fastmail / mail-dkim Goto Github PK
View Code? Open in Web Editor NEWThis project forked from marcbradshaw/mail-dkim
Mail::DKIM Perl module, forked from svn://svn.code.sf.net/p/dkimproxy/code/Mail-DKIM/trunk
This project forked from marcbradshaw/mail-dkim
Mail::DKIM Perl module, forked from svn://svn.code.sf.net/p/dkimproxy/code/Mail-DKIM/trunk
unless ( $self->{'Domain'} ) {
die 'invalid header property';
}
shouldnt that be "invalid domain property" ?
Hi,
I (and a lot of other people) are using Mail::DKIM as part of SpamAssassin to verify the DKIM signatures on mails. SpamAssassin logs that the signatures on my mails were faulty, but opendkim says they're okay (but opendkim-testmsg fails to parse the DKIM headers, so I'm even further down the rabbit hole).
Is there some way to make this packet tell me why it regards the signature as valid?
In Debian, we have the following bug report about scripts/dkimsign.pl (shipped as dkimproxy-sign):
https://bugs.debian.org/961472
which, in two parts, suggest to change the default algorithm from rsa-sha1 to rsa-sha256, referring to RFC 8301, and also notes that the POD in the script only documents part of the actual options.
Thanks for considering,
gregor, Debian Perl Group
While testing a test version of Net::DNS which is version 1.40_02 I encountered an error in DKIM/PublickKey.pm where it checks the version. Also, see issue #8 in which the actual problem was the same bug in SpamAssassin that I have fixed in the upcoming 4.0.1 release, although your workaround in DKIM avoids the bug in SpamAssassin and is fine.
The correct way to check versions in perl is to add
use version;
(See https://metacpan.org/pod/version)
and then change line 107 to do the version comparison like this
if ( version->parse(Net::DNS->VERSION) >= version->parse(0.69) )
RFC 6376 section 5.3.1 defines the "l=" tag of the DKIM-Signature header
field.
Mail::DKIM supports this for verification but not for signing.
https://tools.ietf.org/html/rfc6376#section-3.2 states:
Tags with duplicate names MUST NOT occur within a single tag-list;
if a tag name does occur more than once, the entire tag-list is invalid.
Suggestion:
diff --git a/lib/Mail/DKIM/KeyValueList.pm b/lib/Mail/DKIM/KeyValueList.pm
index 0d98574..1c33fe9 100644
--- a/lib/Mail/DKIM/KeyValueList.pm
+++ b/lib/Mail/DKIM/KeyValueList.pm
@@ -50 +50,6 @@ sub parse {
- $self->{tags_by_name}->{$tagname} = $tag;
+ if (defined $self->{tags_by_name}->{$tagname}) {
+ # https://tools.ietf.org/html/rfc6376#section-3.2
+ croak 'reused tag name';
+ } else {
+ $self->{tags_by_name}->{$tagname} = $tag;
+ }
Hello,
I'm getting a crash on FreeBSD 13.2 while checking DKIM signature in Amavisd-new. Stack trace attached..
Mail-DKIM-1.20230911
amavisd-new-2.12.2_1,1
AmavisCrash.txt
Regards,
Armin.
See fastmail/authentication_milter#28
I think I've might stumbled upon a bug when the 'v=' tag is missing in a DKIM record. The DKIM record below does not have a 'v=' tag. This tag is RECOMMENDED but not REQUIRED in the key record but the absence seems to result in a 'temperror' with a human_result blaming an unsupported algorithm.
Example:
20160525114544pm._domainkey.paddle.com descriptive text "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ6rcSjbkJ/G7dApE4FynJ6jTYI2pKgE9QVDAf0OLpg6WdvtwqyKaayHcqrIljorgs9jZjhQbdF14e1DGcTXPJF8m0tfeQeeNgP5PaHel0plhLJDpT964zfZaUEr5NLeE0fkMZ16CiAyB8ZpH4y4m8FK5O5HGvkAuTgmfF4bVYhwIDAQAB"
DMARC report:
<dkim>
<domain>paddle.com</domain>
<selector>20160525114544pm</selector>
<result>temperror</result>
<human_result>invalid (unsupported algorithm rsa-sha1)</human_result>
</dkim>
Hi. I'm the author of "better-qmail-remote", a wrapper around qmail-remote that adds DKIM signatures. The project is currently using Mail::DKIM. I've been asked to support EdDSA (ed25519) keys, which I have done, but have realized that Mail::DKIM does not yet support such keys. What are your thoughts on adding such support?
Here is my project branch that supports EdDSA: https://github.com/pflanze/better-qmail-remote/tree/issue1
Here is the original issue on the matter: pflanze/better-qmail-remote#1
Thanks a lot!
Running /usr/bin/sa-learn --sync
via a cronjob of amavisd-new complains about wrong arguments:
Argument "1.20200513.1" isn't numeric in numeric ge (>=) at /usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm line 686.
Argument "1.20200513.1" isn't numeric in numeric ge (>=) at /usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm line 809.
This seems to be caused by the new versioning of libmail-dkim-perl.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.