadel/server/control.c
+++ b/citadel/server/control.c
@@ -636,7 +636,7 @@ void cmd_conf(char *argbuf) {
 			char *valbuf = malloc(bytes + 1);
 			cprintf("%d %d\n", SEND_BINARY, bytes);
 			client_read(valbuf, bytes);
-			valbuf[bytes+1] = 0;
+			valbuf[bytes] = 0;
 			CtdlSetConfigStr(confname, valbuf);
 			free(valbuf);
 		}
diff --git a/citadel/server/internet_addressing.h b/citadel/server/internet_addressing.h
index 16f1a0164..b0e48075c 100644
--- a/citadel/server/internet_addressing.h
+++ b/citadel/server/internet_addressing.h
@@ -22,6 +22,7 @@ int CtdlIsMe(char *addr, int addr_buf_len);
 int CtdlHostAlias(char *fqdn);
 char *harvest_collected_addresses(struct CtdlMessage *msg);
 int is_email_subscribed_to_list(char *email, char *room_name);
+void generate_one_click_url(char *target_buf, char *base_url, char *action, char *roomname, char *emailaddr);
 
 // Values that can be returned by CtdlHostAlias()
 enum {
diff --git a/citadel/server/modules/autocompletion/serv_autocompletion.c b/citadel/server/modules/autocompletion/serv_autocompletion.c
index 413bf472b..822e01aac 100644
--- a/citadel/server/modules/autocompletion/serv_autocompletion.c
+++ b/citadel/server/modules/autocompletion/serv_autocompletion.c
@@ -1,9 +1,6 @@
 // Autocompletion of email recipients, etc.
-//
 // Copyright (c) 1987-2023 by the citadel.org team
-//
-// This program is open source software.  Use, duplication, or disclosure
-// is subject to the terms of the GNU General Public License version 3.
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License version 3.
 
 #include "../../ctdl_module.h"
 #include "serv_autocompletion.h"
diff --git a/citadel/server/modules/bio/serv_bio.c b/citadel/server/modules/bio/serv_bio.c
index 8be817ae6..6ff861551 100644
--- a/citadel/server/modules/bio/serv_bio.c
+++ b/citadel/server/modules/bio/serv_bio.c
@@ -3,9 +3,7 @@
 //
 // Copyright (c) 1987-2022 by the citadel.org team
 //
-// This program is open source software.  Use, duplication, or disclosure
-// is subject to the terms of the GNU General Public License, version 3.
-// The program is distributed without any warranty, expressed or implied.
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License, version 3.
 
 #include <sys/types.h>
 #include <sys/stat.h>
diff --git a/citadel/server/modules/crypto/serv_crypto.c b/citadel/server/modules/crypto/serv_crypto.c
index 5d41fa27c..541479af1 100644
--- a/citadel/server/modules/crypto/serv_crypto.c
+++ b/citadel/server/modules/crypto/serv_crypto.c
@@ -7,11 +7,9 @@
 #include <sys/types.h>
 #include "../../sysdep.h"
 
-#ifdef HAVE_OPENSSL
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#endif
 
 #include <time.h>
 
@@ -32,8 +30,6 @@
 #include "../../config.h"
 #include "../../ctdl_module.h"
 
-#ifdef HAVE_OPENSSL
-
 SSL_CTX *ssl_ctx = NULL;		// This SSL context is used for all sessions.
 char *ssl_cipher_list = CIT_CIPHERS;
 
@@ -609,5 +605,3 @@ void endtls(void) {
 	CC->ssl = NULL;
 	CC->redirect_ssl = 0;
 }
-
-#endif	// HAVE_OPENSSL
diff --git a/citadel/server/modules/crypto/serv_crypto.h b/citadel/server/modules/crypto/serv_crypto.h
index b5ee85d53..4ef8033d5 100644
--- a/citadel/server/modules/crypto/serv_crypto.h
+++ b/citadel/server/modules/crypto/serv_crypto.h
@@ -7,7 +7,6 @@
 // Which ciphers will be offered; see https://www.openssl.org/docs/manmaster/man1/ciphers.html
 #define CIT_CIPHERS	"ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
 
-#ifdef HAVE_OPENSSL
 #define OPENSSL_NO_KRB5		/* work around redhat b0rken ssl headers */
 void init_ssl(void);
 void client_write_ssl (const char *buf, int nbytes);
@@ -19,5 +18,3 @@ void cmd_gtls(char *params);
 void endtls(void);
 void CtdlStartTLS(char *ok_response, char *nosup_response, char *error_response);
 extern SSL_CTX *ssl_ctx;  
-
-#endif
diff --git a/citadel/server/modules/ctdlproto/serv_ctdlproto.c b/citadel/server/modules/ctdlproto/serv_ctdlproto.c
index ae267b596..d5e7ffe61 100644
--- a/citadel/server/modules/ctdlproto/serv_ctdlproto.c
+++ b/citadel/server/modules/ctdlproto/serv_ctdlproto.c
@@ -1,72 +1,56 @@
-/* 
- * Citadel protocol main dispatcher
- *
- * Copyright (c) 1987-2017 by the citadel.org team
- *
- * This program is open source software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- */
+// Citadel protocol main dispatcher
+// Copyright (c) 1987-2024 by the citadel.org team
+// This program is open source software.  Use, duplication, or disclosure are subject to the GNU General Public License v3.
 
 #include <stdio.h>
 #include <libcitadel.h>
-
 #include "../../citserver.h"
 #include "../../ctdl_module.h"
 #include "../../config.h"
-/*
- * This loop recognizes all server commands.
- */
+
+// This loop recognizes all server commands.
 void do_command_loop(void) {
-	struct CitContext *CCC = CC;
 	char cmdbuf[SIZ];
 	
-	time(&CCC->lastcmd);
-	memset(cmdbuf, 0, sizeof cmdbuf); /* Clear it, just in case */
+	time(&CC->lastcmd);
+	memset(cmdbuf, 0, sizeof cmdbuf); // Clear it, just in case
 	if (client_getln(cmdbuf, sizeof cmdbuf) < 1) {
 		syslog(LOG_INFO, "Citadel client disconnected: ending session.");
-		CCC->kill_me = KILLME_CLIENT_DISCONNECTED;
+		CC->kill_me = KILLME_CLIENT_DISCONNECTED;
 		return;
 	}
 
-	/* Log the server command, but don't show passwords... */
-	if ( (strncasecmp(cmdbuf, "PASS", 4)) && (strncasecmp(cmdbuf, "SETP", 4)) ) {
-		syslog(LOG_DEBUG, "[%s(%ld)] %s",
-			CCC->curr_user, CCC->user.usernum, cmdbuf
-		);
+	// Log the server command, but don't show passwords...
+	if (	(strncasecmp(cmdbuf, "PASS", 4))
+		&& (strncasecmp(cmdbuf, "SETP", 4))
+	) {
+		syslog(LOG_DEBUG, "[%s(%ld)] %s", CC->curr_user, CC->user.usernum, cmdbuf);
 	}
 	else {
-		syslog(LOG_DEBUG, "[%s(%ld)] <password command hidden from log>",
-			    CCC->curr_user, CCC->user.usernum
-		);
+		syslog(LOG_DEBUG, "[%s(%ld)] <password command hidden from log>", CC->curr_user, CC->user.usernum);
 	}
 
 	buffer_output();
 
-	/*
-	 * Let other clients see the last command we executed, and
-	 * update the idle time, but not NOOP, QNOP, PEXP, GEXP, RWHO, or TIME.
-	 */
-	if ( (strncasecmp(cmdbuf, "NOOP", 4))
-	   && (strncasecmp(cmdbuf, "QNOP", 4))
-	   && (strncasecmp(cmdbuf, "PEXP", 4))
-	   && (strncasecmp(cmdbuf, "GEXP", 4))
-	   && (strncasecmp(cmdbuf, "RWHO", 4))
-	   && (strncasecmp(cmdbuf, "TIME", 4)) ) {
-		strcpy(CCC->lastcmdname, "    ");
-		safestrncpy(CCC->lastcmdname, cmdbuf, sizeof(CCC->lastcmdname));
-		time(&CCC->lastidle);
+	// Let other clients see the last command we executed, and
+	// update the idle time, but not NOOP, QNOP, PEXP, GEXP, RWHO, or TIME.
+	if (	(strncasecmp(cmdbuf, "NOOP", 4))
+		&& (strncasecmp(cmdbuf, "QNOP", 4))
+		&& (strncasecmp(cmdbuf, "PEXP", 4))
+		&& (strncasecmp(cmdbuf, "GEXP", 4))
+		&& (strncasecmp(cmdbuf, "RWHO", 4))
+		&& (strncasecmp(cmdbuf, "TIME", 4))
+	) {
+		strcpy(CC->lastcmdname, "    ");
+		safestrncpy(CC->lastcmdname, cmdbuf, sizeof(CC->lastcmdname));
+		time(&CC->lastidle);
 	}
 	
-	if ((strncasecmp(cmdbuf, "ENT0", 4))
-	   && (strncasecmp(cmdbuf, "MESG", 4))
-	   && (strncasecmp(cmdbuf, "MSGS", 4)))
-	{
-	   CCC->cs_flags &= ~CS_POSTING;
+	if (	(strncasecmp(cmdbuf, "ENT0", 4))
+		&& (strncasecmp(cmdbuf, "MESG", 4))
+		&& (strncasecmp(cmdbuf, "MSGS", 4))
+	) {
+		CC->cs_flags &= ~CS_POSTING;
 	}
 		   
 	if (!DLoader_Exec_Cmd(cmdbuf)) {
@@ -75,7 +59,7 @@ void do_command_loop(void) {
 
 	unbuffer_output();
 
-	/* Run any after-each-command routines registered by modules */
+	// Run any after-each-command routines registered by modules
 	PerformSessionHooks(EVT_CMD);
 }
 
diff --git a/citadel/server/modules/expire/expire_policy.c b/citadel/server/modules/expire/expire_policy.c
index 32db98ad2..ce302a6b3 100644
--- a/citadel/server/modules/expire/expire_policy.c
+++ b/citadel/server/modules/expire/expire_policy.c
@@ -1,15 +1,6 @@
-/* 
- * Functions which manage expire policy for rooms
- * Copyright (c) 1987-2015 by the citadel.org team
- *
- * This program is open source software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- */
+// Functions which manage expire policy for rooms
+// Copyright (c) 1987-2024 by citadel.org (Art Cancro et al.)
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License, version 3.
 
 #include "../../sysdep.h"
 #include <stdlib.h>
@@ -17,7 +8,6 @@
 #include <stdio.h>
 #include <sys/stat.h>
 #include <string.h>
-
 #include <time.h>
 #include <limits.h>
 #include <libcitadel.h>
@@ -33,21 +23,18 @@
 #include "../../ctdl_module.h"
 #include "../../user_ops.h"
 
-/*
- * Retrieve the applicable expire policy for a specific room
- */
+// Retrieve the applicable expire policy for a specific room
 void GetExpirePolicy(struct ExpirePolicy *epbuf, struct ctdlroom *qrbuf) {
 	struct floor *fl;
 
-	/* If the room has its own policy, return it */	
+	// If the room has its own policy, return it 
 	if (qrbuf->QRep.expire_mode != 0) {
 		memcpy(epbuf, &qrbuf->QRep, sizeof(struct ExpirePolicy));
 		return;
 	}
 
-	/* (non-mailbox rooms)
-	 * If the floor has its own policy, return it
-	 */
+	// (non-mailbox rooms)
+	// If the floor has its own policy, return it
 	if ( (qrbuf->QRflags & QR_MAILBOX) == 0) {
 		fl = CtdlGetCachedFloor(qrbuf->QRfloor);
 		if (fl->f_ep.expire_mode != 0) {
@@ -56,9 +43,8 @@ void GetExpirePolicy(struct ExpirePolicy *epbuf, struct ctdlroom *qrbuf) {
 		}
 	}
 
-	/* (Mailbox rooms)
-	 * If there is a default policy for mailbox rooms, return it
-	 */
+	// (Mailbox rooms)
+	// If there is a default policy for mailbox rooms, return it
 	if (qrbuf->QRflags & QR_MAILBOX) {
 		if (CtdlGetConfigInt("c_mbxep_mode") != 0) {
 			epbuf->expire_mode = CtdlGetConfigInt("c_mbxep_mode");
@@ -67,15 +53,13 @@ void GetExpirePolicy(struct ExpirePolicy *epbuf, struct ctdlroom *qrbuf) {
 		}
 	}
 
-	/* Otherwise, fall back on the system default */
+	// Otherwise, fall back on the system default
 	epbuf->expire_mode = CtdlGetConfigInt("c_ep_mode");
 	epbuf->expire_value = CtdlGetConfigInt("c_ep_value");
 }
 
 
-/*
- * Get Policy EXpire
- */
+// Get Policy EXpire
 void cmd_gpex(char *argbuf) {
 	struct ExpirePolicy exp;
 	struct floor *fl;
@@ -107,9 +91,7 @@ void cmd_gpex(char *argbuf) {
 }
 
 
-/*
- * Set Policy EXpire
- */
+// Set Policy EXpire
 void cmd_spex(char *argbuf) {
 	struct ExpirePolicy exp;
 	struct floor flbuf;
@@ -125,8 +107,7 @@ void cmd_spex(char *argbuf) {
 		return;
 	}
 
-	if ((!strcasecmp(which, strof(roompolicy))) || (!strcasecmp(which, "room")))
-	{
+	if ((!strcasecmp(which, strof(roompolicy))) || (!strcasecmp(which, "room"))) {
 		if (!is_room_aide()) {
 			cprintf("%d Higher access required.\n", ERROR + HIGHER_ACCESS_REQUIRED);
 			return;
@@ -148,8 +129,7 @@ void cmd_spex(char *argbuf) {
 		return;
 	}
 
-	if ((!strcasecmp(which, strof(floorpolicy))) || (!strcasecmp(which, "floor")))
-	{
+	if ((!strcasecmp(which, strof(floorpolicy))) || (!strcasecmp(which, "floor"))) {
 		lgetfloor(&flbuf, CC->room.QRfloor);
 		memcpy(&flbuf.f_ep, &exp, sizeof(struct ExpirePolicy));
 		lputfloor(&flbuf, CC->room.QRfloor);
@@ -157,16 +137,14 @@ void cmd_spex(char *argbuf) {
 		return;
 	}
 
-	else if ((!strcasecmp(which, strof(mailboxespolicy))) || (!strcasecmp(which, "mailboxes")))
-	{
+	else if ((!strcasecmp(which, strof(mailboxespolicy))) || (!strcasecmp(which, "mailboxes"))) {
 		CtdlSetConfigInt("c_mbxep_mode", exp.expire_mode);
 		CtdlSetConfigInt("c_mbxep_value", exp.expire_value);
 		cprintf("%d Default expire policy for mailboxes set.\n", CIT_OK);
 		return;
 	}
 
-	else if ((!strcasecmp(which, strof(sitepolicy))) || (!strcasecmp(which, "site")))
-	{
+	else if ((!strcasecmp(which, strof(sitepolicy))) || (!strcasecmp(which, "site"))) {
 		if (exp.expire_mode == EXPIRE_NEXTLEVEL) {
 			cprintf("%d Invalid policy (no higher level)\n", ERROR + ILLEGAL_VALUE);
 			return;
diff --git a/citadel/server/modules/expire/serv_expire.c b/citadel/server/modules/expire/serv_expire.c
index fe4b60b4a..63b8fc191 100644
--- a/citadel/server/modules/expire/serv_expire.c
+++ b/citadel/server/modules/expire/serv_expire.c
@@ -2,10 +2,9 @@
 //
 // You might also see this module affectionately referred to as TDAP (The Dreaded Auto-Purger).
 //
-// Copyright (c) 1988-2023 by citadel.org (Art Cancro, Wilifried Goesgens, and others)
+// Copyright (c) 1988-2024 by citadel.org (Art Cancro et al.)
 //
-// This program is open source software.  Use, duplication, or disclosure
-// is subject to the terms of the GNU General Public License, version 3.
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License, version 3.
 
 
 #include "../../sysdep.h"
diff --git a/citadel/server/modules/imap/serv_imap.c b/citadel/server/modules/imap/serv_imap.c
index d55971bb5..b9d2a41af 100644
--- a/citadel/server/modules/imap/serv_imap.c
+++ b/citadel/server/modules/imap/serv_imap.c
@@ -429,9 +429,7 @@ void imap_cleanup_function(void) {
 void imap_output_capability_string(void) {
 	IAPuts("CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS");
 
-#ifdef HAVE_OPENSSL
 	if (!CC->redirect_ssl) IAPuts(" STARTTLS");
-#endif
 
 #ifndef DISABLE_IMAP_ACL
 	IAPuts(" ACL");
@@ -516,9 +514,7 @@ void imap_greeting(void) {
  */
 void imaps_greeting(void) {
 	CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
-#ifdef HAVE_OPENSSL
 	if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;		/* kill session if no crypto */
-#endif
 	imap_greeting();
 }
 
@@ -1544,9 +1540,7 @@ char *ctdl_module_init_imap(void) {
 	RegisterImapCMD("LOGIN", "", imap_login, I_FLAG_NONE);
 	RegisterImapCMD("AUTHENTICATE", "", imap_authenticate, I_FLAG_NONE);
 	RegisterImapCMD("CAPABILITY", "", imap_capability, I_FLAG_NONE);
-#ifdef HAVE_OPENSSL
 	RegisterImapCMD("STARTTLS", "", imap_starttls, I_FLAG_NONE);
-#endif
 
 	/* The commans below require a logged-in state */
 	RegisterImapCMD("SELECT", "", imap_select, I_FLAG_LOGGED_IN);
@@ -1584,9 +1578,7 @@ char *ctdl_module_init_imap(void) {
 
 	if (!threading) {
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_imap_port"), NULL, imap_greeting, imap_command_loop, NULL, CitadelServiceIMAP);
-#ifdef HAVE_OPENSSL
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_imaps_port"), NULL, imaps_greeting, imap_command_loop, NULL, CitadelServiceIMAPS);
-#endif
 		CtdlRegisterSessionHook(imap_cleanup_function, EVT_STOP, PRIO_STOP + 30);
 	}
 	
diff --git a/citadel/server/modules/inetcfg/serv_inetcfg.c b/citadel/server/modules/inetcfg/serv_inetcfg.c
index 19e5fd9f4..1691f0f10 100644
--- a/citadel/server/modules/inetcfg/serv_inetcfg.c
+++ b/citadel/server/modules/inetcfg/serv_inetcfg.c
@@ -34,12 +34,13 @@
 #include "../../genstamp.h"
 #include "../../domain.h"
 #include "../../ctdl_module.h"
+#include "../smtp/smtp_util.h"
 
 
 void inetcfg_setTo(struct CtdlMessage *msg) {
 	char *conf;
 	char buf[SIZ];
-	
+
 	if (CM_IsEmpty(msg, eMessageText)) return;
 	conf = strdup(msg->cm_fields[eMessageText]);
 
@@ -51,6 +52,7 @@ void inetcfg_setTo(struct CtdlMessage *msg) {
 
 		if (inetcfg != NULL) free(inetcfg);
 		inetcfg = conf;
+		dkim_check_advisory(inetcfg);		// this will check to see if we have to advise the admin about dkim
 	}
 }
 
diff --git a/citadel/server/modules/listdeliver/serv_listdeliver.c b/citadel/server/modules/listdeliver/serv_listdeliver.c
index c342b0799..a6cb74ad4 100644
--- a/citadel/server/modules/listdeliver/serv_listdeliver.c
+++ b/citadel/server/modules/listdeliver/serv_listdeliver.c
@@ -1,14 +1,6 @@
 // This module delivers messages to mailing lists.
-//
-// Copyright (c) 2002-2023 by the citadel.org team
-//
-// This program is open source software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License version 3.
-//  
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
+// Copyright (c) 2002-2024 by the citadel.org team (Art Cancro et al.)
+// This program is open source software.  Use, duplication, or disclosure are subject to the GNU General Public License v3.
 
 #include "../../sysdep.h"
 #include <stdlib.h>
@@ -40,7 +32,6 @@
 
 int doing_listdeliver = 0;
 
-
 // data passed back and forth between listdeliver_do_msg() and listdeliver_sweep_room()
 struct lddata {
 	long msgnum;		// number of most recent message processed
@@ -48,7 +39,6 @@ struct lddata {
 };
 
 
-
 void listdeliver_do_msg(long msgnum, void *userdata) {
 	struct lddata *ld = (struct lddata *) userdata;
 	if (!ld) return;
@@ -63,6 +53,8 @@ void listdeliver_do_msg(long msgnum, void *userdata) {
 	struct CtdlMessage *TheMessage = CtdlFetchMessage(msgnum, 1);
 	if (!TheMessage) return;
 
+	// FIXME add the list unsubscribe instructions directly to the message text.  Do it right here.
+
 	// If the subject line does not contain the name of the room, add it now.
 	if (!bmstrcasestr(TheMessage->cm_fields[eMsgSubject], CC->room.QRname)) {
 		snprintf(buf, sizeof buf, "[%s] %s", CC->room.QRname, TheMessage->cm_fields[eMsgSubject]);
@@ -78,6 +70,13 @@ void listdeliver_do_msg(long msgnum, void *userdata) {
 	CM_SetField(TheMessage, erFc822Addr, buf);
 	CM_SetField(TheMessage, eReplyTo, buf);
 
+	// To: likewise needs to have something in it, definitely not the name of an actual mailing list member.
+	// Let's use the address and name of the room.
+	strcat(buf, " (");
+	strcat(buf, CC->room.QRname);
+	strcat(buf, " )");
+	CM_SetField(TheMessage, eRecipient, buf);
+
 	// With that out of the way, let's figure out who this message needs to be sent to.
 	char *recipients = malloc(strlen(ld->netconf));
 	if (recipients) {
@@ -245,5 +244,5 @@ char *ctdl_module_init_listdeliver(void) {
 	}
 	
 	// return our module name for the log
-	return "listsub";
+	return "listdeliver";
 }
diff --git a/citadel/server/modules/listsub/serv_listsub.c b/citadel/server/modules/listsub/serv_listsub.c
index 9eec96463..08aaabadf 100644
--- a/citadel/server/modules/listsub/serv_listsub.c
+++ b/citadel/server/modules/listsub/serv_listsub.c
@@ -57,11 +57,35 @@ void generate_confirmation_token(char *token_buf, size_t token_buf_len, char *ro
 }
 
 
+// Generate a pre-authorized subscribe/unsubscribe URL for a particular email address for a particular room.
+// This can be used as the second part of a double-opt-in or double-opt-out process.
+// It can also be used to generate a "one click unsubscribe" link.
+void generate_one_click_url(char *target_buf, char *base_url, char *action, char *roomname, char *emailaddr) {
+
+	// We need a URL-safe representation of the room name
+	char encoded_roomname[ROOMNAMELEN+10];
+	urlesc(encoded_roomname, sizeof(encoded_roomname), roomname);
+
+	// The confirmation token pre-authorizes the generated URL.  It is hashed by the host key so it can't be guessed.
+	char confirmation_token[128];
+	generate_confirmation_token(confirmation_token, sizeof confirmation_token, roomname, emailaddr);
+
+	// Write to the buffer
+	snprintf(target_buf, SIZ, "%s?cmd=%s&email=%s&room=%s&token=%s",
+		base_url,
+		action,
+		emailaddr,
+		encoded_roomname,
+		confirmation_token
+	);
+}
+
+
 // This generates an email with a link the user clicks to confirm a list subscription.
 void send_subscribe_confirmation_email(char *roomname, char *emailaddr, char *url, char *confirmation_token) {
-	// We need a URL-safe representation of the room name
-	char urlroom[ROOMNAMELEN+10];
-	urlesc(urlroom, sizeof(urlroom), roomname);
+
+	char confirm_subscribe_url[SIZ];
+	generate_one_click_url(confirm_subscribe_url, url, "confirm_subscribe", roomname, emailaddr);
 
 	char from_address[1024];
 	snprintf(from_address, sizeof from_address, "noreply@%s", CtdlGetConfigStr("c_fqdn"));
@@ -80,7 +104,7 @@ void send_subscribe_confirmation_email(char *roomname, char *emailaddr, char *ur
 		"<%s> to the <%s> mailing list.\n"
 		"\n"
 		"Please go here to confirm this request:\n"
-		"%s?cmd=confirm_subscribe&email=%s&room=%s&token=%s\n"
+		"%s\n"
 		"\n"
 		"If this request has been submitted in error and you do not\n"
 		"wish to receive the <%s> mailing list, simply do nothing,\n"
@@ -89,26 +113,19 @@ void send_subscribe_confirmation_email(char *roomname, char *emailaddr, char *ur
 		"--__ctdlmultipart__\n"
 		"Content-type: text/html\n"
 		"\n"
-		"<html><body><p>Someone (probably you) has submitted a request to subscribe "
-		"<strong>%s</strong> to the <strong>%s</strong> mailing list.</p>"
-		"<p>Please go here to confirm this request:</p>"
-		"<p><a href=\"%s?cmd=confirm_subscribe&email=%s&room=%s&token=%s\">"
-		"%s?cmd=confirm_subscribe&email=%s&room=%s&token=%s</a></p>"
-		"<p>If this request has been submitted in error and you do not "
-		"wish to receive the <strong>%s<strong> mailing list, simply do nothing, "
-		"and you will not receive any further mailings.</p>"
+		"<html><body><p>Someone (probably you) has submitted a request to subscribe\n"
+		"<strong>%s</strong> to the <strong>%s</strong> mailing list.</p>\n"
+		"<p>Please go here to confirm this request:</p>\n"
+		"<p><a href=\"%s\">%s</a></p>\n"
+		"<p>If this request has been submitted in error and you do not\n"
+		"wish to receive the <strong>%s</strong> mailing list, simply do nothing,\n"
+		"and you will not receive any further mailings.</p>\n"
 		"</body></html>\n"
 		"\n"
 		"--__ctdlmultipart__--\n"
 		,
-		emailaddr, roomname,
-		url, emailaddr, urlroom, confirmation_token,
-		roomname
-		,
-		emailaddr, roomname,
-		url, emailaddr, urlroom, confirmation_token,
-		url, emailaddr, urlroom, confirmation_token,
-		roomname
+		emailaddr, roomname, confirm_subscribe_url, roomname,
+		emailaddr, roomname, confirm_subscribe_url, confirm_subscribe_url, roomname
 	);
 
 	quickie_message("Citadel", from_address, emailaddr, NULL, emailtext, FMT_RFC822, "Please confirm your list subscription");
@@ -118,9 +135,9 @@ void send_subscribe_confirmation_email(char *roomname, char *emailaddr, char *ur
 
 // This generates an email with a link the user clicks to confirm a list unsubscription.
 void send_unsubscribe_confirmation_email(char *roomname, char *emailaddr, char *url, char *confirmation_token) {
-	// We need a URL-safe representation of the room name
-	char urlroom[ROOMNAMELEN+10];
-	urlesc(urlroom, sizeof(urlroom), roomname);
+
+	char confirm_unsubscribe_url[SIZ];
+	generate_one_click_url(confirm_unsubscribe_url, url, "confirm_unsubscribe", roomname, emailaddr);
 
 	char from_address[1024];
 	snprintf(from_address, sizeof from_address, "noreply@%s", CtdlGetConfigStr("c_fqdn"));
@@ -139,7 +156,7 @@ void send_unsubscribe_confirmation_email(char *roomname, char *emailaddr, char *
 		"<%s> from the <%s> mailing list.\n"
 		"\n"
 		"Please go here to confirm this request:\n"
-		"%s?cmd=confirm_unsubscribe&email=%s&room=%s&token=%s\n"
+		"%s\n"
 		"\n"
 		"If this request has been submitted in error and you still\n"
 		"wish to receive the <%s> mailing list, simply do nothing,\n"
@@ -148,26 +165,19 @@ void send_unsubscribe_confirmation_email(char *roomname, char *emailaddr, char *
 		"--__ctdlmultipart__\n"
 		"Content-type: text/html\n"
 		"\n"
-		"<html><body><p>Someone (probably you) has submitted a request to unsubscribe "
-		"<strong>%s</strong> from the <strong>%s</strong> mailing list.</p>"
-		"<p>Please go here to confirm this request:</p>"
-		"<p><a href=\"%s?cmd=confirm_unsubscribe&email=%s&room=%s&token=%s\">"
-		"%s?cmd=confirm_unsubscribe&email=%s&room=%s&token=%s</a></p>"
-		"<p>If this request has been submitted in error and you still "
-		"wish to receive the <strong>%s<strong> mailing list, simply do nothing, "
-		"and you will remain subscribed.</p>"
+		"<html><body><p>Someone (probably you) has submitted a request to unsubscribe\n"
+		"<strong>%s</strong> from the <strong>%s</strong> mailing list.</p>\n"
+		"<p>Please go here to confirm this request:</p>\n"
+		"<p><a href=\"%s\">%s</a></p>\n"
+		"<p>If this request has been submitted in error and you still\n"
+		"wish to receive the <strong>%s</strong> mailing list, simply do nothing,\n"
+		"and you will remain subscribed.</p>\n"
 		"</body></html>\n"
 		"\n"
 		"--__ctdlmultipart__--\n"
 		,
-		emailaddr, roomname,
-		url, emailaddr, urlroom, confirmation_token,
-		roomname
-		,
-		emailaddr, roomname,
-		url, emailaddr, urlroom, confirmation_token,
-		url, emailaddr, urlroom, confirmation_token,
-		roomname
+		emailaddr, roomname, confirm_unsubscribe_url, roomname,
+		emailaddr, roomname, confirm_unsubscribe_url, confirm_unsubscribe_url, roomname
 	);
 
 	quickie_message("Citadel", from_address, emailaddr, NULL, emailtext, FMT_RFC822, "Please confirm your list unsubscription");
diff --git a/citadel/server/modules/nntp/serv_nntp.c b/citadel/server/modules/nntp/serv_nntp.c
index 4c581db63..231b694cd 100644
--- a/citadel/server/modules/nntp/serv_nntp.c
+++ b/citadel/server/modules/nntp/serv_nntp.c
@@ -175,9 +175,7 @@ void nntp_greeting(void) {
 // NNTPS is just like NNTP, except it goes crypto right away.
 void nntps_greeting(void) {
 	CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
-#ifdef HAVE_OPENSSL
 	if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;		// kill session if no crypto
-#endif
 	nntp_greeting();
 }
 
@@ -204,9 +202,7 @@ void nntp_capabilities(void) {
 	cprintf("MODE-READER\r\n");
 	cprintf("LIST ACTIVE NEWSGROUPS\r\n");
 	cprintf("OVER\r\n");
-#ifdef HAVE_OPENSSL
 	cprintf("STARTTLS\r\n");
-#endif
 	if (!CC->logged_in) {
 		cprintf("AUTHINFO USER\r\n");
 	}
@@ -1070,14 +1066,12 @@ char *ctdl_module_init_nntp(void) {
 					NULL, 
 					CitadelServiceNNTP);
 
-#ifdef HAVE_OPENSSL
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_nntps_port"),
 					NULL,
 					nntps_greeting,
 					nntp_command_loop,
 					NULL,
 					CitadelServiceNNTPS);
-#endif
 
 		CtdlRegisterSessionHook(nntp_cleanup_function, EVT_STOP, PRIO_STOP + 250);
 	}
diff --git a/citadel/server/modules/pop3/serv_pop3.c b/citadel/server/modules/pop3/serv_pop3.c
index 322f2d826..d624cfe9e 100644
--- a/citadel/server/modules/pop3/serv_pop3.c
+++ b/citadel/server/modules/pop3/serv_pop3.c
@@ -47,10 +47,9 @@
 #include "../../ctdl_module.h"
 
 
-// This cleanup function blows away the temporary memory and files used by
-// the POP3 server.
+// This cleanup function blows away the temporary memory and files used by the POP3 server.
 void pop3_cleanup_function(void) {
-	/* Don't do this stuff if this is not a POP3 session! */
+	// Don't do this stuff if this is not a POP3 session!
 	if (CC->h_command_function != pop3_command_loop) return;
 
 	struct citpop3 *pop3 = ((struct citpop3 *)CC->session_specific_data);
@@ -78,13 +77,10 @@ void pop3_greeting(void) {
 void pop3s_greeting(void) {
 	CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
 
-/* kill session if no crypto */
-#ifdef HAVE_OPENSSL
-	if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;
-#else
-	CC->kill_me = KILLME_NO_CRYPTO;
-#endif
-
+	// kill the session if TLS is not running by now
+	if (!CC->redirect_ssl) {
+		CC->kill_me = KILLME_NO_CRYPTO;
+	}
 	pop3_greeting();
 }
 
@@ -149,10 +145,10 @@ int pop3_grab_mailbox(void) {
 
 	if (CtdlGetRoom(&CC->room, MAILROOM) != 0) return(-1);
 
-	/* Load up the messages */
+	// Load up the messages
 	CtdlForEachMessage(MSGS_ALL, 0L, NULL, NULL, NULL, pop3_add_message, NULL);
 
-	/* Figure out which are old and which are new */
+	// Figure out which are old and which are new
         CtdlGetRelationship(&vbuf, &CC->user, &CC->room);
 	POP3->lastseen = (-1);
 	if (POP3->num_msgs) for (i=0; i<POP3->num_msgs; ++i) {
@@ -516,11 +512,9 @@ void pop3_command_loop(void) {
 		pop3_pass(&cmdbuf[5]);
 	}
 
-#ifdef HAVE_OPENSSL
 	else if (!strncasecmp(cmdbuf, "STLS", 4)) {
 		pop3_stls();
 	}
-#endif
 
 	else if (!CC->logged_in) {
 		cprintf("-ERR Not logged in.\r\n");
@@ -582,17 +576,15 @@ char *ctdl_module_init_pop3(void) {
 					pop3_command_loop,
 					NULL,
 					CitadelServicePop3);
-#ifdef HAVE_OPENSSL
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_pop3s_port"),
 					NULL,
 					pop3s_greeting,
 					pop3_command_loop,
 					NULL,
 					CitadelServicePop3S);
-#endif
 		CtdlRegisterSessionHook(pop3_cleanup_function, EVT_STOP, PRIO_STOP + 30);
 	}
 	
-	/* return our module name for the log */
+	// return our module name for the log
 	return "pop3";
 }
diff --git a/citadel/server/modules/smtp/dkim.c b/citadel/server/modules/smtp/dkim.c
new file mode 100644
index 000000000..76a7a6112
--- /dev/null
+++ b/citadel/server/modules/smtp/dkim.c
@@ -0,0 +1,621 @@
+// DKIM signature creation
+// https://www.rfc-editor.org/rfc/rfc6376.html
+//
+// Body canonicalization code (C) 2012 by Timothy E. Johansson
+// The rest is written for Citadel and OpenSSL 3.0 (C) 2024 by Art Cancro
+//
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
+
+// Make sure we don't accidentally use any deprecated API calls
+#define OPENSSL_NO_DEPRECATED_3_0
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+#include <syslog.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <libcitadel.h>
+
+// This utility function is used by the body canonicalizer
+char *dkim_rtrim(char *str) {
+	char *end;
+	int len = strlen(str);
+
+	while (*str && len) {
+		end = str + len-1;
+		
+		if (*end == ' ' || *end == '\t') {
+			*end = '\0';
+		}
+		else {
+			break;
+		}
+		
+		len = strlen(str);
+	}
+	
+	return str;
+}
+
+
+// We can use this handy function to wrap our big dkim signature header to a reasonable width
+void dkim_wrap_header_strbuf(StrBuf *header_in) {
+	char *str = (char *)ChrPtr(header_in);
+	int len = StrLength(header_in);
+
+	char *tmp = malloc(len*3+1);
+	if (!tmp) {
+		return;
+	}
+	int tmp_len = 0;
+	int i;
+	int lcount = 0;
+	
+	for (i = 0; i < len; ++i) {
+		if (str[i] == ' ' || lcount == 75) {
+			tmp[tmp_len++] = str[i];
+			tmp[tmp_len++] = '\r';
+			tmp[tmp_len++] = '\n';
+			tmp[tmp_len++] = '\t';
+			lcount = 0;
+		}
+		else {
+			tmp[tmp_len++] = str[i];
+			++lcount;
+		}
+	}
+	
+	tmp[tmp_len] = '\0';
+	StrBufPlain(header_in, tmp, tmp_len);
+	free(tmp);
+}
+
+
+// This utility function is used by the body canonicalizer
+char *dkim_rtrim_lines(char *str) {
+	char *end;
+	int len = strlen(str);
+
+	while (*str && len) {
+		end = str + len-1;
+		
+		if (*end == '\r' || *end == '\n') {
+			*end = '\0';
+		}
+		else {
+			break;
+		}
+		
+		len = strlen(str);
+	}
+	
+	return str;
+}
+
+
+// Canonicalize one line of the message body as per the "relaxed" algorithm
+char *dkim_canonicalize_body_line(char *line) {
+	int line_len = 0;
+	int i;
+	
+	// Ignores all whitespace at the end of lines.  Implementations MUST NOT remove the CRLF at the end of the line.
+	dkim_rtrim(line);
+	
+	// Reduces all sequences of whitespace within a line to a single space character.
+	line_len = strlen(line);
+	int new_len = 0;
+
+	for (i = 0; i < line_len; ++i) {
+		if (line[i] == '\t') {
+			line[i] = ' ';
+		}
+	
+		if (i > 0) {
+			if (!(line[i-1] == ' ' && line[i] == ' ')) {
+				line[new_len++] = line[i];
+			}
+		}
+		else {
+			line[new_len++] = line[i];
+		}
+	}
+	
+	line[new_len] = '\0';
+	return line;
+}
+
+
+// Canonicalize the message body as per the "relaxed" algorithm
+char *dkim_canonicalize_body(char *body) {
+	int i = 0;
+	int offset = 0;
+	int body_len = strlen(body);
+
+	char *new_body = malloc(body_len*2+3);
+	int new_body_len = 0;
+
+	for (i = 0; i < body_len; ++i) {
+		int is_r = 0;
+
+		if (body[i] == '\n') {
+			if (i > 0) {
+				if (body[i-1] == '\r') {
+					i--;
+					is_r = 1;
+				}
+			}
+
+			char *line = malloc(i - offset + 1);	
+			memcpy(line, body+offset, i-offset);
+			line[i-offset] = '\0';
+
+			dkim_canonicalize_body_line(line);
+
+			int line_len = strlen(line);
+			memcpy(new_body+new_body_len, line, line_len);
+			memcpy(new_body+new_body_len+line_len, "\r\n", 2);
+			new_body_len += line_len+2;
+
+			if (is_r) {
+				i++;
+			}	
+
+			offset = i+1;
+			free(line);
+		}
+	}
+
+	if (offset < body_len) {
+		char *line = malloc(i - offset + 1);	
+		memcpy(line, body+offset, i-offset);
+		line[i-offset] = '\0';
+
+		dkim_canonicalize_body_line(line);
+
+		int line_len = strlen(line);
+		memcpy(new_body+new_body_len, line, line_len);
+		memcpy(new_body+new_body_len+line_len, "\r\n", 2);
+		new_body_len += line_len+2;
+
+		free(line);
+	}
+
+	memcpy(new_body+new_body_len, "\0", 1);
+
+	// Ignores all empty lines at the end of the message body.  "Empty line" is defined in Section 3.4.3.
+	new_body = dkim_rtrim_lines(new_body);
+
+	// Note that a completely empty or missing body is canonicalized as a
+        // single "CRLF"; that is, the canonicalized length will be 2 octets.
+	new_body_len = strlen(new_body);
+	new_body[new_body_len++] = '\r';
+	new_body[new_body_len++] = '\n';
+	new_body[new_body_len] = '\0';
+
+	return new_body;	
+}
+
+
+// First step to canonicalize a block of headers as per the "relaxed" algorithm.
+// Unfold all headers onto single lines.
+void dkim_unfold_headers(StrBuf *unfolded_headers) {
+	char *headers_start = (char *)ChrPtr(unfolded_headers);
+	char *fold;
+
+	while (
+		fold = strstr(headers_start, "\r\n "),				// find the first holded header
+		fold = (fold ? fold : strstr(headers_start, "\r\n\t")),		// it could be folded with tabs
+		fold != NULL							// keep going until there aren't any left
+	) {
+
+		// Replace CRLF<space> or CRLF<tab> with CRLF
+		StrBufReplaceToken(unfolded_headers, (long)(fold-headers_start), 3, HKEY("\r\n"));
+
+		// And when we've got them all, remove the CRLF as well.
+		if (
+			(strstr(headers_start, "\r\n ") != fold)
+			&& (strstr(headers_start, "\r\n\t") != fold)
+			&& (!strncmp(fold, HKEY("\r\n")))
+		) {
+			StrBufReplaceToken(unfolded_headers, (long)(fold-headers_start), 2, HKEY(""));
+		}
+
+	}
+}
+
+
+// Second step to canonicalize a block of headers as per the "relaxed" algorithm.
+// Headers MUST already be unfolded with dkim_unfold_headers()
+void dkim_canonicalize_unfolded_headers(StrBuf *headers) {
+
+	char *cheaders = (char *)ChrPtr(headers);
+	char *ptr = cheaders;
+	while (*ptr) {
+
+		// We are at the beginning of a line.  Find the colon separator between field name and value.
+		char *start_of_this_line = ptr;
+		char *colon = strstr(ptr, ":");
+
+		// remove whitespace after the colon
+		while ( (*(colon+1) == ' ') || (*(colon+2) == '\t') ) {
+			StrBufReplaceToken(headers, (long)(colon+1-cheaders), 1, HKEY(""));
+		}
+		char *end_of_this_line = strstr(ptr, "\r\n");
+
+		// replace all multiple whitespace runs with a single space
+		int replaced_something;
+		do {
+			replaced_something = 0;
+			char *double_space = strstr(ptr, "  ");			// space-space?
+			if (!double_space) {
+				double_space = strstr(ptr, " \t");		// space-tab?
+			}
+			if (!double_space) {
+				double_space = strstr(ptr, "\t ");		// tab-space?
+			}
+			if (!double_space) {
+				double_space = strstr(ptr, "\t\t");		// tab-tab?
+			}
+			if (double_space) {
+				StrBufReplaceToken(headers, (long)(double_space-cheaders), 2, HKEY(" "));
+				++replaced_something;
+			}
+		} while (replaced_something);
+
+		// remove whitespace at the end of the line
+		do {
+			replaced_something = 0;
+			char *trailing_space = strstr(ptr, " \r\n");		// line ends in a space?
+			if (!trailing_space) {					// no?
+				trailing_space = strstr(ptr, "\t\r\n");		// how about a tab?
+			}
+			if (trailing_space) {
+				StrBufReplaceToken(headers, (long)(trailing_space-cheaders), 3, HKEY("\r\n"));
+				++replaced_something;
+			}
+		} while (replaced_something);
+
+		// Convert header field names to all lower case
+		for (char *c = start_of_this_line; c<colon; ++c) {
+			cheaders[c-cheaders] = tolower(cheaders[c-cheaders]);
+		}
+
+		ptr = end_of_this_line + 2;					// Advance to the beginning of the next line
+	}
+}
+
+
+// Third step to canonicalize a block of headers as per the "relaxed" algorithm.
+// Reduce the canonicalized header block to only the fields being signed
+void dkim_reduce_canonicalized_headers(StrBuf *headers, char *header_list) {
+
+	char *cheaders = (char *)ChrPtr(headers);
+	char *ptr = cheaders;
+	while (*ptr) {
+
+		// We are at the beginning of a line.  Find the colon separator between field name and value.
+		char *start_of_this_line = ptr;
+		char *colon = strstr(ptr, ":");
+		char *end_of_this_line = strstr(ptr, "\r\n");
+
+		char relevant_headers[1024];
+		strncpy(relevant_headers, header_list, sizeof(relevant_headers));
+		char *rest = relevant_headers;
+		char *token = NULL;
+		int keep_this_header = 0;
+
+		while (token = strtok_r(rest, ":", &rest)) {
+			if (!strncmp(start_of_this_line, token, strlen(token))) {
+				keep_this_header = 1;
+			}
+		}
+
+		if (keep_this_header) {						 // Advance to the beginning of the next line
+			ptr = end_of_this_line + 2;
+		}
+		else {
+			StrBufReplaceToken(headers, (long)(start_of_this_line - cheaders), end_of_this_line-start_of_this_line+2, HKEY(""));
+		}
+	}
+
+}
+
+
+// Make a new header list containing only the headers actually present in the canonicalized header block.
+void dkim_final_header_list(char *header_list, size_t header_list_size, StrBuf *unfolded_headers) {
+	header_list[0] = 0;
+
+	char *cheaders = (char *)ChrPtr(unfolded_headers);
+	char *ptr = cheaders;
+	while (*ptr) {
+
+		// We are at the beginning of a line.  Find the colon separator between field name and value.
+		char *start_of_this_line = ptr;
+		char *colon = strstr(ptr, ":");
+		char *end_of_this_line = strstr(ptr, "\r\n");
+
+		if (ptr != cheaders) {
+			strcat(header_list, ":");
+		}
+
+		strncat(header_list, start_of_this_line, (colon-start_of_this_line));
+
+		ptr = end_of_this_line + 2;					// Advance to the beginning of the next line
+	}
+}
+
+
+// Supplied with a PEM-encoded PKCS#7 private key, that might also have newlines replaced with underscores, return an EVP_PKEY.
+// Caller is responsible for freeing it.
+EVP_PKEY *dkim_import_key(char *pkey_in) {
+
+	if (!pkey_in) {
+		return(NULL);
+	}
+
+	// Citadel Server stores the private key in PEM-encoded PKCS#7 format, but with all newlines replaced by underscores.
+	// Fix that before we try to decode it.
+	char *pkey_with_newlines = strdup(pkey_in);
+	if (!pkey_with_newlines) {
+		return(NULL);
+	}
+	char *sp;
+	while (sp = strchr(pkey_with_newlines, '_')) {
+		*sp = '\n';
+	}
+
+	// Load the private key into an OpenSSL "BIO" structure
+	BIO *bufio = BIO_new_mem_buf((void *)pkey_with_newlines, strlen(pkey_with_newlines));
+	if (bufio == NULL) {
+		syslog(LOG_ERR, "dkim: BIO_new_mem_buf() failed");
+		free(pkey_with_newlines);
+		return(NULL);
+	}
+
+	// Now import the private key
+	EVP_PKEY *pkey = NULL;			// Don't combine this line with the next one.  It will barf.
+	pkey = PEM_read_bio_PrivateKey(
+		bufio,				// BIO to read the private key from
+		&pkey,				// pointer to EVP_PKEY structure
+		NULL,				// password callback - can be NULL
+		NULL				// parameter passed to callback or password if callback is NULL
+	);
+
+	free(pkey_with_newlines);
+	BIO_free(bufio);
+
+	if (pkey == NULL) {
+		syslog(LOG_ERR, "dkim: PEM_read_bio_PrivateKey() failed with error 0x%lx", ERR_get_error());
+	}
+
+	return(pkey);
+}
+
+
+// Get the public key from our DKIM signing pair.
+// Returns a string that must be freed by the caller.
+char *dkim_get_public_key(EVP_PKEY *pkey) {
+	char *b64key = NULL;
+	EVP_PKEY_CTX *ctx;
+	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+	if (ctx) {
+		BIO *bio = NULL;
+		bio = BIO_new(BIO_s_mem());
+		if (bio) {
+			PEM_write_bio_PUBKEY(bio, pkey);
+			b64key = malloc(4096);
+			if (b64key) {
+				size_t readbytes;
+				BIO_read_ex(bio, b64key, 4096, &readbytes);
+				b64key[readbytes] = 0;
+	
+				// strip the header
+				if (!strncasecmp(b64key, HKEY("-----BEGIN PUBLIC KEY-----\n"))) {
+					strcpy(b64key, &b64key[27]);
+				}
+	
+				// strip the footer
+				char *foot = strstr(b64key, "\n-----END PUBLIC KEY-----");
+				if (foot) {
+					*foot = 0;
+				}
+	
+				// remove newlines
+				char *nl;
+				while (nl = strchr(b64key, '\n')) {
+					strcpy(nl, nl+1);
+				}
+			}
+			BIO_free(bio);
+		}
+		EVP_PKEY_CTX_free(ctx);
+	}
+	return(b64key);
+}
+
+// DKIM-sign an email, supplied as a full RFC2822-compliant message stored in a StrBuf
+void dkim_sign(StrBuf *email, char *pkey_in, char *domain, char *selector) {
+	int i = 0;
+
+	if (!email) {								// no message was supplied
+		return;
+	}
+
+	// Import the private key
+	EVP_PKEY *pkey = dkim_import_key(pkey_in);
+	if (pkey == NULL) {
+		return;
+	}
+
+	// find the break between headers and body
+	size_t msglen = StrLength(email);					// total length of message (headers + body)
+
+	char *body_ptr = strstr(ChrPtr(email), "\r\n\r\n");
+	if (body_ptr == NULL) {
+		syslog(LOG_ERR, "dkim: this message cannot be signed because it has no body");
+		return;
+	}
+
+	size_t body_offset = body_ptr - ChrPtr(email);				// offset at which message body begins
+	StrBuf *header_block = NewStrBufPlain(ChrPtr(email), body_offset+2);	// headers only (the +2 makes it include final CRLF)
+
+	// This removes the headers from the supplied email buffer.  We MUST put them back in later.
+	StrBufCutLeft(email, body_offset+4);					// The +4 makes it NOT include the CRLFCRLF
+
+	// Apply the "relaxed" canonicalization to the message body
+	char *relaxed_body = dkim_canonicalize_body((char *)ChrPtr(email));
+	int relaxed_body_len = strlen(relaxed_body);
+
+	// hash of the canonicalized body
+	unsigned char *body_hash = malloc(SHA256_DIGEST_LENGTH);
+	SHA256((unsigned char *)relaxed_body, relaxed_body_len, body_hash);
+	free(relaxed_body);							// all we need now is the hash
+	relaxed_body = NULL;
+
+	// base64 encode the body hash
+	char *encoded_body_hash = malloc(SHA256_DIGEST_LENGTH * 2);
+	CtdlEncodeBase64(encoded_body_hash, body_hash, SHA256_DIGEST_LENGTH, BASE64_NO_LINEBREAKS);
+	free(body_hash);							// all we need now is the encoded hash
+
+	// "relaxed" header canonicalization, step 1 : unfold the headers
+	StrBuf *unfolded_headers = NewStrBufDup(header_block);
+	dkim_unfold_headers(unfolded_headers);
+
+	// "relaxed" header canonicalization, step 2 : lowercase the header names, remove whitespace after the colon
+	dkim_canonicalize_unfolded_headers(unfolded_headers);
+
+	// "relaxed" header canonicalization, step 3 : reduce the canonicalized header block to only the fields being signed
+	char *header_list = "from:to:cc:reply-to:subject:date:list-unsubscribe:list-unsubscribe-post";
+	dkim_reduce_canonicalized_headers(unfolded_headers, header_list);
+
+	// Make a new header list containing only the ones we actually have.
+	char final_header_list[1024];
+	dkim_final_header_list(final_header_list, sizeof(final_header_list), unfolded_headers);
+
+	// create DKIM header
+	StrBuf *dkim_header = NewStrBuf();
+	StrBufPrintf(dkim_header,
+		"v=1; a=rsa-sha256; s=%s; d=%s; l=%d; t=%d; c=relaxed/relaxed; h=%s; bh=%s; b=",
+		selector,
+		domain,
+		relaxed_body_len,
+		time(NULL),
+		final_header_list,
+		encoded_body_hash
+	);
+	free(encoded_body_hash);						// Hash is stored in the header now.
+
+	// Add the initial DKIM header (which is still missing the value after "b=") to the headers to be signed.
+	// RFC6376 3.7 tells us NOT to include CRLF after "b="
+	StrBufAppendBufPlain(unfolded_headers, HKEY("dkim-signature:"), 0);
+	StrBufAppendBuf(unfolded_headers, dkim_header, 0);
+
+	// Compute a hash of the canonicalized headers, and then sign that hash with our private key.
+	// RFC6376 says that we hash and sign everything up to the "b=" and then we'll add the rest at the end.
+
+	// The hashing/signing library calls are documented at https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
+	// NOTE: EVP_DigestSign*() functions are supplied with the actual data to be hashed and signed.
+	// That means we don't hash it first, otherwise we would be signing double-hashed (and therefore wrong) data.
+
+	// Create the Message Digest Context
+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+	if (mdctx == NULL) {
+		syslog(LOG_ERR, "dkim: EVP_MD_CTX_create() failed with error 0x%lx", ERR_get_error());
+		abort();
+	}
+
+	// Initialize the DigestSign operation using SHA-256 algorithm
+ 	if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) {
+		syslog(LOG_ERR, "dkim: EVP_DigestSignInit() failed with error 0x%lx", ERR_get_error());
+		abort();
+	}
+
+	// Call update with the "message" (the canonicalized headers)
+ 	if (EVP_DigestSignUpdate(mdctx, (char *)ChrPtr(unfolded_headers), StrLength(unfolded_headers)) != 1) {
+		syslog(LOG_ERR, "dkim: EVP_DigestSignUpdate() failed with error 0x%lx", ERR_get_error());
+		abort();
+	}
+
+	// Finalize the DigestSign operation.
+ 	// First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the signature.
+	// Length is returned in signature_len
+	size_t signature_len;
+ 	if (EVP_DigestSignFinal(mdctx, NULL, &signature_len) != 1) {
+		syslog(LOG_ERR, "dkim: EVP_DigestSignFinal() failed");
+		abort();
+	}
+
+	// Sanity check.  The signature length should be the same as the size of the private key.
+	assert(signature_len == EVP_PKEY_size(pkey));
+
+ 	// Allocate memory for the signature based on size in signature_len
+	unsigned char *sig = OPENSSL_malloc(signature_len);
+	if (sig == NULL) {
+		syslog(LOG_ERR, "dkim: OPENSSL_malloc() failed");
+		abort();
+	}
+
+ 	// Obtain the signature
+ 	if (EVP_DigestSignFinal(mdctx, sig, &signature_len) != 1) {
+		syslog(LOG_ERR, "dkim: EVP_DigestSignFinal() failed");
+		abort();
+	}
+	EVP_MD_CTX_free(mdctx);
+
+	// This is an optional routine to verify our own signature.
+	// The test program in tests/dkimtester enables it.  It is not enabled in Citadel Server.
+#ifdef DKIM_VERIFY_SIGNATURE
+	mdctx = EVP_MD_CTX_new();
+	if (mdctx) {
+		assert(EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) == 1);
+		assert(EVP_DigestVerifyUpdate(mdctx, (char *)ChrPtr(unfolded_headers), StrLength(unfolded_headers)) == 1);
+		assert(EVP_DigestVerifyFinal(mdctx, sig, signature_len) == 1);
+		EVP_MD_CTX_free(mdctx);
+	}
+#endif
+
+	// With the signature complete, we no longer need the private key or the unfolded headers.
+	EVP_PKEY_free(pkey);
+	FreeStrBuf(&unfolded_headers);
+
+	// base64 encode the signature
+	char *encoded_signature = malloc(signature_len * 2);
+	int encoded_signature_len = CtdlEncodeBase64(encoded_signature, sig, signature_len, BASE64_NO_LINEBREAKS);
+	free(sig);							// Free the raw signature, keep the b64-encoded one.
+	StrBufAppendPrintf(dkim_header, "%s", encoded_signature);	// Make the final header.
+	free(encoded_signature);
+
+	// wrap dkim header to 72-ish columns
+	dkim_wrap_header_strbuf(dkim_header);
+
+	// Now reassemble the message.
+	StrBuf *output_msg = NewStrBuf();
+	StrBufPrintf(output_msg, "DKIM-Signature: %s\r\n", (char *)ChrPtr(dkim_header));
+	StrBufAppendBuf(output_msg, header_block, 0);
+	StrBufAppendBufPlain(output_msg, HKEY("\r\n"), 0);
+	StrBufAppendBuf(output_msg, email, 0);
+
+	// Put the combined message where the caller can find it.
+	FreeStrBuf(&dkim_header);
+	FreeStrBuf(&header_block);
+	SwapBuffers(output_msg, email);
+	FreeStrBuf(&output_msg);
+
+	// And we're done!
+}
+
+
diff --git a/citadel/server/modules/smtp/dkim_bindings.c b/citadel/server/modules/smtp/dkim_bindings.c
new file mode 100644
index 000000000..340e574b6
--- /dev/null
+++ b/citadel/server/modules/smtp/dkim_bindings.c
@@ -0,0 +1,192 @@
+// DKIM bindings to Citadel Server
+//
+// (C) 2024 by Art Cancro
+//
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
+
+// Make sure we don't accidentally use any deprecated API calls
+#define OPENSSL_NO_DEPRECATED_3_0
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+#include <syslog.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <libcitadel.h>
+#include "../../config.h"
+#include "../../msgbase.h"
+#include "smtp_util.h"
+
+
+// Generate a private key and selector for DKIM if needed.  This is called during server startup.
+void dkim_init(void) {
+
+	char *dkim_private_key = CtdlGetConfigStr("dkim_private_key");
+	if (!IsEmptyStr(dkim_private_key)) {
+		syslog(LOG_DEBUG, "dkim: private key exists and will continue to be used.");
+	}
+	else {
+		EVP_PKEY_CTX *ctx;
+		EVP_PKEY *pkey = NULL;	
+		BIO *bio = NULL;
+		ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+		if (ctx) {
+			if (
+				(EVP_PKEY_keygen_init(ctx) == 1)
+				&& (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) == 1)
+				&& (EVP_PKEY_keygen(ctx, &pkey) == 1)
+			) {
+				syslog(LOG_DEBUG, "dkim: generated private key");
+				bio = BIO_new(BIO_s_mem());
+				if (bio) {
+					PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL);
+					char *b64key = malloc(4096);
+					if (b64key) {
+						size_t readbytes;
+						BIO_read_ex(bio, b64key, 4096, &readbytes);
+						b64key[readbytes] = 0;
+						char *nl = NULL;
+						while (nl=strchr(b64key, '\n'), nl) {		// convert newlines to underscores
+							*nl = '_';
+						}
+						CtdlSetConfigStr("dkim_private_key", b64key);
+						free(b64key);
+					}
+					free(bio);
+				}
+			}
+			EVP_PKEY_CTX_free(ctx);
+		}
+	}
+
+	char *dkim_selector = CtdlGetConfigStr("dkim_selector");
+	if (dkim_selector) {
+		syslog(LOG_DEBUG, "dkim: selector exists: %s", dkim_selector);
+	}
+	else {
+		// Quick and dirty algorithm to make up a five letter nonsense word as a selector
+		char new_selector[6];
+		int i;
+		for (i=0; i<5; ++i) {
+			new_selector[i] = (rand() % 26) + 'a';
+		}
+		new_selector[5] = 0;
+		syslog(LOG_DEBUG, "dkim: selector created: %s", new_selector);
+		CtdlSetConfigStr("dkim_selector", new_selector);
+	}
+}
+
+
+// If the DKIM key, DKIM selector, or set of signing domains has changed, we need to tell the administrator about it.
+void dkim_check_advisory(char *inetcfg_in) {
+
+	// If there is no DKIM ... there is nothing to discuss
+	if (IsEmptyStr(CtdlGetConfigStr("dkim_private_key"))) return;
+	if (IsEmptyStr(CtdlGetConfigStr("dkim_selector"))) return;
+
+	// We're going to build a hash of the private key, the selector, and all signing domains.
+	// The way we build it doesn't matter, and it doesn't even have to be secure.
+	// This is just to let us know that we have to post an update to the administrator if the hash changes.
+
+	StrBuf *hashsrc = NewStrBuf();
+	if (!hashsrc) {
+		return;
+	}
+
+	StrBufAppendBufPlain(hashsrc, CtdlGetConfigStr("dkim_private_key"), strlen(CtdlGetConfigStr("dkim_private_key")), 0);
+	StrBufAppendBufPlain(hashsrc, CtdlGetConfigStr("dkim_selector"), strlen(CtdlGetConfigStr("dkim_selector")), 0);
+
+	char *ptr = inetcfg_in;
+	while (ptr && *ptr) {
+		char *sep = strchr(ptr, '|');
+		if (sep && !strncasecmp(sep+1, HKEY("localhost"))) {
+			StrBufAppendBufPlain(hashsrc, ptr, sep-ptr, 0);
+		}
+		ptr = strchr(ptr, '\n');
+		if (ptr) ++ptr;
+	}
+
+	// make a hash from the string...
+	unsigned char *config_hash = malloc(SHA256_DIGEST_LENGTH);
+	SHA256((unsigned char *)ChrPtr(hashsrc), StrLength(hashsrc), config_hash);
+	FreeStrBuf(&hashsrc);
+
+	// base64 encode it...
+	char *encoded_config_hash = malloc(SHA256_DIGEST_LENGTH * 2);
+	CtdlEncodeBase64(encoded_config_hash, config_hash, SHA256_DIGEST_LENGTH, BASE64_NO_LINEBREAKS);
+	free(config_hash);							// all we need now is the encoded hash
+
+	// Does it match the saved hash?
+	if (	(IsEmptyStr(CtdlGetConfigStr("dkim_config_hash")))
+		|| (strcmp(encoded_config_hash, CtdlGetConfigStr("dkim_config_hash")))
+	) {
+		// No?  Post an Aide notification.
+		StrBuf *message = NewStrBuf();
+		StrBufAppendBufPlain(message, HKEY(
+			"Content-type: text/plain\r\n"
+			"\r\n\r\n"
+			"Your domain configuration may have changed.\r\n\r\n"
+			"To allow the DKIM signatures of outbound mail to be verified,\r\n"
+			"please ensure that the following DNS records are created:\r\n"
+			"\r\n"
+		),0);
+
+		char *pubkey = NULL;
+		EVP_PKEY *pkey = dkim_import_key(CtdlGetConfigStr("dkim_private_key"));
+		if (pkey) {
+			pubkey = dkim_get_public_key(pkey);
+			EVP_PKEY_free(pkey);
+		}
+
+		if (pubkey) {
+			ptr = inetcfg_in;
+			while (ptr && *ptr) {
+				char *sep = strchr(ptr, '|');
+				if (sep && !strncasecmp(sep+1, HKEY("localhost"))) {
+					StrBufAppendPrintf(message, "Host name  : %s._domainkey.", CtdlGetConfigStr("dkim_selector"));
+					StrBufAppendBufPlain(message, ptr, sep-ptr, 0);
+					StrBufAppendBufPlain(message, HKEY("\r\n"), 0);
+					StrBufAppendPrintf(message, "Record type: TXT\r\n");
+					StrBufAppendPrintf(message, "Value      : v=DKIM1;k=rsa;p=%s\r\n", pubkey);
+					StrBufAppendPrintf(message, "\r\n");
+				}
+				ptr = strchr(ptr, '\n');
+				if (ptr) {
+					++ptr;
+				}
+			}
+			free(pubkey);
+		}
+		else {
+			StrBufAppendBufPlain(message, HKEY("YOW!  Something went wrong.\r\n\r\n"), 0);
+		}
+
+		quickie_message("Citadel",
+			NULL,				// from
+			NULL,				// to
+			AIDEROOM,			// room
+			ChrPtr(message),		// text
+			FMT_RFC822,			// format
+			"Confirm your DKIM records"	// subject
+		);
+		FreeStrBuf(&message);
+	}
+
+	// Save it to the config database so we don't do this except when it changes.
+	CtdlSetConfigStr("dkim_config_hash", encoded_config_hash);
+	free(encoded_config_hash);
+}
diff --git a/citadel/server/modules/smtp/serv_smtp.c b/citadel/server/modules/smtp/serv_smtp.c
index b15320756..9ecf144b1 100644
--- a/citadel/server/modules/smtp/serv_smtp.c
+++ b/citadel/server/modules/smtp/serv_smtp.c
@@ -134,9 +134,9 @@ void smtp_greeting(int is_msa) {
 // SMTPS is just like SMTP, except it goes crypto right away.
 void smtps_greeting(void) {
 	CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
-#ifdef HAVE_OPENSSL
-	if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;		// kill session if no crypto
-#endif
+	if (!CC->redirect_ssl) {
+		CC->kill_me = KILLME_NO_CRYPTO;		// kill session if no crypto
+	}
 	smtp_greeting(0);
 }
 
@@ -214,7 +214,6 @@ void smtp_hello(int which_command) {
 		cprintf("250-HELP\r\n");
 		cprintf("250-SIZE %ld\r\n", CtdlGetConfigLong("c_maxmsglen"));
 
-#ifdef HAVE_OPENSSL
 		// Offer the STARTTLS option...
 		if (	(!CC->redirect_ssl)							// not if we're already TLS
 			&& (	(SMTP->is_msa)							// Always on port 587
@@ -223,7 +222,6 @@ void smtp_hello(int which_command) {
 		) {
 			cprintf("250-STARTTLS\r\n");
 		}
-#endif
 
 		cprintf("250-AUTH LOGIN PLAIN\r\n"
 			"250-AUTH=LOGIN PLAIN\r\n"
@@ -964,12 +962,10 @@ void smtp_command_loop(void) {
 		smtp_rcpt();
 		return;
 	}
-#ifdef HAVE_OPENSSL
 	if (!strncasecmp(ChrPtr(SMTP->Cmd), "STARTTLS", 8)) {
 		smtp_starttls();
 		return;
 	}
-#endif
 
 	cprintf("502 I'm afraid I can't do that.\r\n");
 }
@@ -1015,14 +1011,12 @@ char *ctdl_module_init_smtp(void) {
 					NULL, 
 					CitadelServiceSMTP_MTA);
 
-#ifdef HAVE_OPENSSL
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_smtps_port"),	// SMTPS MTA
 					NULL,
 					smtps_greeting,
 					smtp_command_loop,
 					NULL,
 					CitadelServiceSMTPS_MTA);
-#endif
 
 		CtdlRegisterServiceHook(CtdlGetConfigInt("c_msa_port"),		// SMTP MSA
 					NULL,
diff --git a/citadel/server/modules/smtp/serv_smtpclient.c b/citadel/server/modules/smtp/serv_smtpclient.c
index edce1f5c3..6eedc56d0 100644
--- a/citadel/server/modules/smtp/serv_smtpclient.c
+++ b/citadel/server/modules/smtp/serv_smtpclient.c
@@ -2,7 +2,7 @@
 //
 // This is the new, exciting, clever version that makes libcurl do all the work  :)
 //
-// Copyright (c) 1997-2023 by the citadel.org team
+// Copyright (c) 1997-2024 by the citadel.org team
 //
 // This program is open source software.  Use, duplication, or disclosure
 // is subject to the terms of the GNU General Public License, version 3.
@@ -213,29 +213,50 @@ int smtp_attempt_delivery(long msgid, char *recp, char *envelope_from, char *sou
 	process_rfc822_addr(recp, user, node, name);	// split recipient address into username, hostname, displayname
 	num_mx = getmx(mxes, node);
 	if (num_mx < 1) {
-		return (421);
+		return(421);
 	}
 
 	CC->redirect_buffer = NewStrBufPlain(NULL, SIZ);
+
+	// If we have a source room, it's probably a mailing list message; generate an unsubscribe header
 	if (!IsEmptyStr(source_room)) {
-		// If we have a source room, it's probably a mailing list message; generate an unsubscribe header
-		char esc_room[ROOMNAMELEN*2];
-		char esc_email[1024];
-		urlesc(esc_room, sizeof esc_room, source_room);
-		urlesc(esc_email, sizeof esc_email, recp);
-		cprintf("List-Unsubscribe: <http://%s/listsub?cmd=unsubscribe&room=%s&email=%s>\r\n",
-			CtdlGetConfigStr("c_fqdn"),
-			esc_room,
-			esc_email
-		);
+		char base_url[SIZ];
+		char unsubscribe_url[SIZ];
+		snprintf(base_url, sizeof base_url, "https://%s/listsub", CtdlGetConfigStr("c_fqdn"));
+		generate_one_click_url(unsubscribe_url, base_url, "unsubscribe", source_room, recp);
+		cprintf("List-Unsubscribe: <%s>\r\n", unsubscribe_url);			// RFC 2369
+		cprintf("List-Unsubscribe-Post: List-Unsubscribe=One-Click\r\n");	// RFC 8058
 	}
+
 	CtdlOutputMsg(msgid, MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0, NULL, &fromaddr, NULL);
 	s.TheMessage = CC->redirect_buffer;
-	s.bytes_total = StrLength(CC->redirect_buffer);
-	s.bytes_sent = 0;
 	CC->redirect_buffer = NULL;
+
+	// If we have a DKIM key, try to sign the message.
+	char *dkim_private_key = CtdlGetConfigStr("dkim_private_key");
+	char *dkim_selector = CtdlGetConfigStr("dkim_selector");
+	char *dkim_from_domain = (strchr(fromaddr, '@') ? strchr(fromaddr, '@')+1 : NULL);
+	if (
+		!IsEmptyStr(dkim_from_domain)			// Is the sending domain non-empty?
+		&& IsDirectory(fromaddr, 0)			// and is it one of "our" domains?
+		&& !IsEmptyStr(dkim_private_key)		// Do we have a private signing key?
+		&& !IsEmptyStr(dkim_selector)			// and a selector to go with it?
+	) {
+		// If you answered "yes" to all of the above questions, congratulations!  We get to sign the message!
+		syslog(LOG_DEBUG, "smtpclient: dkim-signing for selector <%s> in domain <%s>", dkim_selector, dkim_from_domain);
+
+		// Remember, the dkim_sign() function is capable of handling a PEM-encoded PKCS#7 private key that
+		// has had all of its newlines replaced by underscores -- which is exactly how we store it.
+		dkim_sign(s.TheMessage,dkim_private_key, dkim_from_domain, dkim_selector);
+	}
+
+	// Prepare the buffer for transmittal
+	s.bytes_total = StrLength(s.TheMessage);
+	s.bytes_sent = 0;
 	response_code = 421;
-					// keep trying MXes until one works or we run out
+
+
+	// Keep trying MXes until one works or we run out.
 	for (i = 0; ((i < num_mx) && ((response_code / 100) == 4)); ++i) {
 		response_code = 421;	// default 421 makes non-protocol errors transient
 		s.bytes_sent = 0;	// rewind our buffer in case we try multiple MXes
@@ -323,7 +344,7 @@ void smtp_process_one_msg(long qmsgnum) {
 
 	msg = CtdlFetchMessage(qmsgnum, 1);
 	if (msg == NULL) {
-		syslog(LOG_WARNING, "smtpclient: %ld does not exist", qmsgnum);
+		syslog(LOG_WARNING, "smtpclient: msg#%ld does not exist", qmsgnum);
 		return;
 	}
 
@@ -463,7 +484,7 @@ void smtp_process_one_msg(long qmsgnum) {
 		}
 	}
 	else {
-		syslog(LOG_DEBUG, "smtpclient: %ld retry time not reached", qmsgnum);
+		syslog(LOG_DEBUG, "smtpclient: msg#%ld retry time not reached", qmsgnum);
 	}
 
 	if (bounceto != NULL) {
@@ -577,6 +598,7 @@ char *ctdl_module_init_smtpclient(void) {
 		CtdlRegisterSessionHook(smtp_do_queue_quick, EVT_HOUSE, PRIO_AGGR + 51);
 		CtdlRegisterSessionHook(smtp_do_queue_full, EVT_TIMER, PRIO_AGGR + 51);
 		smtp_init_spoolout();
+		dkim_init();
 	}
 
 	// return our module id for the log
diff --git a/citadel/server/modules/smtp/smtp_util.h b/citadel/server/modules/smtp/smtp_util.h
index d02a53fad..cdaea243a 100644
--- a/citadel/server/modules/smtp/smtp_util.h
+++ b/citadel/server/modules/smtp/smtp_util.h
@@ -1,17 +1,7 @@
-/*
- * Copyright (c) 1998-2017 by the citadel.org team
- *
- * This program is open source software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- */
+// Copyright (c) 1998-2024 by the citadel.org team
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
 
-struct citsmtp {		/* Information about the current session */
+struct citsmtp {		// Information about the current session
 	int command_state;
 	StrBuf *Cmd;
 	StrBuf *helo_node;
@@ -39,3 +29,8 @@ enum {
 
 void smtp_do_bounce(const char *instr, int is_final);
 char *smtpstatus(int code);
+void dkim_sign(StrBuf *email, char *pkey_in, char *domain, char *selector);
+void dkim_init(void);
+void dkim_check_advisory(char *inetcfg_in);
+EVP_PKEY *dkim_import_key(char *pkey_in);
+char *dkim_get_public_key(EVP_PKEY *pkey);
diff --git a/citadel/server/modules/xmpp/serv_xmpp.c b/citadel/server/modules/xmpp/serv_xmpp.c
index 9dacbffad..81b239c90 100644
--- a/citadel/server/modules/xmpp/serv_xmpp.c
+++ b/citadel/server/modules/xmpp/serv_xmpp.c
@@ -192,11 +192,9 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr)
 	/*
 	 * TLS encryption (but only if it isn't already active)
 	 */ 
-#ifdef HAVE_OPENSSL
 	if (!CC->redirect_ssl) {
 		cprintf("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>");
 	}
-#endif
 
 	if (!CC->logged_in) {
 		/* If we're not logged in yet, offer SASL as our feature set */
@@ -487,14 +485,9 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
 	}
 
 	else if (!strcasecmp(el, "starttls")) {
-#ifdef HAVE_OPENSSL
 		cprintf("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
 		CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
 		if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;
-#else
-		cprintf("<failure xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
-		CC->kill_me = KILLME_NO_CRYPTO;
-#endif
 	}
 
 	else if (!strcasecmp(el, "ping")) {
diff --git a/citadel/server/modules/xmpp/xmpp_queue.c b/citadel/server/modules/xmpp/xmpp_queue.c
index d1929a226..f52a6e26f 100644
--- a/citadel/server/modules/xmpp/xmpp_queue.c
+++ b/citadel/server/modules/xmpp/xmpp_queue.c
@@ -1,16 +1,6 @@
-/*
- * XMPP event queue
- *
- * Copyright (c) 2007-2021 by Art Cancro
- *
- * This program is open source software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- */
+// XMPP event queue
+// Copyright (c) 2007-2024 by Art Cancro
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
 
 #include "../../sysdep.h"
 #include <stdlib.h>
@@ -49,7 +39,7 @@ void xmpp_queue_event(int event_type, char *email_addr) {
 
 	syslog(LOG_DEBUG, "xmpp: xmpp_queue_event(%d, %s)", event_type, email_addr);
 
-	/* Purge events more than a minute old */
+	// Purge events more than a minute old
 	begin_critical_section(S_XMPP_QUEUE);
 	do {
 		purged_something = 0;
@@ -64,7 +54,7 @@ void xmpp_queue_event(int event_type, char *email_addr) {
 	} while(purged_something);
 	end_critical_section(S_XMPP_QUEUE);
 
-	/* Create a new event */
+	// Create a new event
 	new_event = (struct xmpp_event *) malloc(sizeof(struct xmpp_event));
 	new_event->next = NULL;
 	new_event->event_time = time(NULL);
@@ -73,7 +63,7 @@ void xmpp_queue_event(int event_type, char *email_addr) {
 	new_event->session_which_generated_this_event = CC->cs_pid;
 	safestrncpy(new_event->event_jid, email_addr, sizeof new_event->event_jid);
 
-	/* Add it to the list */
+	// Add it to the list
 	begin_critical_section(S_XMPP_QUEUE);
 	if (xmpp_queue == NULL) {
 		xmpp_queue = new_event;
@@ -88,7 +78,7 @@ void xmpp_queue_event(int event_type, char *email_addr) {
 	}
 	end_critical_section(S_XMPP_QUEUE);
 
-	/* Tell the sessions that something is happening */
+	// Tell the sessions that something is happening
 	begin_critical_section(S_SESSION_TABLE);
 	for (cptr = ContextList; cptr != NULL; cptr = cptr->next) {
 		if ((cptr->logged_in) && (cptr->h_async_function == xmpp_async_loop)) {
@@ -99,15 +89,13 @@ void xmpp_queue_event(int event_type, char *email_addr) {
 }
 
 
-/* 
- * Are we interested in anything from the queue?  (Called in async loop)
- */
+// Are we interested in anything from the queue?  (Called in async loop)
 void xmpp_process_events(void) {
 	struct xmpp_event *xptr = NULL;
 	int highest_event = 0;
 
 	for (xptr=xmpp_queue; xptr!=NULL; xptr=xptr->next) {
-		if (xptr->event_seq > XMPP->last_event_processed) {		// we are getting crashes on this line?
+		if (xptr->event_seq > XMPP->last_event_processed) {
 
 			switch(xptr->event_type) {
 
diff --git a/citadel/server/msgbase.c b/citadel/server/msgbase.c
index b3a8f7071..aaf4446c6 100644
--- a/citadel/server/msgbase.c
+++ b/citadel/server/msgbase.c
@@ -1488,16 +1488,13 @@ int CtdlOutputMsg(long msg_num,		// message number (local) to fetch
 			);
 
 		if ((Author != NULL) && (*Author == NULL)) {
-			long len;
-			CM_GetAsField(TheMessage, eAuthor, Author, &len);
+			*Author = strdup(TheMessage->cm_fields[eAuthor]);
 		}
 		if ((Address != NULL) && (*Address == NULL)) {	
-			long len;
-			CM_GetAsField(TheMessage, erFc822Addr, Address, &len);
+			*Address = strdup(TheMessage->cm_fields[erFc822Addr]);
 		}
 		if ((MessageID != NULL) && (*MessageID == NULL)) {	
-			long len;
-			CM_GetAsField(TheMessage, emessageId, MessageID, &len);
+			*MessageID = strdup(TheMessage->cm_fields[emessageId]);
 		}
 		CM_Free(TheMessage);
 		TheMessage = NULL;
@@ -2011,12 +2008,13 @@ int CtdlOutputPreLoadedMsg(
 	}
 
 	if (mode == MT_RFC822) {
-		// Construct a fun message id
-		cprintf("Message-ID: <%s", mid);
-		if (strchr(mid, '@')==NULL) {
-			cprintf("@%s", snode);
-		}
-		cprintf(">%s", nl);
+		// Make the message ID RFC2822 compliant
+		cprintf("Message-ID: <%s%s%s>%s",		// put it in angle brackets
+			mid,
+			(strchr(mid, '@') ? "" : "@"),		// if there is no domain part,
+			(strchr(mid, '@') ? "" : snode),	// tack on ours.
+			nl
+		);
 
 		if (!is_room_aide() && (TheMessage->cm_anon_type == MES_ANONONLY)) {
 			cprintf("From: \"----\" <x@x.org>%s", nl);
@@ -2320,7 +2318,7 @@ long CtdlSaveThisMessage(struct CtdlMessage *msg, long msgid) {
 	}
 
 	if (error_count > 0) {
-		syslog(LOG_ERR, "msgbase: encountered %d errors storing message %ld", error_count, msgid);
+		syslog(LOG_ERR, "msgbase: encountered %ld errors storing message %ld", error_count, msgid);
 	}
 
 	// Free the memory we used for the serialized message
diff --git a/citadel/server/serv_extensions.c b/citadel/server/serv_extensions.c
index 8787beae8..260bd8dc2 100644
--- a/citadel/server/serv_extensions.c
+++ b/citadel/server/serv_extensions.c
@@ -526,9 +526,7 @@ int PerformXmsgHooks(char *sender, char *sender_email, char *recp, char *msg) {
 
 // "Start TLS" function that is (hopefully) adaptable for any protocol
 void CtdlModuleStartCryptoMsgs(char *ok_response, char *nosup_response, char *error_response) {
-#ifdef HAVE_OPENSSL
 	CtdlStartTLS (ok_response, nosup_response, error_response);
-#endif
 }
 
 
diff --git a/citadel/server/server.h b/citadel/server/server.h
index 8d1f7d0ff..24833b737 100644
--- a/citadel/server/server.h
+++ b/citadel/server/server.h
@@ -15,10 +15,8 @@
 #endif
 
 #include "citadel_defs.h"
-#ifdef HAVE_OPENSSL
 #define OPENSSL_NO_KRB5			// work around redhat b0rken ssl headers
 #include <openssl/ssl.h>
-#endif
 
 
 // New format for a message in memory
diff --git a/citadel/server/sysdep.c b/citadel/server/sysdep.c
index 58f94624d..6f3209468 100644
--- a/citadel/server/sysdep.c
+++ b/citadel/server/sysdep.c
@@ -69,9 +69,7 @@ void init_sysdep(void) {
 #endif
 
 	// If we've got OpenSSL, we're going to use it.
-#ifdef HAVE_OPENSSL
 	init_ssl();
-#endif
 
 	if (pthread_key_create(&MyConKey, NULL) != 0) {				// TSD for sessions
 		syslog(LOG_CRIT, "sysdep: can't create TSD key: %m");
@@ -252,19 +250,17 @@ static unsigned on = 1, off = 0;
 
 void buffer_output(void) {
 #ifdef HAVE_TCP_BUFFERING
-#ifdef HAVE_OPENSSL
-	if (!CC->redirect_ssl)
-#endif
+	if (!CC->redirect_ssl) {
 		setsockopt(CC->client_socket, IPPROTO_TCP, TCP_CORK, &on, 4);
+	}
 #endif
 }
 
 void unbuffer_output(void) {
 #ifdef HAVE_TCP_BUFFERING
-#ifdef HAVE_OPENSSL
-	if (!CC->redirect_ssl)
-#endif
+	if (!CC->redirect_ssl) {
 		setsockopt(CC->client_socket, IPPROTO_TCP, TCP_CORK, &off, 4);
+	}
 #endif
 }
 
@@ -305,12 +301,10 @@ int client_write(const char *buf, int nbytes) {
 		return 0;
 	}
 
-#ifdef HAVE_OPENSSL
 	if (Ctx->redirect_ssl) {
 		client_write_ssl(buf, nbytes);
 		return 0;
 	}
-#endif
 	if (Ctx->client_socket == -1) return -1;
 
 	fdflags = fcntl(Ctx->client_socket, F_GETFL);
@@ -397,16 +391,13 @@ int client_read_blob(StrBuf *Target, int bytes, int timeout) {
 	const char *Error;
 	int retval = 0;
 
-#ifdef HAVE_OPENSSL
 	if (CC->redirect_ssl) {
 		retval = client_read_sslblob(Target, bytes, timeout);
 		if (retval < 0) {
 			syslog(LOG_ERR, "sysdep: client_read_blob() failed");
 		}
 	}
-	else 
-#endif
-	{
+	else {
 		retval = StrBufReadBLOBBuffered(Target, 
 						CC->RecvBuf.Buf,
 						&CC->RecvBuf.ReadWritePointer,
@@ -505,14 +496,11 @@ int CtdlClientGetLine(StrBuf *Target) {
 	int rc;
 
 	FlushStrBuf(Target);
-#ifdef HAVE_OPENSSL
 	if (CC->redirect_ssl) {
 		rc = client_readline_sslbuffer(Target, CC->RecvBuf.Buf, &CC->RecvBuf.ReadWritePointer, 1);
 		return rc;
 	}
-	else 
-#endif
-	{
+	else {
 		rc = StrBufTCP_read_buffered_line_fast(Target, 
 						       CC->RecvBuf.Buf,
 						       &CC->RecvBuf.ReadWritePointer,
diff --git a/citadel/tests/dkimtester/.gitignore b/citadel/tests/dkimtester/.gitignore
new file mode 100644
index 000000000..c9a9405d5
--- /dev/null
+++ b/citadel/tests/dkimtester/.gitignore
@@ -0,0 +1 @@
+dkimtester
diff --git a/citadel/tests/dkimtester/Makefile b/citadel/tests/dkimtester/Makefile
new file mode 100644
index 000000000..d308ec2fc
--- /dev/null
+++ b/citadel/tests/dkimtester/Makefile
@@ -0,0 +1,7 @@
+# Makefile
+
+dkimtester: dkimtester.c ../../server/modules/smtp/dkim.c
+	cc -DDKIM_VERIFY_SIGNATURE -g dkimtester.c ../../server/modules/smtp/dkim.c -lcrypto -lcitadel -o dkimtester
+
+clean:
+	rm -f dkimtester
diff --git a/citadel/tests/dkimtester/README.md b/citadel/tests/dkimtester/README.md
new file mode 100644
index 000000000..5a9d9e891
--- /dev/null
+++ b/citadel/tests/dkimtester/README.md
@@ -0,0 +1,20 @@
+# dkimtester
+
+This is a test harness for Citadel's DKIM signing code.  It is not likely
+that you will use this program unless you're hacking on the DKIM signer
+itself.  The private key embedded in the test program matches the DKIM record
+for `dev.citadel.org` at the time this is being written.  That record looks
+like this:
+
+```
+foo._domainkey.dev.citadel.org IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37nn3HqaJEa56Ukg7MbvkA6ng/Bi/UJ2c/zeiMU3Qb+lnNdBMQXtiI0uXSiOwL4UkhCtMxhPB5KZsHnHG4nqUKnrnrXlswDGdbk+N2w95O3snu71qG4jj/ULaGBkerBtuYdluU23PdVuH3b2J8WFSY8fMCFRdH96Nub/q0LnqKNB5bxsgPf8YvRgGiS9OTpitcZzCYEr1v0PEM6u2qX9Q+lz1x7ob+bXrxJZGeY5bzNsNHE1cgMzK1IekZHJ/cTOPzT1mIIQXN4zuE6z50q6G0Bq19H3IsxPxTeiNIp9CnvGfoDDPDXhXLI7y2XvTKWPYtKcP8oCyIebdzuKqcAtSQIDAQAB"
+```
+If you intend to work with this program, that key will be long gone by the
+time you read this, and *you* don't control `dev.citadel.org` anyway, so you
+will have to create your own host name and set your own DKIM record.  You can
+use this private key if you want to, though.
+
+To run this test, you also must have the `Mail::DKIM::Verifier` perl module
+installed, which can be found on CPAN.
+
+Again -- this is not intended to be part of a regression test suite.
diff --git a/citadel/tests/dkimtester/dkimtester.c b/citadel/tests/dkimtester/dkimtester.c
new file mode 100644
index 000000000..4a4bf3391
--- /dev/null
+++ b/citadel/tests/dkimtester/dkimtester.c
@@ -0,0 +1,75 @@
+// ***** TEST HARNESS *****
+// This contains a private key that, at the time of writing, matches the DKIM public key for dev.citadel.org
+// We can use the attached test message to validate a signature against that.
+
+#include <stdio.h>
+#include <syslog.h>
+#include <libcitadel.h>
+
+// This was easier than trying to figure out the header situation
+void dkim_sign(StrBuf *email, char *pkey_in, char *domain, char *selector);
+
+int main(int argc, char *argv[]) {
+
+	// display the greeting
+	fprintf(stderr,
+		"\033[44m\033[1m╔════════════════════════════════════════════════════════════════════════╗\033[0m\n"
+		"\033[44m\033[1m║ DKIM signature test program for Citadel                                ║\033[0m\n"
+		"\033[44m\033[1m║ Copyright (c) 2024 by citadel.org (Art Cancro et al.)                  ║\033[0m\n"
+		"\033[44m\033[1m║ This program is open source software.  Use, duplication, or disclosure ║\033[0m\n"
+		"\033[44m\033[1m║ is subject to the terms of the GNU General Public license v3.          ║\033[0m\n"
+		"\033[44m\033[1m╚════════════════════════════════════════════════════════════════════════╝\033[0m\n"
+	);
+
+	openlog("dkim", LOG_PERROR, LOG_USER);
+
+	// dkim.c can handle a PEM-encoded PKCS#7 private key that has had all of the newlines replaced by underscores.
+	// It will convert them back to newlines before importing the key.
+	// This is the format that Citadel Server uses to store the key in its configuration database.
+	char *private_key = "-----BEGIN PRIVATE KEY-----_MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDfuefcepokRrnp_SSDsxu+QDqeD8GL9QnZz/N6IxTdBv6Wc10ExBe2IjS5dKI7AvhSSEK0zGE8Hkpmw_eccbiepQqeueteWzAMZ1uT43bD3k7eye7vWobiOP9QtoYGR6sG25h2W5Tbc91W4f_dvYnxYVJjx8wIVF0f3o25v+rQueoo0HlvGyA9/xi9GAaJL05OmK1xnMJgSvW/Q8Q_zq7apf1D6XPXHuhv5tevElkZ5jlvM2w0cTVyAzMrUh6Rkcn9xM4/NPWYghBc3jO4_TrPnSrobQGrX0fcizE/FN6I0in0Ke8Z+gMM8NeFcsjvLZe9MpY9i0pw/ygLIh5t3_O4qpwC1JAgMBAAECggEAIwiTCMEAGzciDKhhagJ66BWLYMtHTP5X2zDZThSH4xlW_HznL4RfbCtuEy5y6we7h/L90x8ACPB7WRz7CkYrmsMvy9A7q0b2I1k10MyyVgqBJ_QdgMitv4YKYQK7+QbG/tNrS/lqVXUOz3iiDQSgkRpqOtUBWfkj0WD7vbhF99NDhV_dxaehFkKv3yNy0bXJlHJBJ6KtOUnDwub8TExh8dyj3kB8Qzj4I98shaXPNUSSaOw_zG6QG72yrxlMs495jkIPbF2JDidmLrX+oVISwKyaBWx+BkFV/KFAEKgaB5/nCw7+_qq/jxsmXim3HuQ3MIAjq1yw9aGRH1HMi8Gn7tYlNGwKBgQDy6EEKpuEiW9wwlI2+_GVuSkhSTTX1h6qK/ay8Jtyb8yJM/BxogAQlfjdgFixiZHy5MaomTbfeT2GDji553_+RsnZ60+g7FI9nHwabSxtuCQ+vjbFqCsdMPAiSeG0bEzo0zf5TjASdUtuZL0vXjl_yMZWDEuESoVNlYlvCOVkw2nvIwKBgQDryPuSq6PNVHRWsKRRs5ju4wKs/1ucBOg5_gCcN8lE03mFCWAlZhypE4/fAhTQ/a5KQoAzc0QZcXRueDyNsnc+QWw3/QWf8/fkV_HPfTWS3Dcuj+4RnWUucaZ/mKFlTC3+eNSlpyaPIMlCjXGsJ9GlPrsaAi9KPbD2v/_XcMq/PMOowKBgHVf7S3sfZVQthFzdxqIvksQ84hKRW/vJT1B2bTkH56+fQhTsjgM_yC64J85l7DjxbDnYsSngVWXHhOnvKV/nq0tbOcefcydCjsQREBNfvxvPajjTskgj_FAQRQlxPL0U4f4khBk9EXhJ+PZithaHjZpNl1YfTSp62x3Yz4kTSeHnpAoGAGn5m_5kArE7NdrzACBrwrfww7DL1Uyd8zSOLBgKutvEcQnqfNxSWO9la3TAarrESmH2Ic_j+Nc15wOsl/5FwdUf1/73qa2zJKtHlY28qSeo8uRqrIYeSCvnyP3wjBoLc2C8zlb_mGd6azdqr2DuYahHrcAzwjnC/6Zn+DXM7FOn7AkCgYBp1xxY88cCoF24yffkD3MC_ACUury4qRSDTGx6/qCCkIyWxg1vuiDrlPWhSwQznxHvovcfpdjdbWcFY87IK6mpG_aJHwMJ7Kw+baoxGPZWHwdg6BgvUCihe3xlcaq6rOBoLviD6FOzbogg++Tvi0LemG_y/wEs/mZkaRzW4n41ir0Xw==_-----END PRIVATE KEY-----";
+
+	char *domain = "dev.citadel.org";
+	char *selector = "foo";
+
+	// Sample message
+	StrBuf *email = NewStrBufPlain(HKEY(
+		"From: Fred Bloggs <bloggs@dev.citadel.org>\r\n"
+		"X-irrelevant-header: wow mom 303\r\n"
+		"To: Bread Floggs <bf@example.com>\r\n"
+		"Subject: The ultimate  test message\r\n"
+		"Message-ID: <73294856-8726543-473298@dev.citadel.org>\r\n"
+		"\r\n"
+		"Hi.\r\n"
+		"\r\n"
+		"Bhille Disassemble.  Highly recommend.\r\n"
+		"\r\n"
+		"--Fred\r\n"
+
+
+	));
+
+	// create signature
+	dkim_sign(email, private_key, domain, selector);
+
+	// Show the user what we did
+	printf("%s", (char *)ChrPtr(email));
+
+	FILE *fp;
+	printf("\033[34m-----\033[0m\n");
+	printf("Piping original version to test program (this should pass)\n");
+	fp = popen("./tester.pl | sed s/pass/\033[32mpass\033[0m/g | sed s/fail/\033[31mfail\033[0m/g", "w");
+	fwrite((char *)ChrPtr(email), StrLength(email), 1, fp);
+	pclose(fp);
+	printf("\033[34m-----\033[0m\n");
+	printf("Piping altered version to test program (this should fail)\n");
+	fp = popen("sed s/oggs/argh/g | ./tester.pl | sed s/pass/\033[32mpass\033[0m/g | sed s/fail/\033[31mfail\033[0m/g", "w");
+	fwrite((char *)ChrPtr(email), StrLength(email), 1, fp);
+	pclose(fp);
+	printf("\033[34m-----\033[0m\n");
+
+	// free some memory
+	FreeStrBuf(&email);
+
+	// exit the test program
+	return(0);
+}
diff --git a/citadel/tests/dkimtester/tester.pl b/citadel/tests/dkimtester/tester.pl
new file mode 100755
index 000000000..1f23339bd
--- /dev/null
+++ b/citadel/tests/dkimtester/tester.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+
+use Mail::DKIM::Verifier;
+ 
+# create a verifier object
+my $dkim = Mail::DKIM::Verifier->new();
+ 
+# read an email from a file handle
+while (<STDIN>)
+{
+    # remove local line terminators
+    chomp;
+    s/\015$//;
+    # use SMTP line terminators
+    $dkim->PRINT("$_\015\012");
+}
+$dkim->CLOSE;
+ 
+# what is the result of the verify?
+my $result = $dkim->result;
+
+# there might be multiple signatures, what is the result per signature?
+foreach my $signature ($dkim->signatures)
+{
+    print 'signature identity: ' . $signature->identity . "\n";
+    print '     verify result: ' . $signature->result_detail . "\n";
+}
+ 
+# the alleged author of the email may specify how to handle email
+foreach my $policy ($dkim->policies)
+{
+    die 'fraudulent message' if ($policy->apply($dkim) eq 'reject');
+}
diff --git a/citadel/utils/ctdlload.c b/citadel/utils/ctdlload.c
index a4bdb5047..aed19b472 100644
--- a/citadel/utils/ctdlload.c
+++ b/citadel/utils/ctdlload.c
@@ -1,6 +1,6 @@
 // Load (restore) the Citadel database from a flat file created by ctdldump
 //
-// Copyright (c) 2023-2024 by Art Cancro citadel.org
+// Copyright (c) 2023-2024 by citadel.org (Art Cancro et al.)
 //
 // This program is open source software.  Use, duplication, or disclosure
 // is subject to the terms of the GNU General Public License, version 3.
@@ -118,6 +118,7 @@ int import_user(char *line, struct cdbkeyval *kv) {
 	char userkey[USERNAME_SIZE];
 	char *token;
 	struct ctdluser *u;
+	int dlen = 0;
 
 	u = malloc(sizeof(struct ctdluser));
 	if (!u) {
@@ -163,8 +164,12 @@ int import_user(char *line, struct cdbkeyval *kv) {
 				u->msgnum_pic = atol(token);
 				break;
 			case 12:
-				CtdlDecodeBase64(token, token, strlen(token));			// Decode in place
-				safestrncpy(u->emailaddrs, token, sizeof(u->emailaddrs));
+				dlen = CtdlDecodeBase64(token, token, strlen(token));			// Decode in place
+				if (dlen >= sizeof(u->emailaddrs)) {
+					dlen = sizeof(u->emailaddrs) - 1;
+				}
+				memcpy(u->emailaddrs, token, dlen);
+				u->emailaddrs[dlen] = 0;
 				break;
 			case 13:
 				u->msgnum_inboxrules = atol(token);
@@ -691,6 +696,7 @@ void ingest_one(char *line, struct cdbkeyval *kv) {
 		++good_rows;
 	}
 	else {
+		fprintf(stderr, "bad row: <%s>\n", line);
 		++bad_rows;
 	}
 
@@ -731,6 +737,10 @@ void ingest(void) {
 		}
 
 		if (line_len > 0) {
+			if (!strncasecmp(line, HKEY("end|"))) {
+				fprintf(stderr, "\n");
+				end_found = 1;
+			}
 			if ( (begin_found) && (!end_found) ) {
 				ingest_one(line, &kv);
 			}
@@ -738,10 +748,6 @@ void ingest(void) {
 				begin_found = 1;
 				fprintf(stderr, "   good rows / bad rows:\n");
 			}
-			if (!strncasecmp(line, HKEY("end|"))) {
-				fprintf(stderr, "\n");
-				end_found = 1;
-			}
 		}
 
 	} while (ch >= 0);
diff --git a/libcitadel/README.txt b/libcitadel/README.txt
index 81336d9ab..584e53632 100644
--- a/libcitadel/README.txt
+++ b/libcitadel/README.txt
@@ -1,12 +1,10 @@
 This is libcitadel, a library which contains code that is used in multiple
 components of the Citadel system -- the server, the text mode client, and
 WebCit.  It is not intended to be a general-purpose library for widespread
-use, although there are parts of it that may be useful for that purpose,
-such as the MIME parser and the vCard data type.
+use, although there are parts of it that may be useful for that purpose.
 
-Copyright (c) 1987-2023 by the citadel.org development team.
-This program is distributed under the terms of the GNU General Public
-License, version 3.
+Copyright (c) 1987-2024 by the citadel.org development team.
+This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
 
 To build and install libcitadel:
 
diff --git a/libcitadel/lib/libcitadel.h b/libcitadel/lib/libcitadel.h
index 181718737..655ebe445 100644
--- a/libcitadel/lib/libcitadel.h
+++ b/libcitadel/lib/libcitadel.h
@@ -19,7 +19,7 @@
 #include <sys/types.h>
 #include <netinet/in.h>
 
-#define LIBCITADEL_VERSION_NUMBER 999
+#define LIBCITADEL_VERSION_NUMBER 1000
 
 /*
  * Here's a bunch of stupid magic to make the MIME parser portable.
diff --git a/libcitadel/lib/stringbuf.c b/libcitadel/lib/stringbuf.c
index b382025b9..7f136deb0 100644
--- a/libcitadel/lib/stringbuf.c
+++ b/libcitadel/lib/stringbuf.c
@@ -1,7 +1,6 @@
-// Copyright (c) 1987-2023 by the citadel.org team
+// Copyright (c) 1987-2024 by the citadel.org team
 //
-// This program is open source software.  Use, duplication, or disclosure
-// is subject to the terms of the GNU General Public License, version 3.
+// This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License, version 3.
 
 #define _GNU_SOURCE
 #include "sysdep.h"
@@ -37,11 +36,11 @@ int ZEXPORT compress_gzip(Bytef * dest, size_t * destLen, const Bytef * source,
 #endif
 int BaseStrBufSize = 64;
 int EnableSplice = 0;
-int ZLibCompressionRatio = -1; /* defaults to 6 */
+int ZLibCompressionRatio = -1; // defaults to 6
 #ifdef HAVE_ZLIB
-#define DEF_MEM_LEVEL 8 /*< memlevel??? */
-#define OS_CODE 0x03	/*< unix */
-const int gz_magic[2] = { 0x1f, 0x8b };	/* gzip magic header */
+#define DEF_MEM_LEVEL 8 // memlevel???
+#define OS_CODE 0x03	// unix
+const int gz_magic[2] = { 0x1f, 0x8b };	// gzip magic header
 #endif
 
 const char *StrBufNOTNULL = ((char*) NULL) - 1;
@@ -164,19 +163,17 @@ void dbg_Init(StrBuf *Buf) {
 }
 
 #else
-/* void it... */
+// void it...
 #define dbg_FreeStrBuf(a, b)
 #define dbg_IncreaseBuf(a)
 #define dbg_Init(a)
 
 #endif
 
-/*
- *  swaps the contents of two StrBufs
- * this is to be used to have cheap switched between a work-buffer and a target buffer 
- *  A First one
- *  B second one
- */
+// swaps the contents of two StrBufs
+// this is to be used to have cheap switched between a work-buffer and a target buffer 
+// A First one
+// B second one
 static inline void iSwapBuffers(StrBuf *A, StrBuf *B) {
 	StrBuf C;
 
@@ -192,15 +189,13 @@ void SwapBuffers(StrBuf *A, StrBuf *B) {
 }
 
 
-/* 
- *  Cast operator to Plain String 
- * @note if the buffer is altered by StrBuf operations, this pointer may become 
- *  invalid. So don't lean on it after altering the buffer!
- *  Since this operation is considered cheap, rather call it often than risking
- *  your pointer to become invalid!
- *  Str the string we want to get the c-string representation for
- * @returns the Pointer to the Content. Don't mess with it!
- */
+// Cast operator to Plain String 
+// note: if the buffer is altered by StrBuf operations, this pointer may become 
+// invalid. So don't lean on it after altering the buffer!
+// Since this operation is considered cheap, rather call it often than risking
+// your pointer to become invalid!
+// Str the string we want to get the c-string representation for
+// returns the Pointer to the Content. Don't mess with it!
 inline const char *ChrPtr(const StrBuf *Str) {
 	if (Str == NULL)
 		return "";
@@ -208,11 +203,9 @@ inline const char *ChrPtr(const StrBuf *Str) {
 }
 
 
-/*
- *  since we know strlen()'s result, provide it here.
- *  Str the string to return the length to
- * @returns contentlength of the buffer
- */
+// since we know strlen()'s result, provide it here.
+// Str the string to return the length to
+// returns contentlength of the buffer
 inline int StrLength(const StrBuf *Str) {
 	return (Str != NULL) ? Str->BufUsed : 0;
 }
@@ -276,12 +269,10 @@ void ReAdjustEmptyBuf(StrBuf *Buf, long ThreshHold, long NewSize) {
 }
 
 
-/*
- *  shrink long term buffers to their real size so they don't waste memory
- *  Buf buffer to shrink
- *  Force if not set, will just executed if the buffer is much to big; set for lifetime strings
- * @returns physical size of the buffer
- */
+// shrink long term buffers to their real size so they don't waste memory
+// Buf buffer to shrink
+// Force if not set, will just executed if the buffer is much to big; set for lifetime strings
+// returns physical size of the buffer
 long StrBufShrinkToFit(StrBuf *Buf, int Force) {
 	if (Buf == NULL)
 		return -1;
@@ -301,10 +292,8 @@ long StrBufShrinkToFit(StrBuf *Buf, int Force) {
 }
 
 
-/*
- *  Allocate a new buffer with default buffer size
- * @returns the new stringbuffer
- */
+// Allocate a new buffer with default buffer size
+// returns the new stringbuffer
 StrBuf *NewStrBuf(void) {
 	StrBuf *NewBuf;
 
@@ -327,11 +316,9 @@ StrBuf *NewStrBuf(void) {
 }
 
 
-/* 
- *  Copy Constructor; returns a duplicate of CopyMe
- *  CopyMe Buffer to faxmilate
- * @returns the new stringbuffer
- */
+// Copy Constructor; returns a duplicate of CopyMe
+// CopyMe Buffer to faxmilate
+// returns the new stringbuffer
 StrBuf *NewStrBufDup(const StrBuf *CopyMe) {
 	StrBuf *NewBuf;
 	
@@ -359,14 +346,12 @@ StrBuf *NewStrBufDup(const StrBuf *CopyMe) {
 }
 
 
-/* 
- *  Copy Constructor; CreateRelpaceMe will contain CopyFlushMe afterwards.
- *  NoMe if non-NULL, we will use that buffer as value; KeepOriginal will abused as len.
- *  CopyFlushMe Buffer to faxmilate if KeepOriginal, or to move into CreateRelpaceMe if !KeepOriginal.
- *  CreateRelpaceMe If NULL, will be created, else Flushed and filled CopyFlushMe 
- *  KeepOriginal should CopyFlushMe remain intact? or may we Steal its buffer?
- * @returns the new stringbuffer
- */
+// Copy Constructor; CreateRelpaceMe will contain CopyFlushMe afterwards.
+// NoMe if non-NULL, we will use that buffer as value; KeepOriginal will abused as len.
+// CopyFlushMe Buffer to faxmilate if KeepOriginal, or to move into CreateRelpaceMe if !KeepOriginal.
+// CreateRelpaceMe If NULL, will be created, else Flushed and filled CopyFlushMe 
+// KeepOriginal should CopyFlushMe remain intact? or may we Steal its buffer?
+// returns the new stringbuffer
 void NewStrBufDupAppendFlush(StrBuf **CreateRelpaceMe, StrBuf *CopyFlushMe, const char *NoMe, int KeepOriginal) {
 	StrBuf *NewBuf;
 	
@@ -389,11 +374,9 @@ void NewStrBufDupAppendFlush(StrBuf **CreateRelpaceMe, StrBuf *CopyFlushMe, cons
 		return;
 	}
 
-	/* 
-	 * Randomly Chosen: bigger than 64 chars is cheaper to swap the buffers instead of copying.
-	 * else *CreateRelpaceMe may use more memory than needed in a longer term, CopyFlushMe might
-	 * be a big IO-Buffer...
-	 */
+	// Randomly Chosen: bigger than 64 chars is cheaper to swap the buffers instead of copying.
+	// else *CreateRelpaceMe may use more memory than needed in a longer term, CopyFlushMe might
+	// be a big IO-Buffer...
 	if (KeepOriginal || (StrLength(CopyFlushMe) < 256)) {
 		if (*CreateRelpaceMe == NULL) {
 			*CreateRelpaceMe = NewBuf = NewStrBufPlain(NULL, CopyFlushMe->BufUsed);
@@ -422,14 +405,12 @@ void NewStrBufDupAppendFlush(StrBuf **CreateRelpaceMe, StrBuf *CopyFlushMe, cons
 }
 
 
-/*
- *  create a new Buffer using an existing c-string
- * this function should also be used if you want to pre-suggest
- * the buffer size to allocate in conjunction with ptr == NULL
- *  ptr the c-string to copy; may be NULL to create a blank instance
- *  nChars How many chars should we copy; -1 if we should measure the length ourselves
- * @returns the new stringbuffer
- */
+// create a new Buffer using an existing c-string
+// this function should also be used if you want to pre-suggest
+// the buffer size to allocate in conjunction with ptr == NULL
+// ptr the c-string to copy; may be NULL to create a blank instance
+// nChars How many chars should we copy; -1 if we should measure the length ourselves
+// returns the new stringbuffer
 StrBuf *NewStrBufPlain(const char* ptr, int nChars) {
 	StrBuf *NewBuf;
 	size_t Siz = BaseStrBufSize;
@@ -475,13 +456,13 @@ StrBuf *NewStrBufPlain(const char* ptr, int nChars) {
 }
 
 
-/*
- *  Set an existing buffer from a c-string
- *  Buf buffer to load
- *  ptr c-string to put into 
- *  nChars set to -1 if we should work 0-terminated
- * @returns the new length of the string
- */
+//
+//  Set an existing buffer from a c-string
+//  Buf buffer to load
+//  ptr c-string to put into 
+//  nChars set to -1 if we should work 0-terminated
+// @returns the new length of the string
+///
 int StrBufPlain(StrBuf *Buf, const char* ptr, int nChars) {
 	size_t Siz;
 	size_t CopySize;
@@ -518,13 +499,12 @@ int StrBufPlain(StrBuf *Buf, const char* ptr, int nChars) {
 }
 
 
-/*
- *  use strbuf as wrapper for a string constant for easy handling
- *  StringConstant a string to wrap
- *  SizeOfStrConstant should be sizeof(StringConstant)-1
- */
-StrBuf* _NewConstStrBuf(const char* StringConstant, size_t SizeOfStrConstant)
-{
+//
+//  use strbuf as wrapper for a string constant for easy handling
+//  StringConstant a string to wrap
+//  SizeOfStrConstant should be sizeof(StringConstant)-1
+///
+StrBuf *_NewConstStrBuf(const char* StringConstant, size_t SizeOfStrConstant) {
 	StrBuf *NewBuf;
 
 	NewBuf = (StrBuf*) malloc(sizeof(StrBuf));
@@ -541,10 +521,10 @@ StrBuf* _NewConstStrBuf(const char* StringConstant, size_t SizeOfStrConstant)
 }
 
 
-/*
- *  flush the content of a Buf; keep its struct
- *  buf Buffer to flush
- */
+//
+//  flush the content of a Buf; keep its struct
+//  buf Buffer to flush
+///
 int FlushStrBuf(StrBuf *buf) {
 	if ((buf == NULL) || (buf->buf == NULL)) {
 		return -1;
@@ -557,12 +537,11 @@ int FlushStrBuf(StrBuf *buf) {
 	return 0;
 }
 
-/*
- *  wipe the content of a Buf thoroughly (overwrite it -> expensive); keep its struct
- *  buf Buffer to wipe
- */
-int FLUSHStrBuf(StrBuf *buf)
-{
+//
+//  wipe the content of a Buf thoroughly (overwrite it -> expensive); keep its struct
+//  buf Buffer to wipe
+///
+int FLUSHStrBuf(StrBuf *buf) {
 	if (buf == NULL)
 		return -1;
 	if (buf->ConstBuf)
@@ -577,14 +556,13 @@ int FLUSHStrBuf(StrBuf *buf)
 #ifdef SIZE_DEBUG
 int hFreeDbglog = -1;
 #endif
-/*
- *  Release a Buffer
- * Its a double pointer, so it can NULL your pointer
- * so fancy SIG11 appear instead of random results
- *  FreeMe Pointer Pointer to the buffer to free
- */
-void FreeStrBuf (StrBuf **FreeMe)
-{
+//
+//  Release a Buffer
+// Its a double pointer, so it can NULL your pointer
+// so fancy SIG11 appear instead of random results
+//  FreeMe Pointer Pointer to the buffer to free
+///
+void FreeStrBuf (StrBuf **FreeMe) {
 	if (*FreeMe == NULL)
 		return;
 
@@ -596,14 +574,14 @@ void FreeStrBuf (StrBuf **FreeMe)
 	*FreeMe = NULL;
 }
 
-/*
- *  flatten a Buffer to the Char * we return 
- * Its a double pointer, so it can NULL your pointer
- * so fancy SIG11 appear instead of random results
- * The Callee then owns the buffer and is responsible for freeing it.
- *  SmashMe Pointer Pointer to the buffer to release Buf from and free
- * @returns the pointer of the buffer; Callee owns the memory thereafter.
- */
+//
+//  flatten a Buffer to the Char * we return 
+// Its a double pointer, so it can NULL your pointer
+// so fancy SIG11 appear instead of random results
+// The Callee then owns the buffer and is responsible for freeing it.
+//  SmashMe Pointer Pointer to the buffer to release Buf from and free
+// @returns the pointer of the buffer; Callee owns the memory thereafter.
+///
 char *SmashStrBuf (StrBuf **SmashMe) {
 	char *Ret;
 
@@ -619,11 +597,9 @@ char *SmashStrBuf (StrBuf **SmashMe) {
 }
 
 
-/*
- *  Release the buffer
- * If you want put your StrBuf into a Hash, use this as Destructor.
- *  VFreeMe untyped pointer to a StrBuf. be shure to do the right thing [TM]
- */
+// Release the buffer
+// If you want put your StrBuf into a Hash, use this as Destructor.
+// VFreeMe untyped pointer to a StrBuf. be shure to do the right thing [TM]
 void HFreeStrBuf (void *VFreeMe) {
 	StrBuf *FreeMe = (StrBuf*)VFreeMe;
 	if (FreeMe == NULL)
@@ -637,11 +613,11 @@ void HFreeStrBuf (void *VFreeMe) {
 }
 
 
-/*******************************************************************************
- *                      Simple string transformations                          *
- *******************************************************************************/
+//******************************************************************************
+//                      Simple string transformations                          *
+//******************************************************************************/
 
-//  Wrapper around atol
+// Wrapper around atol
 long StrTol(const StrBuf *Buf) {
 	if (Buf == NULL)
 		return 0;
@@ -652,7 +628,7 @@ long StrTol(const StrBuf *Buf) {
 }
 
 
-//  Wrapper around atoi
+// Wrapper around atoi
 int StrToi(const StrBuf *Buf) {
 	if (Buf == NULL)
 		return 0;
@@ -921,13 +897,10 @@ int StrBufSub(StrBuf *dest, const StrBuf *Source, unsigned long Offset, size_t n
 	return NCharsRemain;
 }
 
-/**
- *  Cut nChars from the start of the string
- *  Buf Buffer to modify
- *  nChars how many chars should be skipped?
- */
-void StrBufCutLeft(StrBuf *Buf, int nChars)
-{
+//  Cut nChars from the start of the string
+//  Buf Buffer to modify
+//  nChars how many chars should be skipped?
+void StrBufCutLeft(StrBuf *Buf, int nChars) {
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
 	if (nChars >= Buf->BufUsed) {
 		FlushStrBuf(Buf);
@@ -938,13 +911,10 @@ void StrBufCutLeft(StrBuf *Buf, int nChars)
 	Buf->buf[Buf->BufUsed] = '\0';
 }
 
-/**
- *  Cut the trailing n Chars from the string
- *  Buf Buffer to modify
- *  nChars how many chars should be trunkated?
- */
-void StrBufCutRight(StrBuf *Buf, int nChars)
-{
+// Cut the trailing n Chars from the string
+// Buf Buffer to modify
+// nChars how many chars should be trunkated?
+void StrBufCutRight(StrBuf *Buf, int nChars) {
 	if ((Buf == NULL) || (Buf->BufUsed == 0) || (Buf->buf == NULL))
 		return;
 
@@ -956,14 +926,12 @@ void StrBufCutRight(StrBuf *Buf, int nChars)
 	Buf->buf[Buf->BufUsed] = '\0';
 }
 
-/**
- *  Cut the string after n Chars
- *  Buf Buffer to modify
- *  AfternChars after how many chars should we trunkate the string?
- *  At if non-null and points inside of our string, cut it there.
- */
-void StrBufCutAt(StrBuf *Buf, int AfternChars, const char *At)
-{
+
+//  Cut the string after n Chars
+//  Buf Buffer to modify
+//  AfternChars after how many chars should we trunkate the string?
+//  At if non-null and points inside of our string, cut it there.
+void StrBufCutAt(StrBuf *Buf, int AfternChars, const char *At) {
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
 	if (At != NULL){
 		AfternChars = At - Buf->buf;
@@ -976,12 +944,9 @@ void StrBufCutAt(StrBuf *Buf, int AfternChars, const char *At)
 }
 
 
-/**
- *  Strip leading and trailing spaces from a string; with premeasured and adjusted length.
- *  Buf the string to modify
- */
-void StrBufTrim(StrBuf *Buf)
-{
+//  Strip leading and trailing spaces from a string; with premeasured and adjusted length.
+//  Buf the string to modify
+void StrBufTrim(StrBuf *Buf) {
 	int delta = 0;
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
 
@@ -997,12 +962,11 @@ void StrBufTrim(StrBuf *Buf)
 	}
 	if (delta > 0) StrBufCutLeft(Buf, delta);
 }
-/**
- *  changes all spaces in the string  (tab, linefeed...) to Blank (0x20)
- *  Buf the string to modify
- */
-void StrBufSpaceToBlank(StrBuf *Buf)
-{
+
+
+//  changes all spaces in the string  (tab, linefeed...) to Blank (0x20)
+//  Buf the string to modify
+void StrBufSpaceToBlank(StrBuf *Buf) {
 	char *pche, *pch;
 
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
@@ -1017,8 +981,7 @@ void StrBufSpaceToBlank(StrBuf *Buf)
 	}
 }
 
-void StrBufStripAllBut(StrBuf *Buf, char leftboundary, char rightboundary)
-{
+void StrBufStripAllBut(StrBuf *Buf, char leftboundary, char rightboundary) {
 	const char *pLeft;
 	const char *pRight;
 
@@ -1038,12 +1001,9 @@ void StrBufStripAllBut(StrBuf *Buf, char leftboundary, char rightboundary)
 }
 
 
-/**
- *  uppercase the contents of a buffer
- *  Buf the buffer to translate
- */
-void StrBufUpCase(StrBuf *Buf) 
-{
+//  uppercase the contents of a buffer
+//  Buf the buffer to translate
+void StrBufUpCase(StrBuf *Buf) {
 	char *pch, *pche;
 
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
@@ -1057,12 +1017,9 @@ void StrBufUpCase(StrBuf *Buf)
 }
 
 
-/**
- *  lowercase the contents of a buffer
- *  Buf the buffer to translate
- */
-void StrBufLowerCase(StrBuf *Buf) 
-{
+//  lowercase the contents of a buffer
+//  Buf the buffer to translate
+void StrBufLowerCase(StrBuf *Buf) {
 	char *pch, *pche;
 
 	if ((Buf == NULL) || (Buf->BufUsed == 0)) return;
@@ -1076,19 +1033,19 @@ void StrBufLowerCase(StrBuf *Buf)
 }
 
 
-/*******************************************************************************
- *           a tokenizer that kills, maims, and destroys                       *
- *******************************************************************************/
+//******************************************************************************
+//           a tokenizer that kills, maims, and destroys                       *
+//******************************************************************************/
 
-/**
- *  Replace a token at a given place with a given length by another token with given length
- *  Buf String where to work on
- *  where where inside of the Buf is the search-token
- *  HowLong How long is the token to be replaced
- *  Repl Token to insert at 'where'
- *  ReplLen Length of repl
- * @returns -1 if fail else length of resulting Buf
- */
+//*
+//  Replace a token at a given place with a given length by another token with given length
+//  Buf String where to work on
+//  where where inside of the Buf is the search-token
+//  HowLong How long is the token to be replaced
+//  Repl Token to insert at 'where'
+//  ReplLen Length of repl
+// @returns -1 if fail else length of resulting Buf
+///
 int StrBufReplaceToken(StrBuf *Buf, long where, long HowLong, const char *Repl, long ReplLen) {
 
 	if ((Buf == NULL) || (where > Buf->BufUsed) || (where + HowLong > Buf->BufUsed)) {
@@ -1104,15 +1061,14 @@ int StrBufReplaceToken(StrBuf *Buf, long where, long HowLong, const char *Repl,
 	memmove(Buf->buf + where + ReplLen, Buf->buf + where + HowLong, Buf->BufUsed - where - HowLong);
 	memcpy(Buf->buf + where, Repl, ReplLen);
 	Buf->BufUsed += ReplLen - HowLong;
+	Buf->buf[Buf->BufUsed] = 0;
 	return Buf->BufUsed;
 }
 
-/**
- *  Counts the numbmer of tokens in a buffer
- *  source String to count tokens in
- *  tok    Tokenizer char to count
- * @returns numbers of tokenizer chars found
- */
+//  Counts the numbmer of tokens in a buffer
+//  source String to count tokens in
+//  tok    Tokenizer char to count
+// @returns numbers of tokenizer chars found
 int StrBufNum_tokens(const StrBuf *source, char tok) {
 	char *pch, *pche;
 	long NTokens;
@@ -1132,24 +1088,22 @@ int StrBufNum_tokens(const StrBuf *source, char tok) {
 	return NTokens;
 }
 
-/**
- *  a string tokenizer
- *  Source StringBuffer to read into
- *  parmnum n'th Parameter to remove
- *  separator tokenizer character
- * @returns -1 if not found, else length of token.
- */
-int StrBufRemove_token(StrBuf *Source, int parmnum, char separator)
-{
+
+//  a string tokenizer
+//  Source StringBuffer to read into
+//  parmnum n'th Parameter to remove
+//  separator tokenizer character
+// @returns -1 if not found, else length of token.
+int StrBufRemove_token(StrBuf *Source, int parmnum, char separator) {
 	int ReducedBy;
-	char *d, *s, *end;		/* dest, source */
+	char *d, *s, *end;		// dest, source
 	int count = 0;
 
-	/* Find desired eter */
+	// Find desired eter
 	end = Source->buf + Source->BufUsed;
 	d = Source->buf;
 	while ((d <= end) && (count < parmnum)) {
-		/* End of string, bail! */
+		// End of string, bail!
 		if (!*d) {
 			d = NULL;
 			break;
@@ -1160,9 +1114,9 @@ int StrBufRemove_token(StrBuf *Source, int parmnum, char separator)
 		d++;
 	}
 	if ((d == NULL) || (d >= end))
-		return 0;		/* @Parameter not found */
+		return 0;		// Parameter not found
 
-	/* Find next eter */
+	// Find next eter
 	s = d;
 	while ((s <= end) && (*s && *s != separator)) {
 		s++;
@@ -1171,7 +1125,7 @@ int StrBufRemove_token(StrBuf *Source, int parmnum, char separator)
 		s++;
 	ReducedBy = d - s;
 
-	/* Hack and slash */
+	// Hack and slash
 	if (s >= end) {
 		return 0;
 	}
@@ -1188,17 +1142,16 @@ int StrBufRemove_token(StrBuf *Source, int parmnum, char separator)
 		*--d = '\0';
 		Source->BufUsed += ReducedBy;
 	}
-	/*
-	while (*s) {
-		*d++ = *s++;
-	}
-	*d = 0;
-	*/
+
+	//while (*s) {
+		//*d++ = *s++;
+	//}
+	//*d = 0;
+
 	return ReducedBy;
 }
 
-int StrBufExtract_tokenFromStr(StrBuf *dest, const char *Source, long SourceLen, int parmnum, char separator)
-{
+int StrBufExtract_tokenFromStr(StrBuf *dest, const char *Source, long SourceLen, int parmnum, char separator) {
 	const StrBuf Temp = {
 		(char*)Source,
 		SourceLen,
@@ -1215,19 +1168,16 @@ int StrBufExtract_tokenFromStr(StrBuf *dest, const char *Source, long SourceLen,
 	return StrBufExtract_token(dest, &Temp, parmnum, separator);
 }
 
-/**
- *  a string tokenizer
- *  dest Destination StringBuffer
- *  Source StringBuffer to read into
- *  parmnum n'th Parameter to extract
- *  separator tokenizer character
- * @returns -1 if not found, else length of token.
- */
-int StrBufExtract_token(StrBuf *dest, const StrBuf *Source, int parmnum, char separator)
-{
-	const char *s, *e;		//* source * /
-	int len = 0;			//* running total length of extracted string * /
-	int current_token = 0;		//* token currently being processed * /
+// a string tokenizer
+// dest Destination StringBuffer
+// Source StringBuffer to read into
+// parmnum n'th Parameter to extract
+// separator tokenizer character
+// returns -1 if not found, else length of token.
+int StrBufExtract_token(StrBuf *dest, const StrBuf *Source, int parmnum, char separator) {
+	const char *s, *e;		// source
+	int len = 0;			// running total length of extracted string
+	int current_token = 0;		// token currently being processed
 	 
 	if (dest != NULL) {
 		dest->buf[0] = '\0';
@@ -1278,18 +1228,12 @@ int StrBufExtract_token(StrBuf *dest, const StrBuf *Source, int parmnum, char se
 }
 
 
-
-
-
-/**
- *  a string tokenizer to fetch an integer
- *  Source String containing tokens
- *  parmnum n'th Parameter to extract
- *  separator tokenizer character
- * @returns 0 if not found, else integer representation of the token
- */
-int StrBufExtract_int(const StrBuf* Source, int parmnum, char separator)
-{
+//  a string tokenizer to fetch an integer
+//  Source String containing tokens
+//  parmnum n'th Parameter to extract
+//  separator tokenizer character
+// @returns 0 if not found, else integer representation of the token
+int StrBufExtract_int(const StrBuf* Source, int parmnum, char separator) {
 	StrBuf tmp;
 	char buf[64];
 	
@@ -1304,15 +1248,13 @@ int StrBufExtract_int(const StrBuf* Source, int parmnum, char separator)
 		return 0;
 }
 
-/**
- *  a string tokenizer to fetch a long integer
- *  Source String containing tokens
- *  parmnum n'th Parameter to extract
- *  separator tokenizer character
- * @returns 0 if not found, else long integer representation of the token
- */
-long StrBufExtract_long(const StrBuf* Source, int parmnum, char separator)
-{
+
+// a string tokenizer to fetch a long integer
+// Source String containing tokens
+// parmnum n'th Parameter to extract
+// separator tokenizer character
+// returns 0 if not found, else long integer representation of the token
+long StrBufExtract_long(const StrBuf* Source, int parmnum, char separator) {
 	StrBuf tmp;
 	char buf[64];
 	
@@ -1328,15 +1270,12 @@ long StrBufExtract_long(const StrBuf* Source, int parmnum, char separator)
 }
 
 
-/**
- *  a string tokenizer to fetch an unsigned long
- *  Source String containing tokens
- *  parmnum n'th Parameter to extract
- *  separator tokenizer character
- * @returns 0 if not found, else unsigned long representation of the token
- */
-unsigned long StrBufExtract_unsigned_long(const StrBuf* Source, int parmnum, char separator)
-{
+// a string tokenizer to fetch an unsigned long
+// Source String containing tokens
+// parmnum n'th Parameter to extract
+// separator tokenizer character
+// returns 0 if not found, else unsigned long representation of the token
+unsigned long StrBufExtract_unsigned_long(const StrBuf* Source, int parmnum, char separator) {
 	StrBuf tmp;
 	char buf[64];
 	char *pnum;
@@ -1357,14 +1296,11 @@ unsigned long StrBufExtract_unsigned_long(const StrBuf* Source, int parmnum, cha
 }
 
 
-
-/**
- *  a string tokenizer; Bounds checker
- *  function to make shure whether StrBufExtract_NextToken and friends have reached the end of the string.
- *  Source our tokenbuffer
- *  pStart the token iterator pointer to inspect
- * @returns whether the revolving pointer is inside of the search range
- */
+// a string tokenizer; Bounds checker
+// function to make shure whether StrBufExtract_NextToken and friends have reached the end of the string.
+// Source our tokenbuffer
+// pStart the token iterator pointer to inspect
+// returns whether the revolving pointer is inside of the search range
 int StrBufHaveNextToken(const StrBuf *Source, const char **pStart) {
 	if ((Source == NULL) || (*pStart == StrBufNOTNULL) || (Source->BufUsed == 0)) {
 		return 0;
@@ -1812,8 +1748,7 @@ void StrBufXMLEscAppend(StrBuf *OutBuf,
  *  PlainIn way in from plain old c strings
  *  PlainInLen way in from plain old c strings; maybe you've got binary data or know the length?
  */
-void StrBufHexEscAppend(StrBuf *OutBuf, const StrBuf *In, const unsigned char *PlainIn, long PlainInLen)
-{
+void StrBufHexEscAppend(StrBuf *OutBuf, const StrBuf *In, const unsigned char *PlainIn, long PlainInLen) {
 	const unsigned char *pch, *pche;
 	char *pt, *pte;
 	int len;
@@ -1913,8 +1848,7 @@ void StrBufHexescAppend(StrBuf *OutBuf, const StrBuf *In, const char *PlainIn) {
  *  nolinebreaks	if set to 1, linebreaks are removed from the string.
  *                      if set to 2, linebreaks are replaced by &ltbr/&gt
  */
-long StrEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn, int nbsp, int nolinebreaks)
-{
+long StrEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn, int nbsp, int nolinebreaks) {
 	const char *aptr, *eiptr;
 	char *bptr, *eptr;
 	long len;
@@ -2023,8 +1957,7 @@ long StrEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn, int
  *  Source	source buffer; set to NULL if you just have a C-String
  *  PlainIn       Plain-C string to append; set to NULL if unused
  */
-void StrMsgEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn)
-{
+void StrMsgEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn) {
 	const char *aptr, *eiptr;
 	char *tptr, *eptr;
 	long len;
@@ -2089,8 +2022,7 @@ void StrMsgEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn)
  *  Source	source buffer; set to NULL if you just have a C-String
  *  PlainIn       Plain-C string to append; set to NULL if unused
  */
-void StrIcalEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn)
-{
+void StrIcalEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn) {
 	const char *aptr, *eiptr;
 	char *tptr, *eptr;
 	long len;
@@ -2159,8 +2091,7 @@ void StrIcalEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn)
  *  PlainIn       Plain-C string to append; set to NULL if unused
  * @returns size of result or -1
  */
-long StrECMAEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn)
-{
+long StrECMAEscAppend(StrBuf *Target, const StrBuf *Source, const char *PlainIn) {
 	const char *aptr, *eiptr;
 	char *bptr, *eptr;
 	long len;
@@ -2852,8 +2783,7 @@ int StrBufDecodeHex(StrBuf *Buf) {
  *  Mute char to put over invalid chars
  *  Buf Buffor to transform
  */
-int StrBufSanitizeAscii(StrBuf *Buf, const char Mute)
-{
+int StrBufSanitizeAscii(StrBuf *Buf, const char Mute) {
 	unsigned char *pch;
 
 	if (Buf == NULL) return -1;
@@ -2872,8 +2802,7 @@ int StrBufSanitizeAscii(StrBuf *Buf, const char Mute)
  *  Buf Buffer to translate
  *  StripBlanks Reduce several blanks to one?
  */
-long StrBufUnescape(StrBuf *Buf, int StripBlanks)
-{
+long StrBufUnescape(StrBuf *Buf, int StripBlanks) {
 	int a, b;
 	char hex[3];
 	long len;
@@ -2925,8 +2854,7 @@ long StrBufUnescape(StrBuf *Buf, int StripBlanks)
  * 	source		Source string to be encoded.
  * @returns     encoded length; -1 if non success.
  */
-int StrBufRFC2047encode(StrBuf **target, const StrBuf *source)
-{
+int StrBufRFC2047encode(StrBuf **target, const StrBuf *source) {
 	const char headerStr[] = "=?UTF-8?Q?";
 	int need_to_encode = 0;
 	int i = 0;
@@ -3258,8 +3186,7 @@ void StrBufReplaceChars(StrBuf *buf, char search, char replace) {
  *  removes all \\r s from the string, or replaces them with \n if its not a combination of both.
  *  buf Buffer to modify
  */
-void StrBufToUnixLF(StrBuf *buf)
-{
+void StrBufToUnixLF(StrBuf *buf) {
 	char *pche, *pchS, *pchT;
 	if (buf == NULL)
 		return;
@@ -3297,8 +3224,7 @@ void StrBufToUnixLF(StrBuf *buf)
  *  fromcode	Source encoding
  *  pic           anonimized pointer to iconv struct
  */
-void  ctdl_iconv_open(const char *tocode, const char *fromcode, void *pic)
-{
+void  ctdl_iconv_open(const char *tocode, const char *fromcode, void *pic) {
 #ifdef HAVE_ICONV
 	iconv_t ic = (iconv_t)(-1) ;
 	ic = iconv_open(tocode, fromcode);
@@ -3322,8 +3248,7 @@ void  ctdl_iconv_open(const char *tocode, const char *fromcode, void *pic)
  *  bptr where to start searching
  * @returns found position, NULL if none.
  */
-static inline const char *FindNextEnd (const StrBuf *Buf, const char *bptr)
-{
+static inline const char *FindNextEnd (const StrBuf *Buf, const char *bptr) {
 	const char * end;
 	/* Find the next ?Q? */
 	if (Buf->BufUsed - (bptr - Buf->buf)  < 6)
@@ -3355,8 +3280,7 @@ static inline const char *FindNextEnd (const StrBuf *Buf, const char *bptr)
  *  TmpBuf To share a workbuffer over several iterations. prepare to have it filled with useless stuff afterwards.
  *  pic Pointer to the iconv-session Object
  */
-void StrBufConvert(StrBuf *ConvertBuf, StrBuf *TmpBuf, void *pic)
-{
+void StrBufConvert(StrBuf *ConvertBuf, StrBuf *TmpBuf, void *pic) {
 #ifdef HAVE_ICONV
 	long trycount = 0;
 	size_t siz;
@@ -3506,8 +3430,7 @@ inline static void DecodeSegment(StrBuf *Target,
  *  FoundCharset overrides DefaultCharset if non-empty; If we find a charset inside of the string, 
  *        put it here for later use where no string might be known.
  */
-void StrBuf_RFC822_to_Utf8(StrBuf *Target, const StrBuf *DecodeMe, const StrBuf* DefaultCharset, StrBuf *FoundCharset)
-{
+void StrBuf_RFC822_to_Utf8(StrBuf *Target, const StrBuf *DecodeMe, const StrBuf* DefaultCharset, StrBuf *FoundCharset) {
 	StrBuf *ConvertBuf;
 	StrBuf *ConvertBuf2;
 	ConvertBuf = NewStrBufPlain(NULL, StrLength(DecodeMe));
@@ -3685,8 +3608,7 @@ void StrBuf_RFC822_2_Utf8(StrBuf *Target,
  *  Char the character to examine
  * @returns width of utf8 chars in bytes; if the sequence is broken 0 is returned; 1 if its simply ASCII.
  */
-static inline int Ctdl_GetUtf8SequenceLength(const char *CharS, const char *CharE)
-{
+static inline int Ctdl_GetUtf8SequenceLength(const char *CharS, const char *CharE) {
 	int n = 0;
         unsigned char test = (1<<7);
 
@@ -3709,8 +3631,7 @@ static inline int Ctdl_GetUtf8SequenceLength(const char *CharS, const char *Char
  *  Char character to inspect
  * @returns yes or no
  */
-static inline int Ctdl_IsUtf8SequenceStart(const char Char)
-{
+static inline int Ctdl_IsUtf8SequenceStart(const char Char) {
 /** 11??.???? indicates an UTF8 Sequence. */
 	return ((Char & 0xC0) == 0xC0);
 }
@@ -3720,8 +3641,7 @@ static inline int Ctdl_IsUtf8SequenceStart(const char Char)
  *  Buf string to measure
  * @returns the number of glyphs in Buf
  */
-long StrBuf_Utf8StrLen(StrBuf *Buf)
-{
+long StrBuf_Utf8StrLen(StrBuf *Buf) {
 	int n = 0;
 	int m = 0;
 	char *aptr, *eptr;
@@ -3750,8 +3670,7 @@ long StrBuf_Utf8StrLen(StrBuf *Buf)
  *  maxlen how long may the string become?
  * @returns current length of the string
  */
-long StrBuf_Utf8StrCut(StrBuf *Buf, int maxlen)
-{
+long StrBuf_Utf8StrCut(StrBuf *Buf, int maxlen) {
 	char *aptr, *eptr;
 	int n = 0, m = 0;
 
@@ -3854,8 +3773,7 @@ int ZEXPORT compress_gzip(Bytef * dest,
  * Attention! If you feed this a Const String, you must maintain the uncompressed buffer yourself!
  *  Buf buffer whose content is to be gzipped
  */
-int CompressBuffer(StrBuf *Buf)
-{
+int CompressBuffer(StrBuf *Buf) {
 #ifdef HAVE_ZLIB
 	char *compressed_data = NULL;
 	size_t compressed_len, bufsize;
@@ -3895,8 +3813,7 @@ int CompressBuffer(StrBuf *Buf)
  *           File I/O; Callbacks to libevent                                   *
  *******************************************************************************/
 
-long StrBuf_read_one_chunk_callback (int fd, short event, IOBuffer *FB)
-{
+long StrBuf_read_one_chunk_callback (int fd, short event, IOBuffer *FB) {
 	long bufremain = 0;
 	int n;
 	
@@ -4089,8 +4006,7 @@ eReadState StrBufChunkSipLine(StrBuf *LineBuf, IOBuffer *FB) {
  *  check whether the chunk-buffer has more data waiting or not.
  *  FB Chunk-Buffer to inspect
  */
-eReadState StrBufCheckBuffer(IOBuffer *FB)
-{
+eReadState StrBufCheckBuffer(IOBuffer *FB) {
 	if (FB == NULL)
 		return eReadFail;
 	if (FB->Buf->BufUsed == 0)
@@ -4126,8 +4042,7 @@ long IOBufferStrLength(IOBuffer *FB) {
  *  Error strerror() on error 
  * @returns numbers of chars read
  */
-int StrBufTCP_read_line(StrBuf *buf, int *fd, int append, const char **Error)
-{
+int StrBufTCP_read_line(StrBuf *buf, int *fd, int append, const char **Error) {
 	int len, rlen, slen;
 
 	if ((buf == NULL) || (buf->buf == NULL)) {
@@ -4451,8 +4366,7 @@ static const char *ErrRBLF_BLOBPreConditionFailed="StrBufReadBLOB: Wrong argumen
  *  Error strerror() on error 
  * @returns numbers of chars read
  */
-int StrBufReadBLOB(StrBuf *Buf, int *fd, int append, long nBytes, const char **Error)
-{
+int StrBufReadBLOB(StrBuf *Buf, int *fd, int append, long nBytes, const char **Error) {
 	int fdflags;
 	int rlen;
 	int nSuccessLess;
diff --git a/release_version.txt b/release_version.txt
index a6905f8ba..83b33d238 100644
--- a/release_version.txt
+++ b/release_version.txt
@@ -1 +1 @@
-999
+1000
diff --git a/textclient/textclient.h b/textclient/textclient.h
index 66583979d..576751e7f 100644
--- a/textclient/textclient.h
+++ b/textclient/textclient.h
@@ -6,7 +6,7 @@
 #define	UDS			"_UDS_"
 #define DEFAULT_HOST		"localhost"
 #define DEFAULT_PORT		"504"
-#define CLIENT_VERSION 999
+#define CLIENT_VERSION 1000
 #define CLIENT_TYPE		0
 
 // commands we can send to the stty_ctdl() routine
diff --git a/webcit-ng/static/js/view_calendar.js b/webcit-ng/static/js/view_calendar.js
index f5c53fc19..28fcbd68c 100644
--- a/webcit-ng/static/js/view_calendar.js
+++ b/webcit-ng/static/js/view_calendar.js
@@ -35,8 +35,22 @@ function view_render_calendar() {
 			throw new Error(`${response.status} ${response.statusText}`);
 		}
 	})
-	//.then(str => new window.DOMParser().parseFromString(str, "text/xml"))
-	.then(str => document.getElementById("ctdl-main").innerHTML = escapeHTML(str))
+	//.then(str => document.getElementById("ctdl-main").innerHTML = escapeHTML(str))
+	.then(str => new window.DOMParser().parseFromString(str, "text/xml"))
+	.then(xmlcal => {
+		document.getElementById("ctdl-main").innerHTML = "calendar items:<br>";
+		let root = xmlcal.documentElement;
+		let children = root.childNodes;
+		for (let i=0; i<children.length; ++i) {
+			let child = children[i];
+			if (child.nodeType == Node.ELEMENT_NODE) {
+				var getetag_e = child.getElementsByTagName("DAV:href")[0];
+				var getetag_s = getetag_e.textContent;
+				document.getElementById("ctdl-main").innerHTML += getetag_s + "<br>";
+			}
+		}
+
+	})
 	.catch(error => {
 		console.log(error);
 		document.getElementById("ctdl-main").innerHTML = `<div class="ctdl-fatal-error">${error}</div>`;
diff --git a/webcit/bootstrap b/webcit/bootstrap
index 43c30e3c2..2942bace5 100755
--- a/webcit/bootstrap
+++ b/webcit/bootstrap
@@ -6,6 +6,8 @@
 # Remove any vestiges of pre-6.05 build environments
 rm -f .libs modules *.so *.lo *.la 2>/dev/null
 
+grep '^#define CLIENT_VERSION' webcit.h | sed 's/[^0-9]*//g' >package-version.txt
+
 echo ... running aclocal ...
 aclocal
     
@@ -23,7 +25,6 @@ autoheader
 echo ... mk_module_init.sh ...
 ./scripts/mk_module_init.sh
 
-
 echo
 echo This script has been tested with autoconf 2.53 and
 echo automake 1.5. Other versions may work, but I recommend the latest
@@ -33,4 +34,3 @@ echo Also note that autoconf and automake should be configured
 echo with the same prefix.
 echo
 
-grep '^#define CLIENT_VERSION' webcit.h | sed 's/[^0-9]*//g' >package-version.txt
diff --git a/webcit/configure.ac b/webcit/configure.ac
index 2ca5796b2..7ffaf142b 100644
--- a/webcit/configure.ac
+++ b/webcit/configure.ac
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 dnl $Id$
-AC_INIT([WebCit],[m4_esyscmd_s(grep CLIENT_VERSION webcit.h | sed 's/[^0-9]*//g')],[http://uncensored.citadel.org])
+AC_INIT([WebCit],[m4_esyscmd_s(cat package-version.txt)],[http://uncensored.citadel.org])
 
 AC_SUBST(PROG_SUBDIRS)
 AC_DEFINE(PROG_SUBDIRS, [], [Program dirs])
diff --git a/webcit/webcit.h b/webcit/webcit.h
index 31eaa92df..5e34bcf2c 100644
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -118,7 +118,7 @@ extern char *ssl_cipher_list;
 #define PORT_NUM		80			/* port number to listen on */
 #define DEVELOPER_ID		0
 #define CLIENT_ID		4
-#define CLIENT_VERSION 999		/* This version of WebCit */
+#define CLIENT_VERSION 1000		/* This version of WebCit */
 #define MINIMUM_CIT_VERSION	931			/* Minimum required version of Citadel server */
 #define	LIBCITADEL_MIN		931			/* Minimum required version of libcitadel */
 #define DEFAULT_CTDLDIR		"/usr/local/citadel"	/* Default Citadel server directory */