HelloWe're running Exim 4.98 on FreeBSD and for many months now, we noticed a strange behavior which only appears very sporadically.
To control DKIM signing for forwarded messages and bounces, we use the concept of setting variables in routers to reference them in transports quite often. Something like this:
- - - - - -
begin routers
smtp_router:
driver = dnslookup
transport = remote_smtp_dane
set = r_dkim_data = ${ some readsocket lookup to fetch json data }
...
begin transports
remote_smtp_dane:
driver = smtp
dkim_domain = ${if def:r_dkim_data {$h_X-DKIM-Sign:}{hostpoint.ch}}
...
- - - - - -
After a while, we noticed that mails are randomly not getting signed.
Further investigation revealed that variables set via `set = r_dkim_data
= ...` are sometimes empty when referenced in transports.
Usually the issue resolves on its own after a few minutes, or when the
Exim daemon is restarted. Multiple hosts with different configurations
using r_ variables in their config to sign messages are affected by this.
We managed to fetch some debug logs from an offending message:
- - - - - -
# here, the variable is assigned the correct value:
07:39:51 24397 set r_dkim_data = '{"id": "1tmS87-000000006LU-2Bsj", ...}
- - 8< - - # no more output mentioning r_dkim_data
# but for some reason the variable is empty just shortly afterwards:
07:39:51 24398 ╭considering:
${if░def:r_dkim_data░{$h_X-DKIM-Sign:}{hostpoint.ch}}
07:39:51 24398 ├──condition: def:r_dkim_data
07:39:51 24398 ├─────result: false
07:39:51 24398 ╭───scanning: $h_X-DKIM-Sign:}{hostpoint.ch}}
07:39:51 24398 ├──────value: doruhari.myhostpoint.ch
07:39:51 24398 │ ╰──(tainted)
07:39:51 24398 ├───scanning: }{hostpoint.ch}}
07:39:51 24398 ├───expanded: $h_X-DKIM-Sign:
07:39:51 24398 ├─────result: ◀skipped▶
07:39:51 24398 ╰───skipping: result is not used
07:39:51 24398 ╭considering: hostpoint.ch}}
07:39:51 24398 ├───────text: hostpoint.ch
07:39:51 24398 ├considering: }}
07:39:51 24398 ├───expanded: hostpoint.ch
07:39:51 24398 ╰─────result: hostpoint.ch
07:39:51 24398 ├───expanded:
${if░def:r_dkim_data░{$h_X-DKIM-Sign:}{hostpoint.ch}}
07:39:51 24398 ╰─────result: hostpoint.ch
- - - - - -
Here's the debug log for a correctly signed message just a minute after
(without any config changes or daemon restart):
- - - - - -
07:40:57 25395 set r_dkim_data = '{"id": "1tmS9B-000000006ba-1vwf", ...}
- - 8< - -
07:40:57 25396 ╭considering:
${if░def:r_dkim_data░{$h_X-DKIM-Sign:}{hostpoint.ch}}
07:40:57 25396 ├──condition: def:r_dkim_data
07:40:57 25396 ├─────result: true
...
07:40:57 25396 ╰─────result: doruhari.myhostpoint.ch
07:40:57 25396 ╰──(tainted)
- - - - - -
Does have anyone a clue what's going on here? Any input would be
appreciated.
Regards Patrik
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
