https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8352
Bug ID: 8352
Summary: ARC results wrong?
Product: Spamassassin
Version: 4.0.2
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
While debugging some other oddities I found that many mails on my mailsystems
fail to verify ARC with Exim while SpamAssassin Results are
ARC_SIGNED,ARC_VALID.
I took one of these mails and piped it to a simple perl script as found in the
man page
of Mail::DKIM to call DKIM::Verifier and DKIM::ARC::Verifier. The results found
are the
same as for Exim. DKIM=pass and ARC=fail.
The message is ARC signed by microsoft and DKIM signed by a relaying
Mailinglist afterwards.
Both Exim and Mail::DKIM::ARC::Verifier give a "body hash missmatch" as reason
for the fail.
Since the Mailinglist modified the body by adding an unsubscribe link the
missmatch should be correct IMO.
So I'm wondering why SpamAssassin 4.0.1 (and 4.0.2) debug output shows
Sep 26 11:22:06.795 [947974] dbg: dkim: using Mail::DKIM version 1.20200907
Sep 26 11:22:06.795 [947974] dbg: dkim: providing our own resolver:
Mail::SpamAssassin::DnsResolver
Sep 26 11:22:06.807 [947974] dbg: dkim: performing public ARC key lookup and
signature verification
Sep 26 11:22:06.809 [947974] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Sep 26 11:22:06.809 [947974] dbg: dns: attempt 1/1, trying connect/sendto to
[127.0.0.1]:53
Sep 26 11:22:06.809 [947974] dbg: dns: providing a callback for id:
58003/IN/TXT/arcselector10001._domainkey.microsoft.com
Sep 26 11:22:06.809 [947974] dbg: dns: bgread: received 494 bytes from
127.0.0.1
Sep 26 11:22:06.810 [947974] dbg: dns: dns reply 58003 is OK, 1 answer records
Sep 26 11:22:06.811 [947974] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Sep 26 11:22:06.811 [947974] dbg: dns: attempt 1/1, trying connect/sendto to
[127.0.0.1]:53
Sep 26 11:22:06.811 [947974] dbg: dns: providing a callback for id:
17995/IN/TXT/arcselector10001._domainkey.microsoft.com
Sep 26 11:22:06.812 [947974] dbg: dns: bgread: received 494 bytes from
127.0.0.1
Sep 26 11:22:06.812 [947974] dbg: dns: dns reply 17995 is OK, 1 answer records
Sep 26 11:22:06.813 [947974] dbg: dkim: ARC signature i=1 d=microsoft.com
Sep 26 11:22:06.813 [947974] dbg: dkim: ARC signature i=1 d=microsoft.com
Sep 26 11:22:06.813 [947974] dbg: dkim: VALID ARC, i=1, d=(undef),
s=arcselector10001, a=rsa-sha256, c=seal, key_bits=2048, pass, does not match
author domain
Sep 26 11:22:06.813 [947974] dbg: dkim: FAILED ARC, i=1, d=(undef),
s=arcselector10001, a=rsa-sha256, c=relaxed/relaxed, unknown key size, fail,
does not match author domain
Sep 26 11:22:06.813 [947974] dbg: dkim: ARC signature verification result: PASS
Sep 26 11:22:06.813 [947974] dbg: rules: ran eval rule ARC_SIGNED ======> got
hit (1)
for the same email.
If needed I can provide the sample as personal message, but there should be a
lot of samples
on any mailsystem receiving email relayed and modified by mailinglists out
there.
--
You are receiving this mail because:
You are the assignee for the bug.
