From 179ed8c31eb8c7f767ec0ef5e2856066d366515f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 5 Nov 2019 21:13:41 +0000 Subject: [PATCH] DKIM/CHUNKING: support CHUNKING when a transport_filter is used, if DKIM signing is being done --- doc/doc-docbook/spec.xfpt | 3 + doc/doc-txt/ChangeLog | 4 ++ src/src/transports/smtp.c | 5 ++ test/aux-fixed/4525.mlistfooter | 4 ++ test/confs/4525 | 113 ++++++++++++++++++++++++++++++++ test/log/4525 | 48 ++++++++++++++ test/mail/4525.a | 22 +++++++ test/mail/4525.b | 52 +++++++++++++++ test/mail/4525.c | 52 +++++++++++++++ test/scripts/4500-DKIM/4525 | 54 +++++++++++++++ 10 files changed, 357 insertions(+) create mode 100644 test/aux-fixed/4525.mlistfooter create mode 100644 test/confs/4525 create mode 100644 test/log/4525 create mode 100644 test/mail/4525.a create mode 100644 test/mail/4525.b create mode 100644 test/mail/4525.c create mode 100644 test/scripts/4500-DKIM/4525 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c8b999c9f..62109e915 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -24897,6 +24897,9 @@ unauthenticated. See also &%hosts_require_auth%&, and chapter .cindex "RFC 3030" "CHUNKING" This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. +.new +Unless DKIM signing is being done, +.wen BDAT will not be used in conjunction with a transport filter. .option hosts_try_dane smtp "host list&!!" * diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 45d126ccd..f9e39d2dc 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -18,6 +18,10 @@ JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. +JH/04 Support CHUNKING from an smtp transport using a transport_filter, when + DKIM signing is being done. Previously a transport_filter would always + disable CHUNKING, falling back to traditional DATA. + Exim version 4.93 ----------------- diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index b16b8b110..383d202b9 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -3571,6 +3571,11 @@ if (tblock->filter_command) && *transport_filter_argv && **transport_filter_argv && sx.peer_offered & OPTION_CHUNKING +#ifndef DISABLE_DKIM + /* When dkim signing, chunking is handled even with a transport-filter */ + && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector) + && !ob->dkim.force_bodyhash +#endif ) { sx.peer_offered &= ~OPTION_CHUNKING; diff --git a/test/aux-fixed/4525.mlistfooter b/test/aux-fixed/4525.mlistfooter new file mode 100644 index 000000000..7c33b8233 --- /dev/null +++ b/test/aux-fixed/4525.mlistfooter @@ -0,0 +1,4 @@ + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- diff --git a/test/confs/4525 b/test/confs/4525 new file mode 100644 index 000000000..3a843b99e --- /dev/null +++ b/test/confs/4525 @@ -0,0 +1,113 @@ +# Exim test configuration 4525 + +SERVER= +OPT= +FAKE = + +keep_environment = PATH:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK +add_environment = SSLKEYLOGFILE=/home/jgh/git/exim/test/spool/sslkeys +exim_path = EXIM_PATH +host_lookup_order = bydns +spool_directory = /home/jgh/git/exim/test/spool + +.ifdef SERVER +log_file_path = /home/jgh/git/exim/test/spool/log/SERVER%slog +.else +log_file_path = /home/jgh/git/exim/test/spool/log/%slog +.endif + +gecos_pattern = "" +gecos_name = CALLER_NAME +dns_cname_loops = 9 +chunking_advertise_hosts = * + +.ifdef _HAVE_REQTLS +tls_advertise_requiretls = +.endif +.ifdef _HAVE_PIPE_CONNECT +pipelining_connect_advertise_hosts = : +.endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif +tls_advertise_hosts = + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS +acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames +acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status + +dkim_verify_signers = $dkim_signers + +DDIR=DIR/aux-fixed/dkim + +log_selector = +received_recipients + + +# ----- Routers + +begin routers + +server_store: + driver = accept + condition = ${if eq {SERVER}{server}{yes}{no}} + transport = file + +client: + driver = accept + transport = send_to_server + +# ----- Transports + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + +.ifdef FILTER + transport_filter = /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter +.endif +.ifndef ALLOW + hosts_try_chunking = : +.endif + + dkim_domain = test.ex +.ifdef SELECTOR + dkim_selector = SELECTOR +.else + dkim_selector = sel +.endif + + dkim_private_key = ${extract {${length_3:$dkim_selector}} {\ + ses=dkim512.private \ + sel=dkim.private \ + sed=dkim_ed25519.private \ + }{DDIR/$value}} + +.ifndef HEADERS_MAXSIZE + dkim_sign_headers = OPT +.else + dkim_identity = allheaders@$dkim_domain +.endif +.ifdef VALUE + dkim_hash = VALUE +.endif +.ifdef STRICT + dkim_strict = STRICT +.endif +.ifdef TIMES + dkim_timestamps = TIMES +.endif + +file: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# End diff --git a/test/log/4525 b/test/log/4525 new file mode 100644 index 000000000..f4b7496d5 --- /dev/null +++ b/test/log/4525 @@ -0,0 +1,48 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbG-0005vi-00" +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmaX-0005vi-00@myhost.test.ex for a@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => a R=server_store T=file +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => b R=server_store T=file +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbC-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbC-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbB-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => c R=server_store T=file +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbE-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbE-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmbD-0005vi-00@myhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => b R=server_store T=file +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbG-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbG-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbF-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => c R=server_store T=file +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed diff --git a/test/mail/4525.a b/test/mail/4525.a new file mode 100644 index 000000000..2f78aec6e --- /dev/null +++ b/test/mail/4525.a @@ -0,0 +1,22 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=toy5chxow6W + 7Nn3qMvjZs+i0H00bQfi+6nakV6i36cRrZM/oWziHrc5IfYZuQunWNUA9UHnatK35Nsl7ZJRBU4em + wtzdO60jXnH7ZVyYjKxqTow9uCuuBKCgXdKxt1hpEfY0m7uUKt9OaqA0464NH5wEC4o/pt1aReidE + hvI6IY=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + diff --git a/test/mail/4525.b b/test/mail/4525.b new file mode 100644 index 000000000..6cd2538e0 --- /dev/null +++ b/test/mail/4525.b @@ -0,0 +1,52 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbA-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbE-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbD-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + diff --git a/test/mail/4525.c b/test/mail/4525.c new file mode 100644 index 000000000..1032c0d83 --- /dev/null +++ b/test/mail/4525.c @@ -0,0 +1,52 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbC-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbB-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbG-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbF-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + diff --git a/test/scripts/4500-DKIM/4525 b/test/scripts/4500-DKIM/4525 new file mode 100644 index 000000000..dced4ae46 --- /dev/null +++ b/test/scripts/4500-DKIM/4525 @@ -0,0 +1,54 @@ +# DKIM signing, with transport_filter +# +exim -bd -DSERVER=server -oX PORT_D +**** +# +# baseline (no transport_filter) +exim -DOPT=From -odf a@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# +# +# with transport_filter +exim -DOPT=From -DFILTER=y -odf b@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# with transport_filter and CHUNKING +exim -DOPT=From -DFILTER=y -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# +# for comparison, mails that should get identical sigs, though not using a transport_filter +exim -DOPT=From -odf b@test.ex +From: nobody@example.com + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- +**** +millisleep 500 +exim -DOPT=From -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- +**** +millisleep 500 +# +# +killdaemon +no_msglog_check -- 2.30.2