[exim-dev] [Bug 967] New: DKIM-mandated undocumented behavio…

Top Page

Reply to this message
Author: Sven Hartge
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change, [exim-dev] [Bug 967] DKIM-mandated undocumented behaviour change
Subject: [exim-dev] [Bug 967] New: DKIM-mandated undocumented behaviour change
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=967
           Summary: DKIM-mandated undocumented behaviour change
           Product: Exim
           Version: 4.71
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
        AssignedTo: nigel@???
        ReportedBy: sven@???
                CC: exim-dev@???



I use the following lookup to determine the ASN of an IP:

  warn
    set acl_c2 = ${extract{1}{\n}{${lookup
dnsdb{txt=${extract{4}{.}{$sender_host_address}}.${extract{3}{.}{$sender_host_address}}.${extract{2}{.}{$sender_host_address}}.${extract{1}{.}{$sender_host_address}}.asn.fh-giessen.de}}}}
    log_message = ASN-LOOKUP: ${lookup
dnsdb{${extract{4}{.}{$sender_host_address}}.${extract{3}{.}{$sender_host_address}}.${extract{2}{.}{$sender_host_address}}.${extract{1}{.}{$sender_host_address}}.asn.fh-giessen.de}}


This so far worked fine, but since 4.71, the returned result is different
than before:

2010-02-26 19:31:48 H=[186.63.14.189] Warning: ASN-LOOKUP: 22927186.60.0.014

In 4.69 this would look more like this:

2010-02-26 19:31:48 H=[186.63.14.189] Warning: ASN-LOOKUP: 22927

The lookup from the command line returns three results which in 4.69 were
concatenated with \n.

oweh@skuld:~$ host -t txt 189.14.63.186.asn.fh-giessen.de
189.14.63.186.asn.fh-giessen.de descriptive text "22927" "186.60.0.0" "14"

I suspect the merge of the DKIM code in
f62bfb6fe50ab4abd1bba9eff5c458316d5322e5 to have created the problem, but
I am not fluent enough in C and the exim codebase to be able to debug or
fix it myself.

Phil Pennock added:

I think you're right as to the cause.

There's a bit of a problem here, in that the semantics demanded by DKIM
differ from what Exim did before.

RFC 4871:
----------------------------8< cut here >8------------------------------
3.6.2.2. Resource Record Types for Key Storage
[...]
Strings in a TXT RR MUST be concatenated together before use with no
intervening whitespace. TXT RRs MUST be unique for a particular
selector name; that is, if there are multiple records in an RRset,
the results are undefined.
----------------------------8< cut here >8------------------------------

However, if memory serves there is no DNS-level mandate that all TXT
strings always be interpreted this way. Some DNS client specifications,
such as SPF and DKIM, mandate this behaviour but it's in no way inherent
to DNS TXT records themselves. Tony Finch might correct me if I'm wrong
here.

So the new behaviour is correct for DKIM and sometimes correct for other
other protocols, but not correct for the general case and as such is a
regression.

Perhaps the best solution is to add a new pseudo search type for dnsdb,
just as there's "csa", "mxh" and "zns". Call the new one "txtconcat".
Revert to the previous behaviour for "txt", have dnsdb use txtconcat.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email