[Bug 1364730] New: DKIM signing of originating mail stopped working after upgrade from 2.10.1-5 to 2.11.0-3

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1364730

            Bug ID: 1364730
           Summary: DKIM signing of originating mail stopped working after
                    upgrade from 2.10.1-5 to 2.11.0-3
           Product: Fedora
           Version: 24
         Component: amavisd-new
          Assignee: j.orti.alca...@gmail.com
          Reporter: m...@cipixia.com
        QA Contact: extras...@fedoraproject.org
                CC: j.orti.alca...@gmail.com,
                    perl-devel@lists.fedoraproject.org, st...@silug.org,
                    vanmeeuwen+fed...@kolabsys.com



Created attachment 1188215
  --> https://bugzilla.redhat.com/attachment.cgi?id=1188215&action=edit
Patch file from
https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html

Description of problem:

Hello, after updating to the latest amavisd-new package I noticed that DKIM
signing no longer works with existing configs.

Running amavisd-new in debug mode, I can confirm that locally generated mail
(in this example sent from root to another local user) is getting routed to the
corrected port for the ORIGINATING policy bank (10026):

Aug  6 18:36:05.865 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) LMTP :10026
/var/spool/amavisd/tmp/amavis-20160806T183605-02709-mYQagKcY:
<r...@cipixia.com> -> <m...@localhost.com> Received: from cipixia.com
([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026)
with LMTP for <m...@localhost.com>; Sat,  6 Aug 2016 18:36:05 +0200 (CEST)

but then a little bit later it decides that the mail is not considered
originating (relevant bits pasted from log):

Aug  6 18:36:05.905 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Checking:
wVqqBSZuYzR0 ORIGINATING [127.0.0.1] <r...@cipixia.com> -> <m...@localhost.com>
...
...
Aug  6 18:36:05.906 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Open relay?
Nonlocal recips but not originating: m...@localhost.com
...
...
Aug  6 18:36:05.931 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) dkim: not
signing mail which is not originating from our site


I Googled around and found this relevant post on the amavisd-new mailing list,
which actually solved my problem:
https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html

In the related message, Giovanni provides a simple patch for /usr/sbin/amavisd
that restores expected functionality.

I tested this patch against my current amavisd-new install by applying it like
so:
patch -b /usr/sbin/amavisd < /tmp/amavisd_dkim_fix.patch 

I then reran the the same test as before by sending an email from root to
another localhost user with amavisd-new in debug mode, and the output now shows
the expected behavior:

Aug  6 18:44:48.246 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) LMTP :10026
/var/spool/amavisd/tmp/amavis-20160806T184448-02882-LhR01zY9:
<r...@cipixia.com> -> <m...@localhost.com> Received: from cipixia.com
([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026)
with LMTP for <m...@localhost.com>; Sat,  6 Aug 2016 18:44:48 +0200 (CEST)
...
...
Aug  6 18:44:48.286 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) Checking:
r89s629QBf_0 ORIGINATING [127.0.0.1] <r...@cipixia.com> -> <m...@localhost.com>
...
...
Aug  6 18:44:48.309 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim:
candidate originators: From:<r...@cipixia.com>
..
..
Aug  6 18:44:48.310 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim:
signing (author), From: <r...@cipixia.com> (From:<r...@cipixia.com>),
KEY.key_ind=>0, a=>rsa-sha256, c=>relaxed/simple, d=>cipixia.com, s=>dkimkey,
ttl=>1814400, x=>1472316289

and so on.

I am not subscribed to the amavisd user's mailing list so I'm not sure if the
upstream developers have responded to or acknowledged Giovanni's message, but
his patch worked for me and solved the issue.


Version-Release number of selected component (if applicable):
amavisd-new-2.11.0-3.fc24.noarch

How reproducible:
Always


Steps to Reproduce:
1.  Setup dkim signing for the originating policy bank
2.  Verify in the logs that your test mail is being routed to the correct port
3.  Observe that dkim signing is not performed and the message is not
considered "local", despite being in the right policy bank

Actual results:
No dkim signing, log messages indicate local mail is not considered as
originating.


Expected results:
Dkim signing performed and triggered by ORIGINATING mail


Additional info:
I've attached the patch from the mailing list to this bug, for convenience

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org