Wednesday, June 01, 2022

Re: First time using filter-dkimsign with smtpd

On Wed, Jun 1, 2022 at 3:13 PM Sven F. <sven.falempin@gmail.com> wrote:
>
> Hello,
>
> I run openSMTPD on openbsd7.1, i was about to send this to openSMTP
> mailing list, but i think it s openbsd/chroot/static sendmail related
>
> I just found out about `filter-dkimsign` , follow up on the man and installation
> instructions .
> and have the filter running :
> `_dkimsig 61499 0.0 0.0 704 3288 ?? Ip 6:39PM 0:00.03
> /usr/local/libexec/smtpd/filter-dkimsign -d http://XXXXexample.com -s
> mydkim -k /etc/mail/dkim/private.rsa.key`
>
> my /etc/mail/dkim/private.rsa.key is mode 0440 and owned by _dkimsig
>
> and only apply on the localhost `listen on lo0 filter dkimsign_rsa`
>
> When the php fpm thingy calls mail ...
>
> ` Jun 1 18:45:15 XXXX php-fpm-8.1[80816]: mail() on
> [/XXXXexample.com/wp-includes/PHPMailer/PHPMailer.php:877]: To:
> leme@gmail.com -- Headers: Date: Wed, 1 Jun 2022 16:45:15 +0000 `
>
> it just gets stuck forever.
>
> I cannot find any log error, my clueless guess is the sendmail call is
> stuck on a read and the filter somewhat broke the stdout ?
> looking for actual clues
>
> Also the server WAS sending email without the filter.
> and using sendmail from the fpm user (did) work(s)
>
> Another guess: would this be the behavior if a header is not found ?
> Maybe it was DNS ? ( /etc/hosts )
>
> So after poking around and adding -v to the php sendmail .... i figure
> out i broke
> the chrooted sendmail, because is create a $chroot/etc/hosts file
>
> I now unit test the problem like that (i did add ksh to the chroot):
>
> # chroot -g merci -u merci /var/www /bin/sh -c 'echo HELLO |
> /usr/sbin/sendmail -t -v -v -4 -f no-reply@XXXXexample.com. -F TEST3
> -i sven.falempin@gmail.com'
> Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp connected
> address=127.0.0.1 host=localhost
> <<< 220 XXXXexample.com. ESMTP OpenSMTPD
> >>> EHLO XXXXexample.com.
> Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp
> failed-command command="EHLO XXXXexample.com." result="501 5.5.4
> Invalid command arguments: Invalid domain name"
> <<< 501 5.5.4 Invalid command arguments: Invalid domain name
> >>> HELO XXXXexample.com.
> <<< 501 5.5.4 Invalid command arguments: Invalid domain name
> Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp
> failed-command command="HELO XXXXexample.com." result="501 5.5.4
> Invalid command arguments: Invalid domain name"
> sendmail: remote host refuses our greeting
> Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp disconnected
> reason=disconnect
>
> 'fun' fact i cannot get it to work again
>
> the host file:
> 127.0.0.1 localhost XXXXexample.com.
> ::1 localhost
>
> and in despair i tried
>
> # match from local for any action "outbound"
> match from any for any action "outbound"
>
> Note: XXXXexample.com. is a placeholder, and resolved from any public
> dns, i used reboot a few times.
>
> I do not understand why deleting /var/www/etc/hosts does not go back
> to previous behavior
> nor why smtpd refuses EHLO XXXXexample.com.
>
> Thanks for reading that far,
> Please help
>
> Best

Anyway Trailing dot should be ignored or like properly warned

'problem solved'

No comments:

Post a Comment