diff options
author | Mad Alex <alex.exim@madalex.me.uk> | 2019-01-30 13:57:36 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-01-30 13:59:52 +0000 |
commit | ae63862ba6f6ee0c17ec865cc6cf0eebb3ca2389 (patch) | |
tree | a0762735471d7ab4534ae211cc483e4029a000e6 | |
parent | 3f9700ab53b9f4fa4a2667957afb249f5639da9d (diff) |
Fix dkim_verify_signers option. Bug 2366exim-4.92-jghexim-4.92-RC6exim-4.92
Testsuite coverage by jgh.
Broken-by: d342446f29
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rw-r--r-- | src/src/smtp_in.c | 1 | ||||
-rw-r--r-- | test/confs/4508 | 33 | ||||
-rw-r--r-- | test/confs/4520 | 2 | ||||
-rw-r--r-- | test/log/4508 | 25 | ||||
-rw-r--r-- | test/scripts/4500-DKIM/4508 | 149 |
6 files changed, 211 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e2dd71b2b..7da07ad46 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -191,6 +191,9 @@ JH/41 Fix the loop reading a message header line to check for integer overflow, and more-often against header_maxsize. Previously a crafted message could induce a crash of the recive process; now the message is cleanly rejected. +JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option. It had + been totally disabled for all of 4.91. Discovery and fix by "Mad Alex". + Exim version 4.91 ----------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index af2cdb285..86f87eae1 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2084,7 +2084,6 @@ f.dkim_disable_verify = FALSE; dkim_collect_input = 0; dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL; dkim_key_length = 0; -dkim_verify_signers = US"$dkim_signers"; #endif #ifdef EXPERIMENTAL_DMARC f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE; diff --git a/test/confs/4508 b/test/confs/4508 new file mode 100644 index 000000000..dae4a8aba --- /dev/null +++ b/test/confs/4508 @@ -0,0 +1,33 @@ +# Exim test configuration 4508 + +SERVER= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_dkim = check_dkim +acl_smtp_data = check_data + +log_selector = +dkim_verbose +dkim_verify_signers = DYNAMIC_OPTION + +queue_only +queue_run_in_order + +# ----- ACL --------- + +begin acl + +check_dkim: + accept + logwrite = DKIM: acl called - signer: $dkim_cur_signer bits: $dkim_key_length + +check_data: + accept logwrite = overall \$dkim_verify_status: $dkim_verify_status + logwrite = ${authresults {$primary_hostname}} + +# End diff --git a/test/confs/4520 b/test/confs/4520 index 89769230f..1a8e34f9e 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -14,7 +14,7 @@ acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status -dkim_verify_signers = $dkim_signers : FAKE +dkim_verify_signers = $dkim_signers DDIR=DIR/aux-fixed/dkim diff --git a/test/log/4508 b/test/log/4508 new file mode 100644 index 000000000..4a031f285 --- /dev/null +++ b/test/log/4508 @@ -0,0 +1,25 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: acl called - signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 overall $dkim_verify_status: pass +1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 overall $dkim_verify_status: +1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: acl called - signer: nothere.example.com bits: 0 +1999-03-02 09:44:33 10HmaZ-0005vi-00 overall $dkim_verify_status: none +1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: acl called - signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: acl called - signer: different.example.com bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 overall $dkim_verify_status: pass:none +1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256 +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net diff --git a/test/scripts/4500-DKIM/4508 b/test/scripts/4500-DKIM/4508 new file mode 100644 index 000000000..b9eaabe05 --- /dev/null +++ b/test/scripts/4500-DKIM/4508 @@ -0,0 +1,149 @@ +# DKIM verify, dkim_verify_signers option +# +exim -DSERVER=server -DDYNAMIC_OPTION='$dkim_signers' -bd -oX PORT_D +**** +# +# Same as default. This should pass. +# - sha256, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \ +# --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1 + 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP + Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh + +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY= +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: <qwerty1234@disco-zombie.net> +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +killdaemon +# +exim -DSERVER=server -DDYNAMIC_OPTION='' -bd -oX PORT_D +**** +# Empty. Should avoid calling dkim ACL. +# - sha256, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \ +# --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1 + 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP + Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh + +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY= +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: <qwerty1234@disco-zombie.net> +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +killdaemon +# +exim -DSERVER=server -DDYNAMIC_OPTION='nothere.example.com' -bd -oX PORT_D +**** +# Different domain. Should fail DKIM verify. +# - sha256, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \ +# --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1 + 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP + Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh + +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY= +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: <qwerty1234@disco-zombie.net> +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +killdaemon +# +exim -DSERVER=server -DDYNAMIC_OPTION='test.ex : different.example.com' -bd -oX PORT_D +**** +# Mixed set. Should get one DKIM verify pass. +# - sha256, 1024b +# Mail original in aux-fixed/4500.msg1.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \ +# --method=simple/simple < aux-fixed/4500.msg1.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM:<CALLER@bloggs.com> +??? 250 +RCPT TO:<a@test.ex> +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1 + 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP + Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh + +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY= +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: <qwerty1234@disco-zombie.net> +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +killdaemon +# +no_stdout_check +no_msglog_check |