mailfromd -- a general-purpose milter - Support: sr #351, probably bug in dkim

mailfromd -- a general-purpose milter - Support: sr #351, probably bug in dkim_sign()

Group

Main
- Main
- View Members
- Search
Homepage
Download
Docs
- Browse (External to Savane)
- Browse
- Submit
- Edit
- Digest
- Export
- Search
Support
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Mailing Lists
Source Code
Bugs
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
News
- Browse
- Atom Feed
- Submit
- Manage

Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

sr #351: probably bug in dkim_sign()

Submitted by:	Wojciech Kunda <adalbertk>
Submitted on:	Mon Sep 11 09:27:59 2023

Category:	None	Priority:	5 - Normal
Severity:	7 - Important	Status:	None
Privacy:	Public	Assigned to:	None
Open/Closed:	Open	Operating System:	GNU/Linux

Mon Sep 11 14:25:28 2023, comment #1:

OK, after many hours we've found the source of the problem. Out sendmail changes recipient's address.
Email address used in TO field was: -unavailable-
But finally it was changed into: -unavailable-

because of:

;; ANSWER SECTION:
bezpiecznapoczta.cert.pl. 300 IN CNAME bezpiecznapoczta.lab.cert.pl.

The ticket may be closed.

Wojciech Kunda <adalbertk>

Mon Sep 11 09:27:59 2023, original submission:

Hello,

We've probably found a bug in the mechanism that signs a message (dkim_sign). There's a system (created by Polish CERT) that works as a DKIM validator and it needs to have a message sent from our own mail server.

Link to the system: https://bezpiecznapoczta.cert.pl/check-email/46bb086e96d7a3b043179c508126a85a

We've done some tests with similar systems and only CERT claims that there is a problem with the DKIM signature. At first we thought that the bug was in CERT's mechanisms but later we discovered that when using other DKIM validators (e.g. plugin in Thunderbird) the problem seems to be related to the signature counted by dkim_sign().

Every time when we send a message to CERT (example address: a4bd435380df6f3465f0654c2d78f4a4@bezpiecznapoczta.lab.cert.pl) and BCC or CC to us, even with a simple header record scope:

h=Date:From:To:Subject;

the signature is wrong.

We tried to debug the code with gdb trying to find out what strings are given to sign with the private key, but we failed.

We tested it in the following environment:
mailfromd 8.17.1
mailutils 3.16

Wojciech Kunda <adalbertk>

No files currently attached

Depends on the following items: None found

Items that depend on this one: None found

Carbon-Copy List

-unavailable- added by adalbertk (Submitted the item)

Do you think this task is very important?
If so, you can click here to add your encouragement to it.
This task has 0 encouragements so far.

Only logged-in users can vote.

Please enter the title of George Orwell's famous dystopian book (it's a date):

No Changes Have Been Made to This Item

Show feedback again