Recent changes to bugs

Selector specified for a domain in sender map file doesn't appear to be applied

Pavneet Arora — Fri, 26 Jan 2024 14:49:23 -0000

Trying to set different selector than the default for a specific domain in the sender map file doesn't seem to work. The email is still being signed with the default selector.

dkimproxy_out.conf:

# specify the selector (i.e. the name of the key record put in DNS)
selector  mail

sender map file:

example.com           dkim(d=example.com,s=alt_selector)

Test emails (via SWAKS) are signed with default selector (mail)

Thank you.

Port the deprecated INET6 code to use IO::Socket::IP

Pedro — Thu, 04 Jan 2024 13:10:43 -0000

The https://metacpan.org/pod/IO::Socket::INET6 package has been deprecated upstream for some years now and it points to https://metacpan.org/pod/IO::Socket::IP as a compatible replacement. Would it be possible to port the code to use the IP package instead?

I'm attaching a tentative patch for this change.

TIA

#38 dkimproxy.in don't close connection on postfix 2.8 and upper

ludovic — Fri, 02 Aug 2013 12:12:50 -0000

Hi Jason,

Please could you modify the code of dkimproxy.in to detect the disconnection from remote without QUIT command to proper close the connection OUT from dkimproxy.in without waiting timeout.

Thank's.

Ludovic

dkimproxy.in don't close connection on postfix 2.8 and upper

ludovic — Mon, 11 Jun 2012 17:46:59 -0000

I have just update from postfix 2.6.16 to postfix 2.8.11

On postfix 2.6.16 i have :
Jun 11 18:12:14 dedi postfix/smtpd[24068]: Anonymous TLS connection established from filenet.ludosoft.org[82.236.203.193]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun 11 18:12:14 dedi postfix/smtpd[24072]: connect from dedi.ludosoft.org[127.0.0.1]
Jun 11 18:12:14 dedi postfix/smtpd[24068]: NOQUEUE: client=filenet.ludosoft.org[82.236.203.193]
Jun 11 18:12:14 dedi postfix/smtpd[24072]: BD2CF260CDA: client=filenet.ludosoft.org[82.236.203.193]
Jun 11 18:12:14 dedi dkimproxy.in[10747]: DKIM verify - pass; message-id=<4FD618DD.4060208@ludosoft.org>, signer=<llevet@ludosoft.org>, from=<llevet@ludosoft.org>
Jun 11 18:12:14 dedi postfix/cleanup[24073]: BD2CF260CDA: message-id=<4FD618DD.4060208@ludosoft.org>
Jun 11 18:12:14 dedi postfix/qmgr[24031]: BD2CF260CDA: from=<llevet@ludosoft.org>, size=10388, nrcpt=1 (queue active)
Jun 11 18:12:14 dedi postfix/smtpd[24072]: disconnect from dedi.ludosoft.org[127.0.0.1]
Jun 11 18:12:14 dedi postfix/smtpd[24068]: disconnect from filenet.ludosoft.org[82.236.203.193]
Jun 11 18:12:15 dedi lmtpunix[24041]: Delivered: <4FD618DD.4060208@ludosoft.org> to mailbox: user.llevet
Jun 11 18:12:15 dedi postfix/lmtp[24075]: BD2CF260CDA: to=<llevet@dedi.ludosoft.org>, orig_to=<root@dedi.ludosoft.org>, relay=dedi.ludosoft.org[public/lmtp], delay=0.55, delays=0.21/0.02/0.01/0.31, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Jun 11 18:12:15 dedi postfix/qmgr[24031]: BD2CF260CDA: removed

So process '24072' is quit close by a disconnect.

And now with postfix 2.8.11 and upper :
Jun 11 19:40:05 dedi postfix/smtpd[4686]: connect from filenet.ludosoft.org[82.236.203.193]
Jun 11 19:40:05 dedi postfix/smtpd[4686]: Anonymous TLS connection established from filenet.ludosoft.org[82.236.203.193]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun 11 19:40:05 dedi postfix/smtpd[4689]: connect from dedi.ludosoft.org[127.0.0.1]
Jun 11 19:40:05 dedi postfix/smtpd[4686]: NOQUEUE: client=filenet.ludosoft.org[82.236.203.193]
Jun 11 19:40:05 dedi postfix/smtpd[4689]: A1AFA260CCB: client=dedi.ludosoft.org[127.0.0.1], orig_client=filenet.ludosoft.org[82.236.203.193]
Jun 11 19:40:05 dedi dkimproxy.in[4669]: DKIM verify - pass; message-id=<4FD62D74.8070805@ludosoft.org>, signer=<llevet@ludosoft.org>, from=<llevet@ludosoft.org>
Jun 11 19:40:05 dedi postfix/cleanup[4690]: A1AFA260CCB: message-id=<4FD62D74.8070805@ludosoft.org>
Jun 11 19:40:05 dedi postfix/qmgr[4574]: A1AFA260CCB: from=<llevet@ludosoft.org>, size=10388, nrcpt=1 (queue active)
Jun 11 19:40:05 dedi postfix/smtpd[4686]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as A1AFA260CCB; from=<llevet@ludosoft.org> to=<root@dedi.ludosoft.org> proto=ESMTP helo=<filenet.ludosoft.org>
Jun 11 19:40:05 dedi postfix/smtpd[4686]: disconnect from filenet.ludosoft.org[82.236.203.193]
Jun 11 19:40:06 dedi lmtpunix[4584]: Delivered: <4FD62D74.8070805@ludosoft.org> to mailbox: user.llevet
Jun 11 19:40:06 dedi postfix/lmtp[4692]: A1AFA260CCB: to=<llevet@dedi.ludosoft.org>, orig_to=<root@dedi.ludosoft.org>, relay=dedi.ludosoft.org[public/lmtp], delay=0.55, delays=0.25/0.02/0.01/0.26, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Jun 11 19:40:06 dedi postfix/qmgr[4574]: A1AFA260CCB: removed
Jun 11 19:45:06 dedi postfix/smtpd[4689]: timeout after END-OF-MESSAGE from dedi.ludosoft.org[127.0.0.1]
Jun 11 19:45:06 dedi postfix/smtpd[4689]: disconnect from dedi.ludosoft.org[127.0.0.1]

Process '30465' don't close and i'm waiting for timeout (5mn) from smtpd.

And during this 5 mn i have dkimproxy.in allways connectetd :
[root@dedi lib]# netstat -nap |grep perl
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4667/perl
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 4676/perl
tcp 0 0 127.0.0.1:52365 127.0.0.1:10026 ESTABLISHED 4669/perl
unix 2 [ ] DGRAM 2885602 4669/perl

[root@dedi lib]# ps -ef |grep 4669
dkim 4669 4667 0 19:39 ? 00:00:00 /usr/bin/perl -I/usr/local/dkimproxy/lib /usr/local/dkimproxy/bin/dkimproxy.in --user=dkim --group=dkim --daemonize --pidfile=/usr/local/dkimproxy/var/run/dkimproxy_in.pid --hostname=dedi.ludosoft.org --conf_file=/usr/local/dkimproxy/etc/dkimproxy_in.conf

Thank's.

Ludovic.

problem verifying a broken signature with an empty q tag

Jason Long — Thu, 03 Jun 2010 13:15:55 -0000

Jason,

Thanks for releasing the Mail::DKIM 0.38, looks good!

Some nitpicks, found by greping our log:

two warnings:

Apr 6 17:26:56 dorothy amavis[90842]: (90842-01) _WARN:
Use of uninitialized value $query_type in lc
at /usr/local/lib/perl5/site_perl/5.12.0/Mail/DKIM/PublicKey.pm line 86,
<GEN28> line 26.

Apr 6 17:26:56 dorothy amavis[90842]: (90842-01) _WARN:
Use of uninitialized value $query_type in concatenation (.) or string
at /usr/local/lib/perl5/site_perl/5.12.0/Mail/DKIM/PublicKey.pm line 88,
<GEN28> line 26.

sub fetch_async
{
my $class = shift;
my %prms = @_;

my ($query_type, $query_options) = split(/\//, $prms{Protocol}, 2);
86: if (lc($query_type) ne "dns")
87: {
88: die "unknown query type '$query_type'\n";
}

These warnings come in pairs as a result of verifying a broken signature
with an empty q tag, all coming from youtube.com ("become friends on
YouTube"):

DomainKey-Signature: b=; c=nofws; d=youtube.com; q=; s=selector1

Interestingly, the final result given by Mail::DKIM is:
(invalid, bad identity)

while gmail.com claims:
(bad format)

which sounds more appropriate.

--
submitted by Mark Martinec

We hit a DKIM bomb email on our system

Anonymous — Thu, 03 Jun 2010 12:58:13 -0000

We hit a DKIM bomb email on our system. This single email requires 7GB
of ram to be verified via spamassassin or dkimverify.pl.

This is first time I have ever seen this kind of dkim bomb but I'm very
sure this won't be last time if this inefficiency isn't being fixed.

On very fast machine with it took nearly 7 minutes to verify this email
with dkimverify.pl.

This is clearly a bomb which is designed to break ssytems using Mail::DKIM.

--
Submitted by Tuomo Soini (@d-fence.fi)

DNS timeout mechanism uses alarm() without resetting it

Anonymous — Tue, 08 Sep 2009 13:13:44 -0000

If the calling program is using alarm() to implement a timeout of its own, then Mail::DKIM will cause that timeout to be forgotten.

Client connection to DKIMproxy does not always close

Alex Wheeler — Mon, 03 Aug 2009 19:00:36 -0000

In version 1.2 of DKIMproxy, sometimes when a client connects directly to DKIMproxy.out, DKIMproxy.out will not close the connection properly, and the connection will hang.
In MySmtpProxyServer.pm, in the process_request routine, I have added to the end, the following to explicitly close the connection:
# Make sure the connection is closed, as otherwise it hangs occasionally
$server->{in}->close;
$server->{out}->close;

Thus, the whole function now looks like:

sub process_request
{
my $self = shift;

my $server = $self->{smtp_server} = $self->setup_server_socket;
my $client = $self->{smtp_client} = $self->setup_client_socket;

# wait for SMTP greeting from destination
my $banner = $client->hear;

# emit greeting back to source
$server->ok($banner);

# begin main SMTP loop
# - wait for a command from source
while (my $what = $self->_chat)
{
if ($self->{debug})
{
print STDERR $what . "\n";
}
$self->handle_command($what)
or last;
}
# Make sure the connection is closed, as otherwise it hangs occasionally
$server->{in}->close;
$server->{out}->close;
}

Use of uninitialized value $domain in split at line 500

Jason Long — Tue, 28 Jul 2009 17:13:44 -0000

got this error on STDERR while running with no domain,signature options, only a listid_map option...

Use of uninitialized value $domain in split at ../scripts/dkimproxy.out line 500, <_GEN_0> line 3.

the code in question is...
# if multiple domains were specified in the --domain argument,
# pick one of those domains to use
my $domain = $domain_arg;
my @domains = split /,/, $domain;
if (@domains > 1)

question is, should I allow $domain_arg to be undef?

--daemonize should not eat an argument

Jason Long — Tue, 28 Jul 2009 15:42:52 -0000

Running
/path/to/dkimproxy.in --daemonize 127.0.0.1:10025 127.0.0.1:10026

gives
Error: wrong number of arguments

However, running
/path/to/dkimproxy.in --daemonize=1 127.0.0.1:10025 127.0.0.1:10026

works just fine.