Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#90 Missing Domain Name causes crash

v2.3.2
closed-fixed
5
2007-11-30
2007-11-19
Jim Hermann
No

With version 2.3.2, I tried to run with domain names in my Domain file that were not in the KeyList file. As soon as dkim-filter was asked to sign a message from one of the missing domain names, it crashed without any error message.

It runs in verify-only mode. If I try to run in sign-and-verify mode, it
runs fine for less than one minute:

Nov 14 22:29:36 host sm-acceptingconnections[6469]: lAF4Tam9006469: Milter
insert (1): header: X-DKIM: Sendmail DKIM Filter v2.3.2 host.uuserver.net
lAF4Tam9006469
Nov 14 22:29:36 host dkim-filter[6290]: lAF4Tauh006478: no signature data
Nov 14 22:29:36 host sm-acceptingconnections[6478]: lAF4Tauh006478: Milter
insert (1): header: X-DKIM: Sendmail DKIM Filter v2.3.2 host.uuserver.net
lAF4Tauh006478
Nov 14 22:29:36 host dkim-filter[6290]: lAF4Taev006481: no signature data
Nov 14 22:29:57 host dkim-filter[6290]: lAF4Tuju006551 "DKIM-Signature"
header added
Nov 14 22:29:57 host sm-acceptingconnections[6551]: lAF4Tuju006551: Milter
insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=jimhermann.com;\n\ts=host; t=1195100997;
bh=KxaC+xS0KRDXrSYghjeX3EU4DgxD5+X0F6PqA2XZ3G\n\t8=;
h=Received:X-ClientAddr:X-DKIM:Received:Received:Received:Date:\n\t
X-ME-UUID:From:Subject:To:MIME-Version:Content-type:Message-Id:\n\t
X-UUism.net-MailScanner-SpamScore;
b=0ZA6PI2LlXna/rDL/mtS5dHte8zVu\n\tSCMBzYZILqMs/0maxgOK95b6wRQzVjmV21LmfNQw0
4CIyp0FdxxFYxkcQ==
Nov 14 22:29:57 host sm-acceptingconnections[6551]: lAF4Tuju006551: Milter
insert (1): header: X-DKIM: Sendmail DKIM Filter v2.3.2 host.uuserver.net
lAF4Tuju006551
Nov 14 22:29:59 host sm-acceptingconnections[6565]: lAF4Txgf006565:
milter_sys_read(dkim-filter): cmd read returned 0, expecting 5
Nov 14 22:29:59 host sm-acceptingconnections[6565]: lAF4Txgf006565: Milter
(dkim-filter): to error state
Nov 14 22:30:00 host sm-acceptingconnections[6574]: lAF4U02U006574: Milter
(dkim-filter): error connecting to filter: Connection refused by
/var/run/milter/dkim-filter.sock

My sendmail is Version 8.14.2 Compiled with:
DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETUNIX NEWDB PIPELINING SASLv2 SCANF
SOCKETMAP STARTTLS USERDB XDEBUG

I compiled dkim-milter with these options:

APPENDDEF(`conf_dkim_filter_ENVDEF', `-DPOPAUTH ')
APPENDDEF(`confINCDIRS', `-I/usr/local/include ')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib ')
define(`bld_VERIFY_DOMAINKEYS', `true')
APPENDDEF(`bld_dkim_filter_INCDIRS', `-I/usr/include')
APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L/usr/lib')

Here are the dkim-filter.conf settings:

Canonicalization relaxed/simple
Domain /etc/mail/domains
ExternalIgnoreList /etc/mail/eilist
KeyFile /var/db/dkim/host.key.pem
KeyList /var/db/dkim/keylist
InternalHosts /etc/mail/ilist
Macrolist auth_authen
Mode v
OmitHeaders Received,Return-Path,Comments,Keywords,
Bcc,Resent-Bcc,X-DomainKeys,DKIM-Signature,x-cron-env,X-Greylist,X-Null-Tag,
Received-SPF,X-UUism.net-MailScanner-Information,X-UUism.net-MailScanner,X-U
Uism.net-MailScanner-SpamCheck,X-UUism.net-MailScanner-From,X-Spam-Status,x-
beenthere,x-mailman-version,precedence,list-id,list-unsubscribe,list-archive
,list-post,list-help,list-subscribe,x-mimedefang-helo,x-mimedefang-sender,x-
mimedefang-relayhostname,x-mimedefang-relayaddr,x-mimedefang-recipients,x-mi
medefang-sendmailmacros,x-scanned-by
PeerList /etc/mail/peerlist
PidFile /var/run/milter/dkim-filter.pid
POPDBFile /etc/mail/popip.db
Selector host
SendReports yes
Socket /var/run/milter/dkim-filter.sock
SubDomains yes
Syslog yes
SyslogSuccess yes
UserID milter:719
X-Header yes

My /var/db/dkim/keylist contains:
*@uuism.net:uuism.net:/var/db/dkim/host
*@jimhermann.com:jimhermann.com:/var/db/dkim/host

My /etc/mail/domains file contains:

host.uuserver.net
host2.uuserver.net
host.uuserver.org
host2.uuserver.org
lists.uuserver.net
lists.uuserver.org
uuism.info
lry.info
[snip]
uuism.net
jimhermann.com
[snip]

After I updated /var/db/dkim/keylist to contain every domain name in /etc/mail/domains, the dkim-filter ran without any problems.

Discussion

    • milestone: --> v2.3.2
    • assigned_to: nobody --> sm-msk
     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    Yep, it's a bug. If you list a domain in "Domain" but not in "KeyList", a pointer is left NULL and then passed to libdkim which trips an assertion failure, causing the filter to crash.

    Since wildcards are allowed in keylists, there's unfortunately no way to verify the list of domains against the contents of the keylist. The obvious choices are:

    a) merge the Domain and KeyList functionality into one configuration item, or

    b) temp-fail outbound mail with a warning when a domain is listed in Domain but not in KeyList.

    For now, I'm going to go with (b). Patch attached.
    File Added: PATCH

     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    File Added: PATCH

     
  • Proposed patch #2

     
    Attachments
  • Logged In: YES
    user_id=1048957
    Originator: NO

    v2.4.0 released, containing this fix.

     
    • status: open --> closed-fixed