* postfix--- via Postfix-users <post...@ptld.com>: > > > > OpenDMARC is segfaulting. That's what 'signal 11' means. Postfix fails > > > > to get an answer to its end-of-body milter call because of the segfault > > > > closing the other end of that socket. That failure results in Postfix > > > > sending a 4xx to the client. > > > > First step is to verify your installation of OpenDMARC. Make sure you > > > > have a current version, that its dependencies are consistent with the > > > > build, etc. > > > I ran into the same problem. I found that the opendmarc package in Debian > > bullseye is vulnerable to CVE-2021-34555, and I believe this is the source > > of the crash (in combination with the new email headers from the mailing > > list transition). > > > > I solved the problem by upgrading to the version of opendmarc in Debian > > testing. > > > I am using RHEL8 and after checking for updates I was able to update > opendmarc to 1.4.2 (from 1.4.1) however it still has the error, only with > mail from this list. > In the mean time as suggested, I added "list.sys4.de" to the ignorelist to be > able to accept list mail again. However i would like to solve the problem and > not rest on a band-aid.
It seems the problem is being caused by two things: - The DNS entry uses h=rsa-sha256 when it should be h=sha256 That's a copy and paste error on my side. I scratched this from a Mailman 3 example and did not verify the example was valid. We'll fix that when we will start using new key material - The key material is 4096 Bit and it was brought to my attention there's a bug / missing functionality (?) in opendmarc which results in the program being unable to handle keys at sizes larger than 2024 Bit. We'll generate a new 2024 Bit key pair and place the new key in DNS. When we do that we'll also see to fix the h=sha256 problem. This will take place within the next 12 hours. Mailman will be restarted in the end and the service will be unavailable for about 30 seconds. No list mail will be lost. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
