https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7831
John Hardin <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #13 from John Hardin <[email protected]> --- I'm getting "uninitialized value in pattern match" errors with this patch, where it's trying to extract the domain from a signature identity: Jan 23 10:35:40.102 [19982] dbg: dkim: performing public key lookup and signature verification Jan 23 10:35:40.104 [19982] dbg: dkim: FAILED DKIM, [email protected], d=3harmfullfoods.com, s=dkim, a=rsa-sha1, c=relaxed/relaxed, unknown key size, invalid, matches author domain Use of uninitialized value in pattern match (m//) at /home/jhardin/develop/spamassassin/svn/trunk/masses/../blib/lib/Mail/SpamAssassin/Plugin/DKIM.pm line 913. Jan 23 10:35:40.104 [19982] dbg: dkim: FAILED DK, i=(undef), d=(undef), s=dkim, a=rsa-sha1, c=nofws, unknown key size, invalid, does not match author domain Jan 23 10:35:40.104 [19982] dbg: dkim: signature verification result: INVALID (PUBLIC KEY: NOT AVAILABLE) Jan 23 10:35:40.104 [19982] dbg: dkim: FAILED signature by 3harmfullfoods.com, author [email protected], no valid matches Use of uninitialized value in pattern match (m//) at /home/jhardin/develop/spamassassin/svn/trunk/masses/../blib/lib/Mail/SpamAssassin/Plugin/DKIM.pm line 1265. Jan 23 10:35:40.104 [19982] dbg: dkim: FAILED signature by (undef), author [email protected], no valid matches Jan 23 10:35:40.104 [19982] dbg: dkim: author [email protected], not in any dkim whitelist A DK header referring a domain that does not exist/does not publish any DKIM record seems to be a failure case. > If an identity is not specified, it is filled in with @domain, so it should > be safe to use in place in those cases. This doesn't actually appear to be happening for the DK header check. The DK signature check is *not* setting the identity from the domain (which *is* present - the "d=" value in the log above is the domain extracted from the identity value, not $signature->domain) and the SA code can't update that value to repair it even though the Mail::DKIM documentation suggests that is possible. This appears to be a bug in Mail::DKIM - it's occurring on the latest version, 1.20200907. I have not filed an upstream bug. Here are the DKIM/DK headers from that message: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=3harmfullfoods.com; h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; [email protected]; bh=6Md+1tEoP1V8A8eusTw2Aml04jw=; b=Rp6RdJadb6WCcr3WQRh4ArRFaX+SZERqDJfbBhUFc5cUPZeBXNjfoFxRZ+cnSF9sMbcK5GhJ6FyU rgTcnZxOiMtABwizp+94SVa3i3oSi5wf9H7kl25rZy/yydPOMdd1Gq1xx2xI3HjmqkUFFZDnt4YY C8KEIiqJ1jX2agM4atU= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=3harmfullfoods.com; b=DW+bNtslRBdaAIIoQlwVJTbdj13CQ06RVB/bhG+hWucu3JZz2rMHPN3r1vr6j0Q9UrZVdyy+X5iy 4RxwkXnx2Kb6Wj96v24TuyLkN+IS3S64g9xD/8eehFqkkBgXlfBPpBySjXOjCRLcP9KVv6Ite6QN ujl/lQsqYxoBS7AyoaI=; The DKIM header processes cleanly, the DK one blows up. I have multiple messages from various (apparently bogus) domains in my corpus that exhibit this behavior. Fixing the code to react gracefully to missing identity, and adding a bit more logging... Modified: trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Committed revision 1885854. -- You are receiving this mail because: You are the assignee for the bug.
