Wednesday, June 01, 2022

First time using filter-dkimsign with smtpd

Hello,

I run openSMTPD on openbsd7.1, i was about to send this to openSMTP
mailing list, but i think it s openbsd/chroot/static sendmail related

I just found out about `filter-dkimsign` , follow up on the man and installation
instructions .
and have the filter running :
`_dkimsig 61499 0.0 0.0 704 3288 ?? Ip 6:39PM 0:00.03
/usr/local/libexec/smtpd/filter-dkimsign -d http://XXXXexample.com -s
mydkim -k /etc/mail/dkim/private.rsa.key`

my /etc/mail/dkim/private.rsa.key is mode 0440 and owned by _dkimsig

and only apply on the localhost `listen on lo0 filter dkimsign_rsa`

When the php fpm thingy calls mail ...

` Jun 1 18:45:15 XXXX php-fpm-8.1[80816]: mail() on
[/XXXXexample.com/wp-includes/PHPMailer/PHPMailer.php:877]: To:
leme@gmail.com -- Headers: Date: Wed, 1 Jun 2022 16:45:15 +0000 `

it just gets stuck forever.

I cannot find any log error, my clueless guess is the sendmail call is
stuck on a read and the filter somewhat broke the stdout ?
looking for actual clues

Also the server WAS sending email without the filter.
and using sendmail from the fpm user (did) work(s)

Another guess: would this be the behavior if a header is not found ?
Maybe it was DNS ? ( /etc/hosts )

So after poking around and adding -v to the php sendmail .... i figure
out i broke
the chrooted sendmail, because is create a $chroot/etc/hosts file

I now unit test the problem like that (i did add ksh to the chroot):

# chroot -g merci -u merci /var/www /bin/sh -c 'echo HELLO |
/usr/sbin/sendmail -t -v -v -4 -f no-reply@XXXXexample.com. -F TEST3
-i sven.falempin@gmail.com'
Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp connected
address=127.0.0.1 host=localhost
<<< 220 XXXXexample.com. ESMTP OpenSMTPD
>>> EHLO XXXXexample.com.
Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp
failed-command command="EHLO XXXXexample.com." result="501 5.5.4
Invalid command arguments: Invalid domain name"
<<< 501 5.5.4 Invalid command arguments: Invalid domain name
>>> HELO XXXXexample.com.
<<< 501 5.5.4 Invalid command arguments: Invalid domain name
Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp
failed-command command="HELO XXXXexample.com." result="501 5.5.4
Invalid command arguments: Invalid domain name"
sendmail: remote host refuses our greeting
Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp disconnected
reason=disconnect

'fun' fact i cannot get it to work again

the host file:
127.0.0.1 localhost XXXXexample.com.
::1 localhost

and in despair i tried

# match from local for any action "outbound"
match from any for any action "outbound"

Note: XXXXexample.com. is a placeholder, and resolved from any public
dns, i used reboot a few times.

I do not understand why deleting /var/www/etc/hosts does not go back
to previous behavior
nor why smtpd refuses EHLO XXXXexample.com.

Thanks for reading that far,
Please help

Best

No comments:

Post a Comment