Re: [exim] Spurious DKIM failures

Inizio della pagina
Delete this message
Reply to this message
Autore: Jeremy Harris
Data:  
To: exim-users
Oggetto: Re: [exim] Spurious DKIM failures
On 07/09/2021 14:44, Evgeniy Berdnikov via Exim-users wrote:
> There is some little progress in attempts to locate it: I found that
> this sender (mta.mindbox.ru) have maximum probability to produce fault.
> I've removed STARTTLS for its relays and made a traffic capture, it shows
> that there is some bulk mailer there, and it 1. uses CHUNKING, 2. send
> whole mail in single BDAT, 3. cut off connection without waiting for
> status code, 4. mail body is sent without final CRLF. Raw mail body,
> extracted from pcap data, passes DKIM test for both signatures.


44a62f5861 looks relevant:

JH/59 DKIM: Fix small-message verification under TLS with chunking. If a
       pipelined SMTP command followed the BDAT LAST then it would be
       incorrectly treated as part of the message body, causing a verification
       fail.


... except for:> Removal of TLS layer does not help to prevent DKIM failures.

Worth checking you have it, though.


On your segfaults: I tried creating a callout/TLS using testsuite
facilities, and am not seeing a fault (on a 32b Debian testing,
with whatever GnuTLS version that has) either with the current
master tip or with tag exim-4.94.2
I think we'll need you to investigate one of your coredumps.

Another test you could try is a build with
#define MISSING_POSIX_MEMALIGN
in OS/os.h-Linux.
If that still coredumps in the same place, it's not a "write
to readonly data" trap; so more likely a null pointer.
--
Cheers,
Jeremy