On 16/11/2024 23:12, Bill Cole wrote:
On 2024-11-16 at 16:48:49 UTC-0500 (Sat, 16 Nov 2024 21:48:49 +0000)
Nick Howitt <n...@howitts.co.uk>
is rumored to have said:
Hi,
I am just going through my mail logs and I am seeing a lot of:
_WARN: plugin: eval failed: invalid DKIM result at
/usr/share/perl5/Mail/DMARC.pm line 107.
Context would help, e.g. the full log line showing what process sent
that message.
My set up is Debian 12 with their packaged amavis, postfix,
spamassassin, clamav and postfix-policyd-spf-python.
The specific version of SpamAssassin would help, although I understand
Debian does do some backporting. SpamAssassin support was greatly
enhanced with v4, so if Debian 12 is still shipping a v3.4.x variant
that might be relevant.
There's nothing I see in the current version of Mail::DMARC around
that line number that could trigger that message, so an update to that
Perl module *may* be in order.
Should I be concerned and what can I do about it?
I suspect that this is due to messages with Authentication-Results
headers that don't have DKIM fields, such as the messages from this
list which have a header like this:
Authentication-Results: apache.org; auth=none
If that is the underlying cause, it is entirely harmless. You may want
to verify that legitimate messages are matching DKIM and DMARC
SpamAssassin rules to be sure.
It is possible that this is actually a bug in Mail::DMARC. The lack of
a DKIM value in an A-R header probably should not generate a warning.
b...@scconsult.com orbillc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Thanks for the reply.
Spamassassin version is 4.0.0-8ubuntu5.
Here is a full mail log for one message:
2024-11-17T09:12:30.306975+00:00 mail-www postfix/smtpd[2173196]:
connect from mail01.ipfire.org[81.3.27.42]
2024-11-17T09:12:31.488398+00:00 mail-www policyd-spf[2173204]: :
prepend Received-SPF: Pass (mailfrom) identity=mailfrom;
client-ip=81.3.27.42; helo=mail01.ipfire.org;
envelope-from=replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org;
receiver=howitts.co.uk
2024-11-17T09:12:31.493210+00:00 mail-www postgrey[1350278]:
action=pass, reason=triplet found, client_name=mail01.ipfire.org,
client_address=81.3.27.42,
sender=replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org,
recipient=n...@howitts.co.uk
2024-11-17T09:12:31.509269+00:00 mail-www postfix/smtpd[2173196]:
7C24870002B: client=mail01.ipfire.org[81.3.27.42]
2024-11-17T09:12:31.551562+00:00 mail-www postfix/cleanup[2173208]:
7C24870002B: message-id=<discourse/post/60...@community.ipfire.org>
2024-11-17T09:12:31.555141+00:00 mail-www postfix/qmgr[2087635]:
7C24870002B:
from=<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>,
size=10185, nrcpt=1 (queue active)
2024-11-17T09:12:31.555370+00:00 mail-www postfix/smtpd[2173196]:
disconnect from mail01.ipfire.org[81.3.27.42] ehlo=2 starttls=1
mail=1 rcpt=1 data=1 quit=1 commands=7
2024-11-17T09:12:31.584986+00:00 mail-www amavis[2068017]:
(2068017-11) ESMTP [127.0.0.1]:10024
/var/lib/amavis/tmp/amavis-20241116T220446-2068017-9_s4Yr36:
<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
-> <n...@howitts.co.uk> SIZE=10185 Received: from mail.howitts.co.uk
([127.0.0.1]) by localhost (mail.howitts.co.uk [127.0.0.1]) (amavis,
port 10024) with ESMTP for <n...@howitts.co.uk>; Sun, 17 Nov 2024
09:12:31 +0000 (GMT)
2024-11-17T09:12:31.898818+00:00 mail-www amavis[2068017]:
(2068017-11) dkim: VALID Author+Sender+MailFrom signature by
d=community.ipfire.org, From: <no-re...@community.ipfire.org>,
a=rsa-sha256, c=relaxed/relaxed, s=202003rsa,
i=@community.ipfire.org,
m.list(ml:static/dynamic-routing.networking.community.ipfire.org)
2024-11-17T09:12:32.176335+00:00 mail-www amavis[2068017]:
(2068017-11) dkim: FAILED Author+Sender+MailFrom signature by
d=community.ipfire.org, From: <no-re...@community.ipfire.org>,
a=ed25519-sha256, c=relaxed/relaxed, s=202003ed25519,
i=@community.ipfire.org,
m.list(ml:static/dynamic-routing.networking.community.ipfire.org),
invalid (unsupported algorithm ed25519-sha256)
2024-11-17T09:12:32.176870+00:00 mail-www amavis[2068017]:
(2068017-11) Checking: 2H2mPQ_IIm-I [81.3.27.42]
<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
-> <n...@howitts.co.uk>
2024-11-17T09:12:32.189478+00:00 mail-www amavis[2068017]:
(2068017-11) p003 1 Content-Type: multipart/alternative
2024-11-17T09:12:32.190617+00:00 mail-www amavis[2068017]:
(2068017-11) p001 1/1 Content-Type: text/plain, 7bit, size: 501,
SHA1 digest: 19134d434767a7c161c2c8dfed018c60cb98d134
2024-11-17T09:12:32.191514+00:00 mail-www amavis[2068017]:
(2068017-11) p002 1/2 Content-Type: text/html, 7bit, size: 5037,
SHA1 digest: e01d22adf5e5edff837e1c447235c74f44112db7
2024-11-17T09:12:32.566676+00:00 mail-www amavis[2068017]:
(2068017-11) _WARN: plugin: eval failed: invalid DKIM result at
/usr/share/perl5/Mail/DMARC.pm line 107.
2024-11-17T09:12:37.372962+00:00 mail-www amavis[2068017]:
(2068017-11) SA info: async: aborting after 4.880 s, deadline
shrunk: URIBL, A/55.27.3.81.zen.spamhaus.org, rules: URIBL_SBL_A,
URIBL_CSS_A
2024-11-17T09:12:37.373400+00:00 mail-www amavis[2068017]:
(2068017-11) SA info: async: aborting after 4.953 s, deadline
shrunk: URIBL, A/fra.lwldns.net, rules: URIBL_SBL_A, URIBL_CSS_A
2024-11-17T09:12:37.383465+00:00 mail-www amavis[2068017]:
(2068017-11) _WARN: check: dns_block_rule
RCVD_IN_ZEN_BLOCKED_OPENDNS hit, creating
/var/lib/amavis/.spamassassin/dnsblock_zen.spamhaus.org (This means
DNSBL blocked you due to too many queries. Set all affected rules
score to 0, or use "dns_query_restriction deny zen.spamhaus.org" to
disable queries)
2024-11-17T09:12:37.450712+00:00 mail-www amavis[2068017]:
(2068017-11) bounce unverifiable,
<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
-> <n...@howitts.co.uk>
2024-11-17T09:12:37.576066+00:00 mail-www postfix/smtpd[2173231]:
connect from localhost[127.0.0.1]
2024-11-17T09:12:37.579832+00:00 mail-www postfix/smtpd[2173231]:
8D7D2717AB7: client=localhost[127.0.0.1]
2024-11-17T09:12:37.583409+00:00 mail-www postfix/cleanup[2173208]:
8D7D2717AB7: message-id=<discourse/post/60...@community.ipfire.org>
2024-11-17T09:12:37.585941+00:00 mail-www postfix/smtpd[2173231]:
disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1
quit=1 commands=5
2024-11-17T09:12:37.586522+00:00 mail-www postfix/qmgr[2087635]:
8D7D2717AB7:
from=<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>,
size=10878, nrcpt=1 (queue active)
2024-11-17T09:12:37.587714+00:00 mail-www amavis[2068017]:
(2068017-11) 2H2mPQ_IIm-I FWD from
<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
-> <n...@howitts.co.uk>, BODY=7BIT 250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D7D2717AB7
2024-11-17T09:12:37.598124+00:00 mail-www amavis[2068017]:
(2068017-11) Passed CLEAN {RelayedInbound}, [81.3.27.42]:37916
[81.3.27.42]
<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
-> <n...@howitts.co.uk>, Queue-ID: 7C24870002B, Message-ID:
<discourse/post/60...@community.ipfire.org>, mail_id: 2H2mPQ_IIm-I,
Hits: -7.213, size: 10172, queued_as: 8D7D2717AB7,
dkim_sd=202003rsa:community.ipfire.org, 6023 ms
2024-11-17T09:12:37.598336+00:00 mail-www amavis[2068017]:
(2068017-11) TIMING-SA total 5164 ms - parse: 9 (0.2%),
extract_message_metadata: 17 (0.3%), tests_pri_-10000: 6 (0.1%),
get_uri_detail_list: 6 (0.1%), tests_pri_-2000: 4.5 (0.1%),
tests_pri_-1000: 3.9 (0.1%), tests_pri_-950: 2.2 (0.0%),
tests_pri_-900: 1.82 (0.0%), tests_pri_-100: 223 (4.3%), check_spf:
147 (2.9%), poll_dns_idle: 4727 (91.5%), check_razor2: 9 (0.2%),
check_pyzor: 8 (0.2%), tests_pri_-90: 4.0 (0.1%), tests_pri_0: 184
(3.6%), tests_pri_500: 1.91 (0.0%), learn: 52 (1.0%), b_learn: 42
(0.8%), b_count_change: 18 (0.3%), get_report: 1.40 (0.0%)
2024-11-17T09:12:37.602743+00:00 mail-www
postfix/amavis/smtp[2173209]: 7C24870002B: to=<n...@howitts.co.uk>,
relay=127.0.0.1[127.0.0.1]:10024, delay=7, delays=0.96/0.02/0.01/6,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
250 2.0.0 Ok: queued as 8D7D2717AB7)
2024-11-17T09:12:37.602993+00:00 mail-www postfix/qmgr[2087635]:
7C24870002B: removed
2024-11-17T09:12:37.605239+00:00 mail-www amavis[2068017]:
(2068017-11) size: 10172, TIMING [total 6030 ms] - SMTP greeting:
3.9 (0%)0, SMTP EHLO: 1.2 (0%)0, SMTP pre-MAIL: 1.1 (0%)0, SMTP
MAIL: 2.4 (0%)0, SMTP pre-DATA-flush: 2.0 (0%)0, SMTP DATA: 37
(1%)1, check_init: 0.6 (0%)1, digest_hdr: 5 (0%)1, digest_body_dkim:
265 (4%)5, collect_info: 283 (5%)10, mime_decode: 16 (0%)10,
get-file-type2: 33 (1%)11, parts_decode: 0.6 (0%)11, check_header:
1.8 (0%)11, AV-scan-1: 50 (1%)12, spam-wb-list: 2.1 (0%)12, SA msg
read: 0.9 (0%)12, SA parse: 11 (0%)12, SA check: 5151 (85%)97,
decide_mail_destiny: 9 (0%)97, notif-quar: 0.3 (0%)97, fwd-connect:
126 (2%)100, fwd-mail-pip: 3.3 (0%)100, fwd-rcpt-pip: 0.3 (0%)100,
fwd-data-chkpnt: 0.1 (0%)100, write-header: 0.9 (0%)100,
fwd-data-contents: 0.2 (0%)100, fwd-end-chkpnt: 6 (0%)100,
prepare-dsn: 1.4 (0%)100, report: 3.2 (0%)100, main_log_entry: 6
(0%)100, update_snmp: 2.9 (0%)100, SMTP pre-response: 0.7 (0%)100,
SMTP response: 0.3 (0%)100, unlink-2-files: 0.6 (0%)100, rundown:
2.0 (0%)100
2024-11-17T09:12:37.631035+00:00 mail-www dovecot: lmtp(2173233):
Connect from local
2024-11-17T09:12:37.680128+00:00 mail-www dovecot:
lmtp(nick)<2173233><IECQJYWzOWcxKSEAXBDGSw>: sieve:
msgid=<discourse/post/60...@community.ipfire.org>: stored mail into
mailbox 'INBOX'
2024-11-17T09:12:37.681798+00:00 mail-www postfix/lmtp[2173232]:
8D7D2717AB7: to=<n...@howitts.co.uk>,
relay=mail.howitts.co.uk[private/dovecot-lmtp], delay=0.1,
delays=0.01/0.02/0.03/0.05, dsn=2.0.0, status=sent (250 2.0.0
<n...@howitts.co.uk> IECQJYWzOWcxKSEAXBDGSw Saved)
2024-11-17T09:12:37.682117+00:00 mail-www dovecot: lmtp(2173233):
Disconnect from local: Logged out (state=READY)
2024-11-17T09:12:37.682314+00:00 mail-www postfix/qmgr[2087635]:
8D7D2717AB7: removed
And the associated email headers:
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path:<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>
Delivered-To:n...@howitts.co.uk
Received: from mail.howitts.co.uk
by mail-www.howitts.co.uk with LMTP
id IECQJYWzOWcxKSEAXBDGSw
(envelope-from<replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org>)
for<n...@howitts.co.uk>; Sun, 17 Nov 2024 09:12:37 +0000
Received: from localhost (localhost [127.0.0.1])
by mail.howitts.co.uk (Postfix) with ESMTP id 8D7D2717AB7
for<n...@howitts.co.uk>; Sun, 17 Nov 2024 09:12:37 +0000 (GMT)
X-Virus-Scanned: Debian amavis at howitts.co.uk
Authentication-Results: mail.howitts.co.uk (amavis); dkim=pass (2048-bit key)
header.d=community.ipfire.org header.b="Xdx7PjjI"; dkim=neutral
reason="invalid (unsupported algorithm ed25519-sha256)"
header.d=community.ipfire.org header.b="BUGJjFxL"
Received: from mail.howitts.co.uk ([127.0.0.1])
by localhost (mail.howitts.co.uk [127.0.0.1]) (amavis, port 10024) with
ESMTP
id 2H2mPQ_IIm-I for<n...@howitts.co.uk>;
Sun, 17 Nov 2024 09:12:31 +0000 (GMT)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=81.3.27.42;
helo=mail01.ipfire.org;envelope-from=replies+verp-dd7e31ce1d2257085a0eb3e696fd2...@community.ipfire.org;
receiver=howitts.co.uk
Received: from mail01.ipfire.org (mail01.ipfire.org [81.3.27.42])
by mail.howitts.co.uk (Postfix) with ESMTPS id 7C24870002B
for<n...@howitts.co.uk>; Sun, 17 Nov 2024 09:12:30 +0000 (GMT)
Received: from web06.haj.ipfire.org (web06.haj.ipfire.org [172.28.1.168])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits)
client-signature ECDSA (secp384r1))
(Client CN "web06.haj.ipfire.org", Issuer "E6" (verified OK))
by mail01.ipfire.org (Postfix) with ESMTPS id 4XrlQN75Qwz16F
for<n...@howitts.co.uk>; Sun, 17 Nov 2024 09:12:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=community.ipfire.org;
s=202003rsa; t=1731834749;
h=from:from:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:
list-unsubscribe;
bh=yeo7BGncPuARp0WUCDB+EdTvy7ucVXunQxiQbBGCl3Y=;
b=Xdx7PjjIAAHRK70wznRvhiv/rbf3X6DUkAs8ObBFI51U2veYfge43ML/oH3R2Bxl5RoHUK
/n0l9wTXuBc2JOvauVllltlaSV0z6AfLq4crWPOiY0hqdCbIN2mAAUfKiL2WXGMuJA2a8+
r4mn4Yi3xA7Dk+ITO1gxMfRZLdt6r6ffudmZvM4qRTAhW9ZSRcssNjvYVLZihmATmVcZnO
sUeU5qRk5ELE1vyZAsXViusk+T+XVn9/450qnPwzpxgyriy/fI0t10uK5cFjOg4zQLWrVZ
bZFyubMz8FaSJ4jNeg/GVyg1OhAeZuAsHD+C+dKySq1KQx+JmPurjv7oWQm7HQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
d=community.ipfire.org;
s=202003ed25519; t=1731834749;
h=from:from:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:
list-unsubscribe;
bh=yeo7BGncPuARp0WUCDB+EdTvy7ucVXunQxiQbBGCl3Y=;
b=BUGJjFxLd2iknutxsPL9TViCbwGyNtzOrAr80hN3ndVrU2YXs+DFVQxEgRc9ZahcU6DfmK
UOl6un0PGgwti1DA==
Received: from localhost (unknown [172.17.0.3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest
SHA384)
(Client did not present a certificate)
by web06.haj.ipfire.org (Postfix) with ESMTPS id 4XrlQN4SVfzMM
for<n...@howitts.co.uk>; Sun, 17 Nov 2024 09:12:28 +0000 (UTC)
Date: Sun, 17 Nov 2024 09:12:28 +0000
From: Martin Koller via IPFire Community<no-re...@community.ipfire.org>
Reply-To: IPFire
Community<replies+f0516feabf80650ef4fdce06ef312...@community.ipfire.org>
To:n...@howitts.co.uk
Message-ID:<discourse/post/60...@community.ipfire.org>
In-Reply-To:<discourse/post/60...@community.ipfire.org>
References:<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
<discourse/post/60...@community.ipfire.org>
Subject: [IPFire Community] [Networking/Static/Dynamic Routing] Simple
reverse
proxy configuration
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_6739b37c625b0_8116e129da0143182";
charset=UTF-8
Content-Transfer-Encoding: 7bit
List-Unsubscribe:<https://community.ipfire.org/email/unsubscribe/cfee7fbf786932c659009da922d326a81bf1a952094413dbfa852ae73e6debb2>
X-Discourse-Post-Id: 60772
X-Discourse-Topic-Id: 13128
X-Discourse-Category: Networking/Static/Dynamic Routing
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
Precedence: list
List-ID: IPFire Community | Networking Static/Dynamic Routing
<static/dynamic-routing.networking.community.ipfire.org>
List-Archive:https://community.ipfire.org/t/simple-reverse-proxy-configuration/13128
Looking at the logs, last week they nearly all came from the IPFire mailing
lists and forums, but there are a Couple from the Dovecot mailing list and a
random shopping site.
Line 107 is the "push" line in the "dkim" subroutine
#warn "iterative\n";
push @{ $self->{dkim}},
Mail::DMARC::Report::Aggregate::Record::Auth_Results::DKIM->new(@args);
Regards
Nick
