[exim] BATV stops working: prvscheck: signature expired

Top Page
Delete this message
Reply to this message
Author: Jan-Piet Mens
Date:  
To: exim-users
Subject: [exim] BATV stops working: prvscheck: signature expired
Hello,

I've had BATV successfully working for just over a week, but since this
morning signatures are considered invalid when Exim checks them. I am
running 4.69:

Creating the prvs header works. I'm a bit skeptical of the date portion
of the hash, however (the machine's time is correct):


$ exim -d+all -C exim.cf.TEST -be '${prvs{jpm@???}{abcd}}'

13:03:53 14086 expanding: jpm@???
13:03:53 14086    result: jpm@???
13:03:53 14086 expanding: abcd
13:03:53 14086    result: abcd
13:03:53 14086 prvs: hash source is '0000jpm@???'
13:03:53 14086 expanding: ${prvs{jpm@???}{abcd}}
13:03:53 14086    result: prvs=0000b745ee=jpm@???
13:03:53 14086 search_tidyup called
13:03:53 14086 >>>>>>>>>>>>>>>> Exim pid=14086 terminating with rc=0 >>>>>>>>>>>>>>>>
prvs=0000b745ee=jpm@???


The ACL is:

  deny    message       = invalid or expired BATV signature
          senders       = :
          control       = caseful_local_part
          condition     = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
         !condition     = $prvscheck_result
          control       = caselower_local_part


with BATVKEY = abcd


Incoming messages aren't verified:

$ cat /tmp/ptest
HELO x
MAIL FROM:<>
RCPT TO:<prvs=0000b745ee=jpm@???>
QUIT


$ exim -d+all -C exim.cf.TEST -bh 209.85.237.25 < /tmp/ptest

13:06:15 15374 expanding: $local_part@$domain
13:06:15 15374    result: prvs=0000b745ee=jpm@???
13:06:15 15374 prvscheck localpart: jpm
13:06:15 15374 prvscheck key number: 0
13:06:15 15374 prvscheck daystamp: 000
13:06:15 15374 prvscheck hash: b745ee
13:06:15 15374 prvscheck domain: retail-sc.com
13:06:15 15374 expanding: abcd
13:06:15 15374    result: abcd
13:06:15 15374 prvs: hash source is '0000jpm@???'
13:06:15 15374 prvscheck: received hash is b745ee
13:06:15 15374 prvscheck:      own hash is b745ee
13:06:15 15374 prvscheck: signature expired, $pvrs_result unset
13:06:15 15374 expanding: 1
13:06:15 15374    result: 1
13:06:15 15374 expanding: ${prvscheck {$local_part@$domain}{abcd}{1}}
13:06:15 15374    result: 1
13:06:15 15374 check condition = ${prvscheck {$local_part@$domain}{abcd}{1}}
13:06:15 15374                 = 1
13:06:15 15374 expanding: $prvscheck_result
13:06:15 15374    result:
13:06:15 15374 check !condition = $prvscheck_result
13:06:15 15374                  =
13:06:15 15374 check control = caselower_local_part
13:06:15 15374 deny: condition test succeeded
13:06:15 15374 SMTP>> 550 invalid or expired BATV signature



Can somebody kindly tell me where this is going wrong, or what I've
broken?

Thanks,
        -JP