From: <fre...@va...> - 2006-06-25 17:55:33
|
> It looks like a bug in version dk-milter 0.4.1. This may be related=20 > to the "dk_skipbody" change in this release. If you run dk-filter in "test-mode" ( t=3Dy\; ) or if you use different canonicalization modes (-c nofws|simple), are you always susceptible to this bug?=20 /P |
From: SM <sm...@re...> - 2006-06-25 18:38:15
|
At 09:47 25-06-2006, fre...@va... wrote: >If you run dk-filter in "test-mode" ( t=y\; ) or if you use different >canonicalization modes (-c nofws|simple), are you always susceptible to >this bug? That test-mode is for part of your DomainKeys DNS record. If you did not configure dk-milter to reject mail, you won't notice the bug. The bug occurs when dk-milter verifies a message and you have set the "-C miss=r" parameter on startup. If the sending domain is a non-participant, the message will be rejected. If the sending domain publishes "t=y" and there is no DK signature, the message is not rejected. Regards, -sm |
From: Murray S. K. <ms...@se...> - 2006-06-26 19:48:03
Attachments:
PATCH
|
SM wrote: > The bug occurs when dk-milter verifies a message and you have set the > "-C miss=r" parameter on startup. If the sending domain is a > non-participant, the message will be rejected. If the sending domain > publishes "t=y" and there is no DK signature, the message is not rejected. The problem actually has more to do with "bad=r". The issue is that some messages missing signatures or certain headers were being improperly classified as malformed ("bad format") and thus rejected when that setting was in use. At the moment the setting for "bad=" covers all of these: (a) messages with signatures that won't verify (b) messages with DK syntax problems (c) messages that couldn't be verified for other reasons (e.g. key missing). Try the attached patch, which resolves the misclassifications that I've managed to reproduce so far. |
From: Adrian H. <ha...@re...> - 2006-06-27 15:21:26
|
Murray S. Kucherawy wrote: > The problem actually has more to do with "bad=r". The issue is that > some messages missing signatures or certain headers were being > improperly classified as malformed ("bad format") and thus rejected > when that setting was in use. At the moment the setting for "bad=" > covers all of these: > > (a) messages with signatures that won't verify > (b) messages with DK syntax problems > (c) messages that couldn't be verified for other reasons (e.g. key > missing). > > Try the attached patch, which resolves the misclassifications that > I've managed to reproduce so far. Running 0.4.1 with the patch since 10:30am EDT-- looks good so far. Previous email that was getting 554 syntax problems look like they're being accepted. |
From: Adrian H. <ha...@re...> - 2006-06-28 12:10:56
|
Murray S. Kucherawy wrote: > Try the attached patch, which resolves the misclassifications that > I've managed to reproduce so far. I've been running it for close to 24 hours now, and have taken in about 675 messages (126 valid, the rest spam), signed 14 messages, and verified 28 DomainKey signatures (gmail and Yahoo)-- and not a single 554 syntax problem (compared to close to universal rejection of all unsigned mail before) Looks like the patch does the trick. |
From: Murray S. K. <ms...@se...> - 2006-07-05 16:55:28
|
Adrian Havill wrote: > I've been running it for close to 24 hours now, and have taken in about > 675 messages (126 valid, the rest spam), signed 14 messages, and > verified 28 DomainKey signatures (gmail and Yahoo)-- and not a single > 554 syntax problem (compared to close to universal rejection of all > unsigned mail before) > > Looks like the patch does the trick. Excellent, thanks! Just back from a week off, so I'll get a patch release out in the very near future. |