Re: PATCH: multiple deliveries per TLS-encrypted connection

Tue, 19 Jun 2018 11:55:43 -0700 

Viktor Dukhovni:
> 
> 
> > On Jun 19, 2018, at 1:29 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> 
> > wrote:
> > 
> > In that case, perhaps the below will work?
> > 
> > diff --git a/src/smtp/smtp_tls_policy.c b/src/smtp/smtp_tls_policy.c
> > index 13735b21..b5f72376 100644
> > --- a/src/smtp/smtp_tls_policy.c
> > +++ b/src/smtp/smtp_tls_policy.c
> > @@ -824,6 +824,20 @@ static void dane_init(SMTP_TLS_POLICY *tls, 
> > SMTP_ITERATOR *iter)
> >     dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination");
> >     return;
> >     }
> > +
> > +    /*
> > +     * Without the context of a particular MX host, the nexthop is merely a
> > +     * opportunistic "candidate" for DANE policy.  Just return "may" for 
> > now.
> > +     *
> > +     * XXX: This state should only be reached from smtp_reuse_session(),
> > +     * perhaps add a safety flag in iter that is co-requisite with a NULL
> > +     * iter->rr, or else panic?
> > +     */
> > +    if (!iter->rr) {
> > +   tls->level = TLS_LEV_MAY;
> > +   return;
> > +    }
> > +
> >     /* When TLSA lookups fail, we defer the message */
> >     if ((dane = tls_dane_resolve(iter->port, "tcp", iter->rr,
> >                              var_smtp_tls_force_tlsa)) == 0) {
> 
> Ralf, please try just this patch against the stock 20180618 snapshot,
> and check as many of the below as you can:

This will stop crashes but it will also not find any connections
that are cached under the nexthop name, and that were stored with
a different TLS security level.

The connection cache storage key contains the TLS security level
that is in effect at the time that the connection is stored, so
that we will never deliver mail for a high-security destination
over a reused low-security connection. BTW it currently not reuse
connections when the security level requires certificate verification,
because the certificate information is currently not stored in the
connection cache.

Not finding connections cached under nexthop, when primary MXes are
unavailable, means Postfix will waste time commecting to unavailable
MX hosts before it finds something that works.

Finally, can anyone tell me how to reproduce these crashes? This
is extremely frustrating. I can do DNSSSEC lookups on freeBSD and
LINUX.

        Wietse

Reply via email to