Re: ^L causing DKIM validation errors with opensmtpd+rspamd
Okay even more minimal: RGF0ZTogTW9uLCAxMCBPY3QgMjAyMiAxNjoxOTozOSArMDIwMApGcm9tOiBqYXNvbkB6eDJjNC5j b20KVG86IGphc29uQHp4MmM0LmNvbQpTdWJqZWN0OiBvaCBubyBhbm90aGVyIG9uZSBvZiB0aGVz ZSB0ZXN0cwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJz ZXQ9dXRmLTgKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgogCg== If an email ends with a space and a newline, then the dkim signature it generates is broken? Wha?
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
It happens too with unix endings: RGF0ZTogTW9uLCAxMCBPY3QgMjAyMiAxNjoxOTozOSArMDIwMApGcm9tOiBqYXNvbkB6eDJjNC5j b20KVG86IGphc29uQHp4MmM0LmNvbQpTdWJqZWN0OiBvaCBubyBhbm90aGVyIG9uZSBvZiB0aGVz ZSB0ZXN0cwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJz ZXQ9dXRmLTgKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgo+IAo= End sequence of 20 0a?
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
Okay, I minimized it into a reproducer. Unbase64 this to see the full email: RGF0ZTogTW9uLCAxMCBPY3QgMjAyMiAxNjoxOTozOSArMDIwMA0KRnJvbTogamFzb25AengyYzQu Y29tDQpUbzogamFzb25AengyYzQuY29tDQpTdWJqZWN0OiBvaCBubyBhbm90aGVyIG9uZSBvZiB0 aGVzZSB0ZXN0cw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsg Y2hhcnNldD11dGYtOA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCj4gDQo= Any ideas on the culprit here? Trailing sequence of 20 0d 0a not appreciated? Jason
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
Hi folks, It happened again. This time, I don't see a \x0c character in it that would have caused this, so I can't quite figure it out. But here's the failing message: https://lore.kernel.org/all/y0qp+%2fqbuneyi...@zx2c4.com/raw Any ideas why verification failed / why the generated signature is bogus? Jason
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
Hi Demi, On Sat, Jul 30, 2022 at 5:16 AM Demi Marie Obenour wrote: > > On 7/26/22 21:24, Jason A. Donenfeld wrote: > > This appears rather easy to reproduce. Just include the char 0x0c in a > > message, and the signature will be invalid. Playing with the resultant > > message, I can make it valid by removing the \x0c character, > > suggesting that it's being stripped from whatever rspamd receives for > > signing. > > I suspect the problem is that \x0c is a space character (according to > isspace(3), but is *not* \x20, \n, or \r. Right, that was my guess too, though I didn't see anything too wrong in opensmtpd itself, nor in the Golang scanner interface used by filter-rspamd. So that means the issue might be in rspamd? But I haven't tried to isolate that yet. > What OS are you using? Linux. Jason
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
On 7/26/22 21:24, Jason A. Donenfeld wrote: > This appears rather easy to reproduce. Just include the char 0x0c in a > message, and the signature will be invalid. Playing with the resultant > message, I can make it valid by removing the \x0c character, > suggesting that it's being stripped from whatever rspamd receives for > signing. I suspect the problem is that \x0c is a space character (according to isspace(3), but is *not* \x20, \n, or \r. What OS are you using? -- Sincerely, Demi Marie Obenour (she/her/hers) OpenPGP_0xB288B55FFF9C22C1.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
This appears rather easy to reproduce. Just include the char 0x0c in a message, and the signature will be invalid. Playing with the resultant message, I can make it valid by removing the \x0c character, suggesting that it's being stripped from whatever rspamd receives for signing.
Re: ^L causing DKIM validation errors with opensmtpd+rspamd
I figure I should add the rspamd list to this thread. -- Original Message -- Hi, Using a fairly typical OpenSMTPD+rspamd setup, I'm finding that emails sent that have the ^L escape in them come out with an invalid DKIM signature. Something basic like: filter rspamd proc-exec "filter-rspamd" listen on ... filter rspamd Everything else is otherwise pretty default and vanilla. Below is base64 of an mbox email that causes the problem when sent out using `git send-email` which pipes it to msmtp which submits it to opensmtpd+rspamd where it gets corrupted. Anyone see something like this before? Regards, Jason base64 -d > naughty-email.mbx RnJvbSA5YjM1Mzg5NWViZGUyZDgzZTA5MTk4YTYzZGJjYmVlMmNmNTg5OWQ0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiAiSmFzb24gQS4gRG9uZW5mZWxkIiA8SmFzb25AengyYzQuY29t PgpEYXRlOiBUdWUsIDI2IEp1bCAyMDIyIDAwOjIwOjIxICswMjAwClN1YmplY3Q6IHRlc3QgY29y cnVwdGlvbiB3aXRoIGEgXkwgbWVzc2FnZQpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6 IHRleHQvcGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp dAoKZGlmZiAtLWdpdCBhL0xJQ0VOU0VTIGIvTElDRU5TRVMKaW5kZXggY2QwNGZiNmU4NC4uNTMw ODkzYjFkYyAxMDA2NDQKLS0tIGEvTElDRU5TRVMKKysrIGIvTElDRU5TRVMKQEAgLTM4OSwyNiAr Mzg5LDMgQEAgQ29weXJpZ2h0IDIwMDEgYnkgU3RlcGhlbiBMLiBNb3NoaWVyIDxtb3NoaWVyQG5h LW5ldC5vcm5sLmdvdj4KICBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBH TlUgTGVzc2VyIEdlbmVyYWwgUHVibGljCiAgTGljZW5zZSBhbG9uZyB3aXRoIHRoaXMgbGlicmFy eTsgaWYgbm90LCBzZWUKICA8aHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy8+LiAgKi8KLQwK ClRoZSBhYm92ZSBzaG91bGQgY2F1c2UgaXNzdWVzLgo=
^L causing DKIM validation errors with opensmtpd+rspamd
Hi, Using a fairly typical OpenSMTPD+rspamd setup, I'm finding that emails sent that have the ^L escape in them come out with an invalid DKIM signature. Something basic like: filter rspamd proc-exec "filter-rspamd" listen on ... filter rspamd Everything else is otherwise pretty default and vanilla. Below is base64 of an mbox email that causes the problem when sent out using `git send-email` which pipes it to msmtp which submits it to opensmtpd+rspamd where it gets corrupted. Anyone see something like this before? Regards, Jason base64 -d > naughty-email.mbx RnJvbSA5YjM1Mzg5NWViZGUyZDgzZTA5MTk4YTYzZGJjYmVlMmNmNTg5OWQ0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiAiSmFzb24gQS4gRG9uZW5mZWxkIiA8SmFzb25AengyYzQuY29t PgpEYXRlOiBUdWUsIDI2IEp1bCAyMDIyIDAwOjIwOjIxICswMjAwClN1YmplY3Q6IHRlc3QgY29y cnVwdGlvbiB3aXRoIGEgXkwgbWVzc2FnZQpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6 IHRleHQvcGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp dAoKZGlmZiAtLWdpdCBhL0xJQ0VOU0VTIGIvTElDRU5TRVMKaW5kZXggY2QwNGZiNmU4NC4uNTMw ODkzYjFkYyAxMDA2NDQKLS0tIGEvTElDRU5TRVMKKysrIGIvTElDRU5TRVMKQEAgLTM4OSwyNiAr Mzg5LDMgQEAgQ29weXJpZ2h0IDIwMDEgYnkgU3RlcGhlbiBMLiBNb3NoaWVyIDxtb3NoaWVyQG5h LW5ldC5vcm5sLmdvdj4KICBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBH TlUgTGVzc2VyIEdlbmVyYWwgUHVibGljCiAgTGljZW5zZSBhbG9uZyB3aXRoIHRoaXMgbGlicmFy eTsgaWYgbm90LCBzZWUKICA8aHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy8+LiAgKi8KLQwK ClRoZSBhYm92ZSBzaG91bGQgY2F1c2UgaXNzdWVzLgo=
