date:20241112

[exim] Re: disclaimer + DKIM does not work (reopened)

2024-11-12 Thread Jeremy Harris via Exim-users


On 13/11/2024 00:12, brunoc68 via Exim-users wrote:

It comes from a bug in altermime


Those links didn't quickly describe the bug for me.
Could you give a summary?

--
Cheers,
  Jeremy

--
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Re: disclaimer + DKIM does not work (reopened)

2024-11-12 Thread brunoc68 via Exim-users


Dear all,

I found out why DKIM signature did not work in my case.

It comes from a bug in altermime as described here :

 * https://www.ijs.si/software/amavisd/release-notes.txt
   
 * 
https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping
   



Basically, one has to correct for this bug at the transport_filter 
point. As it took me hours to get it done, I give it to you :-)


transport_filter = /bin/sh -c "/usr/bin/altermime  --input=- 
--disclaimer=/etc/exim4/textdisclaimer --disclaimer-html=/etc/exim4/htmldisclaimer | perl 
-pe 's/\r//g; s/\n/\r\n/g'"


This way the DKIM signature works well together with a disclaimer added 
by altermime.


Kind regards,
Bruno


Le 03/11/2023 à 18:20, brunoc68 via Exim-users a écrit :

Le 30/10/2023 à 11:09, Jeremy Harris via Exim-users a écrit :

On 30/10/2023 09:42, brunoc68 via Exim-users wrote:
Looking at the description of the transport option "size_addition", 
I understand that the size of the message is sent by smtp before the 
message is processed by the filter.


I am not sure about my understanding of this option. Could that be a 
possible source of the error I obtain ?


Marginally possible.  It would require that the receiving system uses 
the SIZE
passed with the MAIL TO for its dkim verification but *not* for its 
actual
reception of the message.  Pretty unlikely, but you could test by 
setting

the option to -1 (which would mean it couldn't possibly do that).



I checked several configuration of the "size_addition" option and it 
does not work.


I also sent an email to another of my servers running both Exim and 
spamassassin as well.

I got the following, clearly telling DKIM_INVALID :

 

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; 
d=ciarem.fr;
s=dkim; 
h=Content-Type:Message-ID:Subject:Date:MIME-Version:To:From:Sender:

Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: 

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: 


List-Post:List-Owner:List-Archive;
bh=KqNN2YxYpsbEJ+qOKn2J3M0huRA1QxmBanUfyMElrc0=; 
b=LypOiBYcyrZvGx6xEIsFbc4/L8
Hu1UMcQH/SXtR4R6fRYqbx7yPMOzXsN83LVsiIFTNF+LUdFJrEwIFxOF/Kz30CB86x96BMZwsHy7s 

JxlHdFBdnmD7rgc21vLV/dmavvgHQaPnAw2TCCxpv84qvOivKn0CfBaWyRXXkRBXxVzVuW658QMjQ 

OjR9rLZ1Z4wToQ9tm43S08rLZivFGiWp5Rtz8HGeydmmmWAolYEsvJmJwCFdMeR3DWxXtdp7xjSmL 

/d1Ot6IgZUJef9vfxcJTG8PoPJvxO09Jche5xn4zQjjcw51xqO4w6ut4zILH/qW/tyGxo9VnH9ov3 


Bv0slp7A==;

X-Spam-Status: No, score=3.3 required=5.0 
tests=*DKIM_INVALID*,DKIM_SIGNED,
HTML_IMAGE_ONLY_08,HTML_MESSAGE,MIME_QP_LONG_LINE,RDNS_NONE,SPF_HELO_PASS, 


SPF_PASS,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,
URIBL_DBL_BLOCKED_OPENDNS autolearn=disabled version=3.4.0

 



Jeremy, you told me what I sent to your private email was ok, but on 
my side I can not reproduce any recipient (mail-tester.com, gmail.com, 
another of my server) where the DKIM signature is valid...





--
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Re: ARC verify error with mail from Google

2024-11-12 Thread Kai Bojens via Exim-users


Am 12.11.24 um 16:35 schrieb Jeremy Harris via Exim-users:


Does a run with debug give any better insight? ARC processing uses
the acl debug channel, should you want to cut down on the vebiage.

Sadly, it does not.

I've turned on debugging with "control = debug/opts=+acl" but that's not much:

check verify = arc/none:fail:pass
ARC: collecting arc sets
ARC: found AS: ARC-Seal: i=2; a=rsa-sha256; t=1731482228; cv=pass;
d=google.com; s=arc-20240605;
b=lNsOYGOEfzDkTeQylYZNcllC10vzKpD0w7SJz5hu5tdlYbCHYMP17U3qh36SU56wfA
 aj7vsF92Q5P0Rjl1ru17wkoVSNZd3Kzd/QplvMleLJ4tpS7P3czT6XPe55xRW6TcgYdZ
 NQec0YEKYPS6YaPP51yfRxK3cGx77sMNSxXa/ZRX/L6kUIkHEsC5kKaVETQlbvcRJIyE
 Pl6vtlpAVEHXMDgFanjYghxa0e+kw1f4xIkLyCPqAmG5QoEYZszMuClSBKyGCCXnJB5G
 FpT+9FdRAGmZxHigjVU/Ayr7EjEW0c0TFJGQBN2YHaNKh54HJR4514unweF+nQfpnind
 cUTw==
ARC: new instance 2
ARC: found AMS: ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com; s=arc-20240605;
h=organization:subject:from:to:user-agent:mime-version:date
 :message-id:dkim-signature:dkim-signature:delivered-to;
bh=9VdWf6jtmakCUhkY8lbs/PvTs01ebna8m7p1quyrmU0=;
fh=oco32Tj+TXoR4082g3e8fiWGLdPBDc8gHnfYNCRiGKg=;
b=j18rooMbdDiuApY2411ufP6EM18Td7PgmddqGOFPGQKKsnu+dyTm6gtqKvcPcQI4nC
 +hiEeFOsLHlqxwM/sjzFb/TkfK7kbDLC+Nqvfb2NomoQC/EprflN8MST5KR2j4zX7CVN
 Oc0g7yYjytI3L43NYb2lESVvImHGpB2FbpCtfctfa5pHBu1PXN0G0T2X+FiH1ZbBJQ00
 z5Xmo/tlh4PLlrYKO4VG5YP310W7+/IOic+l8mYajvBTvAUT0oSmPD6v1liSX+QgiKAQ
 lOCkcR1d5uqEKzNZdk2AeftiFlX55JNsWZZyr6pYUf8WuMIeRAFKGEzMU/HfZ4fPQ8ga
 3ibw==;
darn=REDACTED
ARC: d tag val
inserting AMS: line parse
ARC verify result fail (collecting headers: inserting AMS)

The corresponding variables:

arc_state = fail , arc_state_reason = collecting headers: inserting AMS , 
arc_domains = ::google.com , arc_oldest_pass = 0

I have enabled ARC verify yesterday and created a Google Mail forward for
testing purposes. Those Google Mails are always in a "fail" state while
mails from other senders (Microsoft, hornetsecurity.com) sometimes also fail
but seem to pass in 95% of all cases.



smime.p7s
Description: Kryptografische S/MIME-Signatur

-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Re: ARC verify error with mail from Google

2024-11-12 Thread Jeremy Harris via Exim-users


On 12/11/2024 14:45, Kai Bojens via Exim-users wrote:

arc=fail (collecting headers: inserting AMS)


From the current git source I'd expect a little more info in that (comment).
Possibly added since 4.96 though.

Does a run with debug give any better insight? ARC processing uses
the acl debug channel, should you want to cut down on the vebiage.


What we know so far is that it thought it was dealing with an AMS header,
but failed to parse it or failed to insert it into the local ARC data tree
that it constructed as part of verification.

--
Cheers,
  Jeremy

--
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] mysql_servers syntax for ipv6-only database server

2024-11-12 Thread Niklas Schell via Exim-users

Greetings!

I am trying to use an ipv6-only database server inside my exim4 config. But I'm 
unable to get the correct syntax for mysql_servers.
I already tried the following (assuming fd00::2 is the ipv6 address of the 
database server):

hide mysql_servers = fd00::2/database/user/password

which results in: Unknown server host 'fd00'.

":" is used a list separator, in order to define multiple servers (backup 
facility), so I thought, I would simply change the separator to a different one:

hide mysql_servers = <; fd00::2/database/user/password

The result stays the same.
Putting parenthesis or quotes around the ipv6 address doesn't work as well.


Creating an /etc/hosts entry as follows:

fd00::2  server

and using the following exim config:

hide mysql_servers = server/database/user/password

works. I'm able to connect to the database.
But i would like to explicitly define the ip address inside the config file.
Is this currently possible?

-- 
Thanks,
nudelchef


-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Re: mysql_servers syntax for ipv6-only database server

2024-11-12 Thread Jeremy Harris via Exim-users


On 11/11/2024 15:10, Niklas Schell via Exim-users wrote:

 i would like to explicitly define the ip address inside the config file.
Is this currently possible?


Unfortunately not using only the Exim config file.

[ I suspect this is due to features having been added over time.
  The parsing of a single host-spec is custom, and lacks any way
  of escaping metacharacters.
  This is a bug; feel free to raise one.  The problem will be fixing it
  in some way that is back-compatible.
]

Apart from an /etc/hosts entry (as you found) - you could use
a mysql config file entry
( https://dev.mysql.com/doc/refman/8.4/en/option-files.html )
along the lines of

   [exim]
   host = 

(which according to those docs accepts name, ipv4-addr or ipv6-addr)

--
Cheers,
  Jeremy

--
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] ARC verify error with mail from Google

2024-11-12 Thread Kai Bojens via Exim-users


Version: 4.96 (Debian 12, rebuild with ARC support)

I'm trying to get ARC verify working and I'm getting this error in the 
$authresults with an e-mail forwarded from Google:


arc=fail (collecting headers: inserting AMS)

This doesn't make any sense to me. I found the corresponding line in the 
source code but couldn't make out what the problem could be.


smime.p7s
Description: Kryptografische S/MIME-Signatur

-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Re: disclaimer + DKIM does not work (reopened)

[exim] Re: disclaimer + DKIM does not work (reopened)

[exim] Re: ARC verify error with mail from Google

[exim] Re: ARC verify error with mail from Google

[exim] mysql_servers syntax for ipv6-only database server

[exim] Re: mysql_servers syntax for ipv6-only database server

[exim] ARC verify error with mail from Google

7 matches

Site Navigation

Mail list logo

Footer information