Hi, Some Dutch telecoms provider recently sent a mailing that makes my (self compiled, Ubuntu pkg based) Exim 4.97 choke in some DKIM routines. I'm sharing what i have right now and working on hopefully digging up more information.
Message comes in: exim[256917]: 1tt2qM-000000014pp-1Y7f DKIM: validation error: LONG_LINE exim[256917]: 1tt2qM-000000014pp-1Y7f DKIM: Error during validation, disabling signature verification: LONG_LINE exim[256917]: 1tt2qM-000000014pp-1Y7f <= senderlocalp...@aws.odido.nl H=b224-125.smtp-out.eu-central-1.amazonses.com [69.169.224.125] P=esmtps X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no S=41175 id=messag...@eu-central-1.amazonses.com T="Message topic was here" for recipi...@mydomain.tld Ok, i know this LONG_LINE message from Exim doing DKIM signing. Sender isn't following RFCs aparently. But then Exim tries delivery of this message and chokes: exim[257275]: 1tt2qM-000000014pp-1Y7f DKIM: signing failed: LONG_LINE exim[257275]: 1tt2qM-000000014pp-1Y7f bad memory allocation requested (-1518335015 bytes) from b64encode_taint 250 exim[257268]: 1tt2qM-000000014pp-1Y7f Delivery status for recipi...@mydomain.tld: got 0 of 7 bytes (pipeheader) from transport process 257275 for transport smtp exim[257268]: 1tt2qM-000000014pp-1Y7f Frozen What i dont understand is why during the 1st delivery attemt, Exim logs about 'DKIM: signing failed' while there is *NO* config for DKIM on this MX-server whatsoever. The Exim binary just has DKIM capabilities compiled in, using defaults. | root@mx02:~# grep -ci 'dkim' /etc/exim4/exim4.conf | 0 | root@mx02:~# exim4 -bV | grep -i dkim | Support for: Content_Scanning crypteq Expand_dlfunc iconv() IPv6 PAM | Perl GnuTLS move_frozen_messages TLS_resume DANE DKIM DMARC DNSSEC Event | I18N OCSP PIPECONNECT PRDR PROXY Queue_Ramp SOCKS SPF SRS TCP_Fast_Open | Experimental_ARC Also, when i then force a delivery on the frozen message, it does log 'signing failed: LONG_LINE' again, but delivery succeeds just fine: | root@mx02:~# exim4 -v -v -M 1tt2qM-000000014pp-1Y7f | delivering 1tt2qM-000000014pp-1Y7f | LOG: MAIN | Unfrozen by forced delivery | [ .. ] | LOG: MAIN PANIC | DKIM: signing failed: LONG_LINE | [ .. ] | LOG: MAIN | Completed I'll try to capture an offending message to do more tests. Unfortunately the messages are not my messages so i can't really share them verbatim i'm afraid. But if i figure out what the cause is, perhaps i can build a test-case. Any input is welcomed :) Regards, -Sander. -- | If you don't pay your exorcist you can get repossessed. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
