Mailing List Archive: SPF: SRS

Allowed characters in SRS Hash

Index | Next | Previous | View Threaded

spf at hilotec

Aug 13, 2006, 10:08 AM

Post #1 of 11 (12382 views)
Permalink

Allowed characters in SRS Hash

Hello,

I wondered if it is possible to exclude certain characters from being
used where doing an SRS Hash with the Mail::SRS perl module?
On my first try the module generated a hash that contained a slash (/).
Unfortunately this character is not allowed in the local part with
Postfix as MTA, so the bounce did not come back.

Regards.

Jean-Pierre

--
HILOTEC Engineering + Consulting AG
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

julian at mehnle

Aug 13, 2006, 12:15 PM

Post #2 of 11 (11910 views)
Permalink

Re: Allowed characters in SRS Hash [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean-Pierre Schwickerath wrote:
> I wondered if it is possible to exclude certain characters from being
> used where doing an SRS Hash with the Mail::SRS perl module?
> On my first try the module generated a hash that contained a slash (/).
> Unfortunately this character is not allowed in the local part with
> Postfix as MTA, so the bounce did not come back.

I'd suggest that you write a sub-class of Mail::SRS that overrides the
hash_create() and hash_verify() methods (which use Digest::HMAC_SHA1::
b64digest() for the Base64 conversions) and substitutes any "/"s in the
hash with another character, say ".". hash_verify() would have to do the
reverse to the passed hash (i.e. undo the substitution before the hash is
verified), of course.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE33pvwL7PKlBZWjsRAnwHAKCH8Bcy6Fcz8xIgNZ/7Y/HRO92RSwCgvqYD
FjgnjdoLskuUChJMPSjy15s=
=7D24
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

tom at linxure

Aug 13, 2006, 2:46 PM

Post #3 of 11 (11906 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

>Jean-Pierre Schwickerath wrote:
> > I wondered if it is possible to exclude certain characters from being
> > used where doing an SRS Hash with the Mail::SRS perl module?
> > On my first try the module generated a hash that contained a slash (/).
> > Unfortunately this character is not allowed in the local part with
> > Postfix as MTA, so the bounce did not come back.
>
>I'd suggest that you write a sub-class of Mail::SRS that overrides the
>hash_create() and hash_verify() methods (which use Digest::HMAC_SHA1::
>b64digest() for the Base64 conversions) and substitutes any "/"s in the
>hash with another character, say ".". hash_verify() would have to do the
>reverse to the passed hash (i.e. undo the substitution before the hash is
>verified), of course.

Probably not. You'll want to change to a Digest subclass that
doesn't create "/", or make up your own hash altogether. Doing
simple character substitution screws up the math when verifying
it. When you reverse the substitution to verify the hash, you'll
reverse all "." into "/", which won't work if HMAC_SHA1 normally
outputs ".". Substitution will only work if HMAC_SHA1 doesn't output
the character you substitute with.

Or... isn't Postfix highly configurable? Simply change the config to
allow "/" in local parts.

--
-- =========================
Tom Lahti
Linxure Corporation

(888)489-3782
http://www.linxure.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

julian at mehnle

Aug 13, 2006, 3:24 PM

Post #4 of 11 (11922 views)
Permalink

Re: Allowed characters in SRS Hash [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Lahti wrote:
> > Jean-Pierre Schwickerath wrote:
> > > I wondered if it is possible to exclude certain characters from
> > > being used where doing an SRS Hash with the Mail::SRS perl module?
> > > On my first try the module generated a hash that contained a slash
> > > (/). Unfortunately this character is not allowed in the local part
> > > with Postfix as MTA, so the bounce did not come back.
> >
> > I'd suggest that you write a sub-class of Mail::SRS that overrides the
> > hash_create() and hash_verify() methods (which use Digest::HMAC_SHA1::
> > b64digest() for the Base64 conversions) and substitutes any "/"s in the
> > hash with another character, say ".". hash_verify() would have to do
> > the reverse to the passed hash (i.e. undo the substitution before the
> > hash is verified), of course.
>
> Probably not. You'll want to change to a Digest subclass that
> doesn't create "/", or make up your own hash altogether. Doing
> simple character substitution screws up the math when verifying
> it. When you reverse the substitution to verify the hash, you'll
> reverse all "." into "/", which won't work if HMAC_SHA1 normally
> outputs ".". Substitution will only work if HMAC_SHA1 doesn't output
> the character you substitute with.

I was fully aware of that. Digest::HMAC_SHA1::b64digest() outputs Base64.
- From `perldoc Digest::SHA1` (Digest::SHA1 is what Digest::HMAC_SHA1 uses):

| $sha1->b64digest
| Same as $sha1->digest, but will return the digest as a base64 encoded
| string. The length of the returned string will be 27 and it will only
| contain characters from this set: 'A'..'Z', 'a'..'z', '0'..'9', '+'
| and '/'.

Conforming to the usual definition of Base64, that doesn't include ".".

q.e.d.

I seriously doubt it would be a good idea to define a Digest sub-class
whose b64digest() method no longer produces canonical Base64. For private
needs it might be acceptable, but I still think a Mail::SRS sub-class is a
better idea.

After all, it's the SRS implementation's responsibility to encode the hash,
and since the hash only has meaning on the sending system, nobody else
should care about _how_ exactly the hash is encoded.

> Or... isn't Postfix highly configurable? Simply change the config to
> allow "/" in local parts.

That may be the best solution of all.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE36aZwL7PKlBZWjsRAn6CAKCjVEeLEVtLI+WkGUBXieIcsm/G1ACdHelc
2N/S7J69q34ULm8ntZrNhNU=
=Id8m
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

scott at kitterman

Aug 13, 2006, 6:20 PM

Post #5 of 11 (11919 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

On Sun, 13 Aug 2006 14:46:28 -0700 Tom Lahti <tom [at] linxure> wrote:
>
>>Jean-Pierre Schwickerath wrote:
>> > I wondered if it is possible to exclude certain characters from being
>> > used where doing an SRS Hash with the Mail::SRS perl module?
>> > On my first try the module generated a hash that contained a slash (/).
>> > Unfortunately this character is not allowed in the local part with
>> > Postfix as MTA, so the bounce did not come back.
>>
>>I'd suggest that you write a sub-class of Mail::SRS that overrides the
>>hash_create() and hash_verify() methods (which use Digest::HMAC_SHA1::
>>b64digest() for the Base64 conversions) and substitutes any "/"s in the
>>hash with another character, say ".". hash_verify() would have to do the
>>reverse to the passed hash (i.e. undo the substitution before the hash is
>>verified), of course.
>
>Probably not. You'll want to change to a Digest subclass that
>doesn't create "/", or make up your own hash altogether. Doing
>simple character substitution screws up the math when verifying
>it. When you reverse the substitution to verify the hash, you'll
>reverse all "." into "/", which won't work if HMAC_SHA1 normally
>outputs ".". Substitution will only work if HMAC_SHA1 doesn't output
>the character you substitute with.
>
>Or... isn't Postfix highly configurable? Simply change the config to
>allow "/" in local parts.

I think the OP needs to go back and examine his analysis. With my Postfix
2.2 it is allowed just fine. I just sent a message from
scott/test [at] kitterman and it was sent and delivere no problem with
Postfix on both ends and no special allowances made for "/".

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

spf at hilotec

Aug 13, 2006, 11:54 PM

Post #6 of 11 (11924 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

> I think the OP needs to go back and examine his analysis. With my
> Postfix 2.2 it is allowed just fine. I just sent a message from
> scott/test [at] kitterman and it was sent and delivere no problem with
> Postfix on both ends and no special allowances made for "/".

The way I understand it is that the slash (/) is only disallowed in the
local part of the recipient mail address. In the following example
user+folder [at] domain the "folder" can't contain a slash.
If you don't use the local extension as you did then I presume that it
is possible to use the slash.
I used the scripts described in the following posting:
http://www.mhonarc.org/archive/html/spf-discuss/2004-06/msg00509.html

If there is another way to include SRS with postfix, then I'd be
willing to try an alternative.

Regards.

Jean-Pierre

--
HILOTEC Engineering + Consulting AG
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

scott at kitterman

Aug 14, 2006, 10:56 AM

Post #7 of 11 (11922 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

On Monday 14 August 2006 02:54, Jean-Pierre Schwickerath wrote:
> > I think the OP needs to go back and examine his analysis. With my
> > Postfix 2.2 it is allowed just fine. I just sent a message from
> > scott/test [at] kitterman and it was sent and delivere no problem with
> > Postfix on both ends and no special allowances made for "/".
>
> The way I understand it is that the slash (/) is only disallowed in the
> local part of the recipient mail address. In the following example
> user+folder [at] domain the "folder" can't contain a slash.
> If you don't use the local extension as you did then I presume that it
> is possible to use the slash.

I tried scott+test/yes [at] kitterman My Postfix 2.2 box accepted it and sent
it to my domain host. Their border MTA (also Postfix, version unknown to me)
accepted it. Their internal relay successfully relayed it to the delivery
agent and the delivery agent lost it.

They are still investigating that last bit.

In any case, I don't think the slash prohibition is a generally correct
statement for Postfix.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

spf at hilotec

Aug 15, 2006, 1:11 AM

Post #8 of 11 (11926 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

Hi Scott,

> I tried scott+test/yes [at] kitterman My Postfix 2.2 box accepted it
> and sent it to my domain host. Their border MTA (also Postfix,
> version unknown to me) accepted it. Their internal relay
> successfully relayed it to the delivery agent and the delivery agent
> lost it.
>
> They are still investigating that last bit.
>
> In any case, I don't think the slash prohibition is a generally
> correct statement for Postfix.

I investigated the thing a bit further. Postfix doesn't generally
disallow the usage of "/". It's just the local-daemon, responsible for
the local delivery of the message to a mailbox that can't handle it.
I can perfectly relay a message containing a / in the local part of the
email address but if the delivery agent is running postfix with the
local daemon then I get the following logfile entry:

postfix/local[9934]: warning: 4D2052000F3: address with illegal
extension: srs0+uer/=bz=hilotec.net=jps
postfix/local[9934]: 4D2052000F3:
to=<srs0+uer/=bz=hilotec.net=jps [at] srs>, relay=local,
delay=21, status=bounced (unknown user: "srs0+uer/=bz=hilotec.net=jps")

Wietse explains it here:
http://archives.neohapsis.com/archives/postfix/2000-12/0113.html

So I guess I'll have to switch to lmtp or something else if I want to
ensure the delivery of bounced forwarded messages to my own users.

Regards.

Jean-Pierre

--
HILOTEC Engineering + Consulting AG
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

scott at kitterman

Aug 15, 2006, 5:05 AM

Post #9 of 11 (11912 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

On Tuesday 15 August 2006 04:11, Jean-Pierre Schwickerath wrote:

> So I guess I'll have to switch to lmtp or something else if I want to
> ensure the delivery of bounced forwarded messages to my own users.
>
That or re-write Mail From to a safe value before passing it to local. Once
you've accepted the message, the specific value in an SRS'ed local part is
pretty meaningless.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

stuart at bmsi

Aug 15, 2006, 10:38 AM

Post #10 of 11 (11926 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

On Tue, 15 Aug 2006, Scott Kitterman wrote:

> On Tuesday 15 August 2006 04:11, Jean-Pierre Schwickerath wrote:
>
> > So I guess I'll have to switch to lmtp or something else if I want to
> > ensure the delivery of bounced forwarded messages to my own users.
> >
> That or re-write Mail From to a safe value before passing it to local. Once
> you've accepted the message, the specific value in an SRS'ed local part is
> pretty meaningless.

Pymilter undoes SRS before passing a message on to sendmail (or rejects
if the signature is invalid). So sendmail (and the LDA) never sees
the SRS signature. I'm not sure how your LDA would be able to deliver
the message sign SRS signature anyway - unless it understands SRS.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

scott at kitterman

Aug 16, 2006, 8:21 AM

Post #11 of 11 (11918 views)
Permalink

Re: Re: Allowed characters in SRS Hash [In reply to]

On Tue, 15 Aug 2006 13:38:55 -0400 (EDT) "Stuart D. Gathman"
<stuart [at] bmsi> wrote:
>On Tue, 15 Aug 2006, Scott Kitterman wrote:
>
>> On Tuesday 15 August 2006 04:11, Jean-Pierre Schwickerath wrote:
>>
>> > So I guess I'll have to switch to lmtp or something else if I want to
>> > ensure the delivery of bounced forwarded messages to my own users.
>> >
>> That or re-write Mail From to a safe value before passing it to local.
Once
>> you've accepted the message, the specific value in an SRS'ed local part
is
>> pretty meaningless.
>
>Pymilter undoes SRS before passing a message on to sendmail (or rejects
>if the signature is invalid). So sendmail (and the LDA) never sees
>the SRS signature. I'm not sure how your LDA would be able to deliver
>the message sign SRS signature anyway - unless it understands SRS.
>
If the OP is using Postfix 2.3, then using pymilter would be an option too.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads