https://bugzilla.redhat.com/show_bug.cgi?id=1364730 Bug ID: 1364730 Summary: DKIM signing of originating mail stopped working after upgrade from 2.10.1-5 to 2.11.0-3 Product: Fedora Version: 24 Component: amavisd-new Assignee: j.orti.alcaine@xxxxxxxxx Reporter: matt@xxxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: j.orti.alcaine@xxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, steve@xxxxxxxxx, vanmeeuwen+fedora@xxxxxxxxxxxx Created attachment 1188215 --> https://bugzilla.redhat.com/attachment.cgi?id=1188215&action=edit Patch file from https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html Description of problem: Hello, after updating to the latest amavisd-new package I noticed that DKIM signing no longer works with existing configs. Running amavisd-new in debug mode, I can confirm that locally generated mail (in this example sent from root to another local user) is getting routed to the corrected port for the ORIGINATING policy bank (10026): Aug 6 18:36:05.865 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) LMTP :10026 /var/spool/amavisd/tmp/amavis-20160806T183605-02709-mYQagKcY: <root@xxxxxxxxxxx> -> <matt@xxxxxxxxxxxxx> Received: from cipixia.com ([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP for <matt@xxxxxxxxxxxxx>; Sat, 6 Aug 2016 18:36:05 +0200 (CEST) but then a little bit later it decides that the mail is not considered originating (relevant bits pasted from log): Aug 6 18:36:05.905 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Checking: wVqqBSZuYzR0 ORIGINATING [127.0.0.1] <root@xxxxxxxxxxx> -> <matt@xxxxxxxxxxxxx> ... ... Aug 6 18:36:05.906 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Open relay? Nonlocal recips but not originating: matt@xxxxxxxxxxxxx ... ... Aug 6 18:36:05.931 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) dkim: not signing mail which is not originating from our site I Googled around and found this relevant post on the amavisd-new mailing list, which actually solved my problem: https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html In the related message, Giovanni provides a simple patch for /usr/sbin/amavisd that restores expected functionality. I tested this patch against my current amavisd-new install by applying it like so: patch -b /usr/sbin/amavisd < /tmp/amavisd_dkim_fix.patch I then reran the the same test as before by sending an email from root to another localhost user with amavisd-new in debug mode, and the output now shows the expected behavior: Aug 6 18:44:48.246 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) LMTP :10026 /var/spool/amavisd/tmp/amavis-20160806T184448-02882-LhR01zY9: <root@xxxxxxxxxxx> -> <matt@xxxxxxxxxxxxx> Received: from cipixia.com ([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP for <matt@xxxxxxxxxxxxx>; Sat, 6 Aug 2016 18:44:48 +0200 (CEST) ... ... Aug 6 18:44:48.286 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) Checking: r89s629QBf_0 ORIGINATING [127.0.0.1] <root@xxxxxxxxxxx> -> <matt@xxxxxxxxxxxxx> ... ... Aug 6 18:44:48.309 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim: candidate originators: From:<root@xxxxxxxxxxx> .. .. Aug 6 18:44:48.310 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim: signing (author), From: <root@xxxxxxxxxxx> (From:<root@xxxxxxxxxxx>), KEY.key_ind=>0, a=>rsa-sha256, c=>relaxed/simple, d=>cipixia.com, s=>dkimkey, ttl=>1814400, x=>1472316289 and so on. I am not subscribed to the amavisd user's mailing list so I'm not sure if the upstream developers have responded to or acknowledged Giovanni's message, but his patch worked for me and solved the issue. Version-Release number of selected component (if applicable): amavisd-new-2.11.0-3.fc24.noarch How reproducible: Always Steps to Reproduce: 1. Setup dkim signing for the originating policy bank 2. Verify in the logs that your test mail is being routed to the correct port 3. Observe that dkim signing is not performed and the message is not considered "local", despite being in the right policy bank Actual results: No dkim signing, log messages indicate local mail is not considered as originating. Expected results: Dkim signing performed and triggered by ORIGINATING mail Additional info: I've attached the patch from the mailing list to this bug, for convenience -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
