I saw about 10 restarts per hour of opendmarc,
1.4.0~beta1+dfsg-6+deb11u1 with log messages like
>>>
systemd[1]: opendmarc.service: Main process exited, code=killed,
status=6/ABRT
systemd[1]: opendmarc.service: Failed with result 'signal'.
systemd[1]: opendmarc.service: Scheduled restart job, restart counter is
at 9488.
systemd[1]: Stopped OpenDMARC Milter.
systemd[1]: Starting OpenDMARC Milter...
systemd[1]: opendmarc.service: Can't open PID file
/run/opendmarc/opendmarc.pid (yet?) after start: Operation not permitted
opendmarc[3752463]: OpenDMARC Filter v1.4.0 starting ()
opendmarc[3752463]: additional trusted authentication services: (none)
systemd[1]: Started OpenDMARC Milter.
<<<
and today I could relate some of these crashes to repeated attempts of
an external mailserver to send a message that contained the following
ARC headers:
>>>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=KlmBz61o8BGN/yiWJrnTFF9lMYpIOQDW8JYggaml8CKULIleMnaBp8B+wEn0zmbCQJIqgo63vf6bJMzQLx0NYdGgs7bsTMiZyrIqs+MLIcOCiJiPRWYGndZ67bf33RT1R21Sdb4xFjHiBKfCI07d8Igq48c2E9CL/dIBs7zEvDb23XWF0PTkcEwVTP0QpyzVq+TWYLgbiM8mgG2irndVfRLG0OjtWHG9cvNYUMGryLpTnJYRkKvV2pl/SpiRqsqr8ngZSxISTIMiIodwTy1+YJEF4L6JeYMfUMaHldk1RHXDVJBIFLrTwMEsCTgAjwFJNqTWQPRQqQRPNdhcOe0Smg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=4CZNmpHP3LoqXtV4ng6ME/2WWZ/8yvNenpaB+SW3eP4=;
b=hsFxbdEh+1sjXjaxdsA3yC8S0SeMHp4z5wYPLUXu2PmNl7AsGe0ZsZb7MJi+22KIJf9M57PmciUnw8qoJdJZ+NERsivTM+F98Yr6yhMXPzOI8LshGWFvZpJYqwrlJiT8752FAZ4JNWAd9JEdxaDLbLE7U0hG5Ln++eS8QPDftJBW2cQi1FgK5Qu4x6HIK4Z1yWKYiBSEJnymdbRFKoT3TUcnGvWvEmAYfOtJKTe7XmuST43Dmc3uZgG3AMjaxdHADKl55tXUrKIjw1QIOoPTpdbK5A/VCs+oxfFBlvThkdyNC6SAiCRO+jhYvKmpCUssdOAb6xYCt2E5eXotY/9kSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
116.202.101.96) smtp.rcpttodomain=gedk.de smtp.mailfrom=out.agitos.de;
dmarc=none action=none header.from=gedk.de; dkim=none (message not
signed);
arc=none (0)
<<<
I cloned
https://salsa.debian.org/kitterman/opendmarc/-/tree/glts/bullseye-updates?ref_type=heads
and compiled the patched opendmarc 1.4.2 to test if the crashes can be
reduced on Debian bullseye:
Just in case someone else likes to do the same in the directory with
cloned source code:
>>>
apt install make dh-autoreconf quilt libmilter-dev
export QUILT_PATCHES=debian/patches
quilt push -a
autoreconf -v -i
./Autobuild.sh
make install
<<<
As the installed result links to libopendmarc.so.2
>>>
# ldd /usr/local/sbin/opendmarc
linux-vdso.so.1 (0x00007ffc25be9000)
libopendmarc.so.2 => /usr/lib/x86_64-linux-gnu/libopendmarc.so.2
(0x00007f25cc931000)
<<<
... I adapted the library link accordingly:
>>>
/usr/lib/x86_64-linux-gnu# ls -la lib*dmarc*
lrwxrwxrwx 1 root root 21 20. Apr 16:40 libopendmarc.so.2 ->
libopendmarc.so.2.0.3
-rw-r--r-- 1 root root 55424 3. Nov 2021 libopendmarc.so.2.0.2
-rwxr-xr-x 1 root root 278992 20. Apr 16:40 libopendmarc.so.2.0.3
<<<
While the old opendmarc process found the config file
/etc/opendmarc.conf without a cmdline option I needed to change in the
systemd unit file:
>>>
# v1.4.0: ExecStart=/usr/sbin/opendmarc, needed to be changed for v1.4.2:
ExecStart=/usr/local/sbin/opendmarc -c /etc/opendmarc.conf
<<<
With this patched process the email with the ARC headers (see above)
could be received.
Furthermore I don't see any opendmarc crashes so far in the logfiles
(checked for 30 minutes).
Best regards
Florian Sager
