Package: opendmarc Version: 1.4.0~beta1+dfsg-6+deb11u1 Severity: serious Tags: upstream patch Justification: Maintainer designation
Currently opendmarc in Stable, Testing, and Unstable will crash if they key used in an ARC header field is 3072 bit RSA or longer. This really needs to be fixed prior to release since, in normal usage, when a milter crashes it stops all mail flow on the system. Since the key size is an attribute decided by the sending domain, there's no work around on the receiver side to avoid the specific keys at issue. Longer RSA keys are becoming more common and this trend will continue through Bookworm's life, so the impact will only grow. Patch available in the upstream GitHub repository: https://github.com/trusteddomainproject/OpenDMARC/issues/183 Scott K
