Re: [ opendkim-Bugs-3590402 ] No signature if From header is first (fwd)

From: Steve Jenkins <stevejenkins_at_gmail.com>
Date: Tue, 27 Nov 2012 15:11:57 -0800

I just attempted to replicate this on my Fedora box running Postfix 2.9.4
and OpenDKIM 2.7.1.

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hostname.example.com ESMTP Postfix
ehlo example.com
250-hostname.example.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:example_at_example.com
250 2.1.0 Ok
RCPT TO: example_at_gmail.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Command Line Test

This is only a test.
.
250 2.0.0 Ok: queued as C24B910424B5
quit
221 2.0.0 Bye
Connection closed by foreign host.


I then checked the Gmail account to which it was sent and message is signed:

Authentication-Results: mx.google.com; spf=pass (google.com: domain of
example_at_example.com designates 123.456.789.123 as permitted sender)
smtp.mail=example_at_example.com; dkim=pass header.i=_at_example.com


SteveJ



On Tue, Nov 27, 2012 at 2:47 PM, Murray S. Kucherawy <msk_at_blackops.org>wrote:

> Could someone with postfix expertise have a look at this?
>
> I've asked the original poster to subscribe here and discuss the problem.
> I think it's clear from the start that if we had a problem with From:
> first, we'd have known about it by now, not to mention the fact that the
> entire opendkim test suite uses From: first and things get signed.
>
> My inclination is to think hammering postfix with data via "nc", or the
> lack of a separating line before the body, is the likely culprit.
>
> -MSK
>
> ---------- Forwarded message ----------
> Date: Tue, 27 Nov 2012 09:13:00 -0800
> From: SourceForge.net <noreply_at_sourceforge.net>
> To: SourceForge.net <noreply_at_sourceforge.net>
> Subject: [ opendkim-Bugs-3590402 ] No signature if From header is first
>
> Bugs item #3590402, was opened at 2012-11-27 09:13
> Message generated for change (Tracker Item Submitted) made by
> You can respond by visiting:
> https://sourceforge.net/**tracker/?func=detail&atid=**
> 1147701&aid=3590402&group_id=**269812<https://sourceforge.net/tracker/?func=detail&atid=1147701&aid=3590402&group_id=269812>
>
> Please note that this message will contain a full copy of the comment
> thread,
> including the initial issue submission, for this request,
> not just the latest update.
> Category: opendkim
> Group: 2.7.1
> Status: Open
> Resolution: None
> Priority: 5
> Private: No
> Submitted By: https://www.google.com/**accounts<https://www.google.com/accounts>()
> Assigned to: Nobody/Anonymous (nobody)
> Summary: No signature if From header is first
>
> Initial Comment:
> My company use an old mailer agent developped in Delphi.
> Emails sent from this software are not signed and there are errros
> messages like this :
> "can't determine message sender; accepting"
>
> I just did some debug and found out that this mailer puts the From header
> before any headers.
> So I was able to reproduce the errro using netcat scripts
>
> 1/ This script produce the error and the email is not signed :
>
> nc -i 1 192.168.0.53 25 <<EOF
> helo smtp.xxxxxx.com
> MAIL FROM: <actu_at_xxxxxx.com>
> RCPT TO: <glebars_at_xxxxxx.com>
> DATA
> From: "XXXXXXX" <actu_at_xxxxxx.com>
> Subject: Test DKIM
> To: glebars_at_xxxxxx.com
> Ceci est un test de mail
> .
> quit
> EOF
>
> Result : Nov 27 17:45:37 cupidon opendkim[8149]: 0634E9BE1A3: can't
> determine message sender; accepting
>
>
> 2/ In this script I just switched the Subject and From headers. The email
> is signed
>
> nc -i 1 192.168.0.53 25 <<EOF
> helo smtp.xxxxxx.com
> MAIL FROM: <actu_at_xxxxxx.com>
> RCPT TO: <glebars_at_xxxxxx.com>
> DATA
> Subject: Test DKIM
> From: "XXXXXXX" <actu_at_xxxxxx.com>
> To: glebars_at_xxxxxx.com
> Ceci est un test de mail
> .
> quit
> EOF
>
> Result : Nov 27 17:47:03 cupidon opendkim[8149]: C2CCD9BE1A3:
> DKIM-Signature header added (s=mail, d=xxxxxx.com)
>
>
> I tried different combinations, and the problem only occur when the From
> header is first.
>
> Guillaume
>
>
> ------------------------------**------------------------------**----------
>
> You can respond by visiting:
> https://sourceforge.net/**tracker/?func=detail&atid=**
> 1147701&aid=3590402&group_id=**269812<https://sourceforge.net/tracker/?func=detail&atid=1147701&aid=3590402&group_id=269812>
>
>
Received on Tue Nov 27 2012 - 23:12:11 PST

This archive was generated by hypermail 2.3.0 : Tue Nov 27 2012 - 23:18:02 PST