Mailing List Archive: exim: users

DKIM returning "pass" with body hash mismatch

Index | Next | Previous | View Threaded

dballenger at denetron

Nov 20, 2009, 4:51 PM

Post #1 of 8 (1189 views)
Permalink

DKIM returning "pass" with body hash mismatch

I just upgraded to the new Exim 4.70 and am experimenting with the new DKIM support, I've found something that appears odd to me but maybe there's just a misconfiguration on my part that would explain it somehow.

I have the following ACL setu to check the status and then put in a header (little redundant at the moment, I realize, eventually I may change it to deny messages with a "fail" status, but I just wanted to see how it treated things for now).

acl_check_dkim:
warn dkim_status = none:invalid:fail
add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"
accept dkim_status = pass
add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"

I sent myself a message from gmail (DKIM signed) and then I took the received message on my server side and copy and pasted it into a text editor and modified the body content so that the hash would be not match, and then sent it via telnet to myself.

The following header line is what gets inserted:
Authentication-Results: mail.denetron.com; dkim=pass; signing_identity="gmail.com"; reason="bodyhash_mismatch"

Reading the documentation (http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html) it sounds like that reason should only be present in the event of a "fail" $dkim_status.

The log file also shows that verification succeeded without any errors:
2009-11-21 00:39:46 1NBe0t-000Llb-7I DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]

It does appear that the verification does indicate a failure in some cases though as I have found the following line in the log file:
2009-11-21 00:36:31 1NBdxn-000Lku-P4 DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1258763782 [.verification failed - signature did not verify (headers probably modified in transit)]

Is this a configuration issue or is something else going on here?

-Daniel
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tlyons at ivenue

Nov 20, 2009, 8:56 PM

Post #2 of 8 (1100 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

On Fri, Nov 20, 2009 at 4:51 PM, Daniel Ballenger
<dballenger [at] denetron> wrote:
> I just upgraded to the new Exim 4.70 and am experimenting with the new DKIM support, I've found something that appears odd to me but maybe there's just a misconfiguration on my part that would explain it somehow.
>
> I have the following ACL setu to check the status and then put in a header (little redundant at the moment, I realize, eventually I may change it to deny messages with a "fail" status, but I just wanted to see how it treated things for now).
>
>
> acl_check_dkim:
> warn dkim_status = none:invalid:fail
> add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"
> accept dkim_status = pass
> add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"

I've been working a lot with dkim over the past few days, so I've got
some comments to make. You don't mention the global setting
dkim_verify_signers, so if you didn't set it, it runs this ACL once
for each DKIM signature it encounters while parsing the headers.

> I sent myself a message from gmail (DKIM signed) and then I took the received message on my server side and copy and pasted it into a text editor and modified the body content so that the hash would be not match, and then sent it via telnet to myself.
>
> The following header line is what gets inserted:
> Authentication-Results: mail.denetron.com; dkim=pass; signing_identity="gmail.com"; reason="bodyhash_mismatch"
>
> Reading the documentation (http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html) it sounds like that reason should only be present in the event of a "fail" $dkim_status.

It will generate a reason for either fail or invalid status. However,
the log message above is a bit of an oddity. It's saying "pass", but
there is a failure message. Was that a paste error or is that really
in your logs? Can you tell if two messages were sent in one session?

> The log file also shows that verification succeeded without any errors:
> 2009-11-21 00:39:46 1NBe0t-000Llb-7I DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
>
> It does appear that the verification does indicate a failure in some cases though as I have found the following line in the log file:
> 2009-11-21 00:36:31 1NBdxn-000Lku-P4 DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1258763782 [.verification failed - signature did not verify (headers probably modified in transit)]
>
> Is this a configuration issue or is something else going on here?

Your config is essentially adding the same line for all results.
However (according to the docs) "At the end of each ACL there is an
implicit unconditional deny." That means you are rejecting any signed
message unless _every_ signature passes. You're probably still just
testing, but I wanted to point that fact out to you.

--
Regards... Todd
The best thing about pair programming is that you have the perfect
audience for your genius. -- Kent Beck

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

dballenger at denetron

Nov 20, 2009, 9:26 PM

Post #3 of 8 (1101 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

On Nov 20, 2009, at 8:56 PM, Todd Lyons wrote:

> On Fri, Nov 20, 2009 at 4:51 PM, Daniel Ballenger
> <dballenger [at] denetron> wrote:
>>
>> [snip]
>> acl_check_dkim:
>> warn dkim_status = none:invalid:fail
>> add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"
>> accept dkim_status = pass
>> add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"
>
> I've been working a lot with dkim over the past few days, so I've got
> some comments to make. You don't mention the global setting
> dkim_verify_signers, so if you didn't set it, it runs this ACL once
> for each DKIM signature it encounters while parsing the headers.
I didn't specify it (going with the default value then), is there a setting you recommend or have found works better?

>> [snip]
>> The following header line is what gets inserted:
>> Authentication-Results: mail.denetron.com; dkim=pass; signing_identity="gmail.com"; reason="bodyhash_mismatch"
>
> It will generate a reason for either fail or invalid status. However,
> the log message above is a bit of an oddity. It's saying "pass", but
> there is a failure message. Was that a paste error or is that really
> in your logs? Can you tell if two messages were sent in one session?
That's the header inserted into the message by the acl, copy and pasted. I only sent one mail by hand in my testing SMTP sessions.

> Your config is essentially adding the same line for all results.
> However (according to the docs) "At the end of each ACL there is an
> implicit unconditional deny." That means you are rejecting any signed
> message unless _every_ signature passes. You're probably still just
> testing, but I wanted to point that fact out to you.

Good point, I remember reading about that.

I tried modifying the ACL to be:
acl_check_dkim:
accept dkim_status = pass:none:invalid:fail
add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"

Which seems like it should accept the message then regardless of DKIM signature status in the message. I'm noticing though that while signed messages do get through fine, unsigned messages do not.

From another mail server (postfix) I can send from which does not sign messages I get the following error in the logs (on the postfix mail server):
Nov 20 20:44:31 mail postfix/smtp[7957]: 6812A3CF0C1: lost connection with mail.denetron.com[38.108.185.146] while sending end of data -- message may be sent more than once
Nov 20 20:44:31 mail postfix/smtp[7957]: SSL_connect error to mail2.denetron.com: -1
Nov 20 20:44:31 mail postfix/smtp[7957]: warning: TLS library problem: 7957:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578:
Nov 20 20:44:31 mail postfix/smtp[7957]: 6812A3CF0C1: Cannot start TLS: handshake failure

If I remove the acl_check_dkim though, the mail sends fine via TLS.

Thanks for your help.
-Daniel

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

sean at donelan

Nov 21, 2009, 12:15 AM

Post #4 of 8 (1092 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

On Fri, 20 Nov 2009, Daniel Ballenger wrote:
> I just upgraded to the new Exim 4.70 and am experimenting with the new DKIM support, I've found something that appears odd to me but maybe there's just a misconfiguration on my part that would explain it somehow.

It looks like a bug in pdkim.c. pdkim_feed_finish() overwrites the value
of sig->verify_status set by pdkim_finish_bodyhash() with
PDKIM_VERIFY_PASS.

Whether Exim should attempt to retrieve and parse the DNS records anyway,
or skip the signature completely depends whether the developers think the
collateral variables like dkim_key_testing should be filled in. Its more
complicated to try to continue after the bodyhash verify error, i.e. if
multiple errors happen, which error is the final error?

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

nigel.metheringham at dev

Nov 21, 2009, 12:32 AM

Post #5 of 8 (1094 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

On 21 Nov 2009, at 08:15, Sean Donelan wrote:
> It looks like a bug in pdkim.c. pdkim_feed_finish() overwrites the value
> of sig->verify_status set by pdkim_finish_bodyhash() with
> PDKIM_VERIFY_PASS.

If we have a likely bug here please can a bugzilla entry be opened for it... I am just about to tag the 4.71 bug fix release so if there is a dkim bug I'd really like that to be nailed (or at least tracked so I can delay) before I pull the trigger.

Nigel.
--
[ Nigel Metheringham Nigel.Metheringham [at] InTechnology ]
[. - Comments in this message are my own and not ITO opinion/policy - ]

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tom at duncanthrax

Nov 21, 2009, 1:20 AM

Post #6 of 8 (1090 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

Nigel Metheringham schrieb:

> If we have a likely bug here please can a bugzilla entry be opened for it... I am just about to tag the 4.71 bug fix release so if there is a dkim bug I'd really like that to be nailed (or at least tracked so I can delay) before I pull the trigger.

I'll take a look at this tonight, gotta go shopping now ... :)

/tom

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tlyons at ivenue

Nov 22, 2009, 2:05 PM

Post #7 of 8 (1064 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

On Fri, Nov 20, 2009 at 9:26 PM, Daniel Ballenger
<dballenger [at] denetron> wrote:
>> some comments to make. You don't mention the global setting
>> dkim_verify_signers, so if you didn't set it, it runs this ACL once
>> for each DKIM signature it encounters while parsing the headers.
> I didn't specify it (going with the default value then), is there a setting you recommend or have found works better?

This is one of those cases where "it depends what you want".
1. If you want to only verify signatures that exist in an email, what
you have (nothing)is fine.
2. If you also want to check that some known domains (example,
paypal.com, gmail.com) that require dkim signatures aren't being
spoofed, you can override the default. But then you have to add some
additional logic to do that properly.

Read, reread, and then read again section 54.2 in the spec.txt,
specifically near the beginning.

Also look to an email thread from earlier this week where I asked a
lot of questions, got some good answers, and posted the config as I
was running it, which based on your header_add seems like you used it.
Read through the answers from the developers to me, they have a lot
of good little bits of info that cleared away the fog of my
understanding.

>> in your logs? Can you tell if two messages were sent in one session?
> That's the header inserted into the message by the acl, copy and pasted. I only sent one mail by hand in my testing SMTP sessions.

Sean's answer seems to indicate that there could be a bug where state
is crossing between different invocations. It is beyond me, and if I
am paraphrasing incorrectly, someone will correct me.

>> Your config is essentially adding the same line for all results.
>> However (according to the docs) "At the end of each ACL there is an
>> implicit unconditional deny." That means you are rejecting any signed
>> message unless _every_ signature passes. You're probably still just
>> testing, but I wanted to point that fact out to you.
>
> Good point, I remember reading about that.
>
> I tried modifying the ACL to be:
> acl_check_dkim:
> accept dkim_status = pass:none:invalid:fail
> add_header = Authentication-Results: $primary_hostname; dkim=$dkim_verify_status; signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"

Reason will be "" for both pass and none.

> Which seems like it should accept the message then regardless of DKIM signature status in the message. I'm noticing though that while signed messages do get through fine, unsigned messages do not.

That would seem to indicate that it's hitting the dkim acl even if
there is no signature. My experience is that is not the way it works.
However, I would add at the end of the acl:
accept log_message "DEBUG: accepting $dkim_cur_signer"
or
accept log_message "DEBUG: list is $dkim_signers"

See if the domain of the unsigned email appears in that. It should
not according to the docs. See if something unexpected comes up.

> If I remove the acl_check_dkim though, the mail sends fine via TLS.

I assume that adding the default accept also makes it work fine during TLS.

--
Regards... Todd
The best thing about pair programming is that you have the perfect
audience for your genius. -- Kent Beck

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tom at duncanthrax

Nov 23, 2009, 12:34 AM

Post #8 of 8 (1051 views)
Permalink

Re: DKIM returning "pass" with body hash mismatch [In reply to]

Sean Donelan wrote:

> It looks like a bug in pdkim.c. pdkim_feed_finish() overwrites the value
> of sig->verify_status set by pdkim_finish_bodyhash() with
> PDKIM_VERIFY_PASS.

You are right. This is now fixed.

Thanks!

/tom

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads