Testsuite: backport 4510 (DKIM information leak)

8 files changed, 91 insertions, 79 deletions

diff --git a/test/aux-fixed/dkim/dkim.private b/test/aux-fixed/dkim/dkim.private
new file mode 100644
index 000000000..e509ee027
--- /dev/null
+++ b/test/aux-fixed/dkim/dkim.private
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd
++cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y
+dhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB
+AoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ
+bO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf
++69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO
+x+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk
+Rv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5
+HFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP
+ZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX
+SIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4
+oHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK
+fKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC
+-----END RSA PRIVATE KEY-----
diff --git a/test/aux-fixed/dkim/dkim512.private b/test/aux-fixed/dkim/dkim512.private
new file mode 100644
index 000000000..159852be3
--- /dev/null
+++ b/test/aux-fixed/dkim/dkim512.private
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOAIBAAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97f
+xXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQI/d+Dmx+BPvOsYzjZ03HX/
+pt51OxwP/HwQa8oBJGGLfGBJbxdKZoqZu1srifgA9o25x3YrSjfK9zrUgdqJEZRp
+AiEA5hUWdth65YX8dNMs93lsV0YkXdYzZ6Yxw6xyBAmpMh8CIQDUFtrIV8EYwgjq
+Ck0Un4RXbZleqOljmvhK+t7IBJsjDQIgGSMEqUdNZfYVds37g64IYCCRqI7WXuSR
+W0djzX0gtxECIEpwQxWyByoDYFGUj/0/B5oP85aPvmqhR6g5aNvXEgQ5AiBFgvNg
+ecXPBzNb52PZWOwH/DyuYE4agI2zLTmTsDJ09Q==
+-----END RSA PRIVATE KEY-----
diff --git a/test/aux-fixed/dkim/sign.pl b/test/aux-fixed/dkim/sign.pl
new file mode 100644
index 000000000..a08f38f56
--- /dev/null
+++ b/test/aux-fixed/dkim/sign.pl
@@ -0,0 +1,45 @@
+use Mail::DKIM::Signer;
+use Mail::DKIM::TextWrap;  #recommended
+use Getopt::Long;
+
+# default option values
+my $method = "simple/simple";
+my $selector = "sel";
+my $keyfile = "aux-fixed/dkim/dkim.private";
+my $algorithm = "rsa-sha1";
+
+GetOptions(
+	"method=s" => \$method,
+	"selector=s" => \$selector,
+	"keyfile=s" => \$keyfile,
+	"algorithm=s" => \$algorithm,
+);
+
+# create a signer object
+my $dkim = Mail::DKIM::Signer->new(
+                  Algorithm => $algorithm,
+                  Method => $method,
+                  Domain => "test.ex",
+                  Selector => $selector,
+                  KeyFile => $keyfile,
+             );
+
+# read an email and pass it into the signer, one line at a time
+while (<STDIN>)
+{
+      # remove local line terminators
+      chomp;
+      s/\015$//;
+
+      # use SMTP line terminators
+      $dkim->PRINT("$_\015\012");
+}
+$dkim->CLOSE;
+
+# what is the signature result?
+my $signature = $dkim->signature;
+print $signature->as_string;
+print "\n";
+
+#print $dkim->headers;
+#print "\n";
diff --git a/test/confs/4510 b/test/confs/4510
index feab4c0b6..b18185fed 100644
--- a/test/confs/4510
+++ b/test/confs/4510
@@ -4,7 +4,6 @@ SERVER=
 OPT=
 
 exim_path = EXIM_PATH
-keep_environment =
 host_lookup_order = bydns
 spool_directory = DIR/spool
 
@@ -24,10 +23,7 @@ primary_hostname = myhost.test.ex
 # ----- Main settings -----
 
 acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
-acl_smtp_data_prdr = accept local_parts = okuser
-
-prdr_enable
+acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: h=$dkim_headernames
 
 # ----- Routers
 
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index 843a35b09..bb9f81481 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -382,4 +382,17 @@ _client._smtp.csa2  SRV  1 1 0  csa2.test.ex.
 csa1         A   V4NET.9.8.7
 csa2         A   V4NET.9.8.8
 
+; ------- DKIM ---------
+
+; public key, base64 - matches private key in aux-fixed/dkim/dkim.private
+;  openssl genrsa -out aux-fixed/dkim/dkim.private 1024
+;  openssl rsa -in aux-fixed/dkim/dkim.private -out /dev/stdout -pubout -outform PEM
+;
+; Another, 512-bit (with a Notes field)
+;
+sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
+
+ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
+
+
 ; End
diff --git a/test/log/4510 b/test/log/4510
index 0d826ab32..00aa243a5 100644
--- a/test/log/4510
+++ b/test/log/4510
@@ -1,20 +1,13 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
-1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R=<okuser@test.ex> acceptance"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00"
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaX-0005vi-00 => baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From
-1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<baduser@test.ex> refusal
-1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<okuser@test.ex> acceptance
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@myhost.test.ex> R=server_store T=store
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: h=From:From
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <baduser@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
diff --git a/test/mail/4510.store b/test/mail/4510.store
deleted file mode 100644
index d75e40906..000000000
--- a/test/mail/4510.store
+++ /dev/null
@@ -1,58 +0,0 @@
-From MAILER-DAEMON Tue Mar 02 09:44:33 1999
-Return-path: <>
-Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
-	by myhost.test.ex with esmtp (Exim x.yz)
-	id 10HmaZ-0005vi-00
-	for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz)
-	id 10HmaY-0005vi-00
-	for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-X-Failed-Recipients: baduser@test.ex
-Auto-Submitted: auto-replied
-From: Mail Delivery System <Mailer-Daemon@myhost.test.ex>
-To: CALLER@myhost.test.ex
-Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM
-MIME-Version: 1.0
-Subject: Mail delivery failed: returning message to sender
-Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
-Date: Tue, 2 Mar 1999 09:44:33 +0000
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: text/plain; charset=us-ascii
-
-This message was created automatically by mail delivery software.
-
-A message that you sent could not be delivered to one or more of its
-recipients. This is a permanent error. The following address(es) failed:
-
-  baduser@test.ex
-  host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]
-    PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: message/delivery-status
-
-Reporting-MTA: dns; myhost.test.ex
-
-Action: failed
-Final-Recipient: rfc822;baduser@test.ex
-Status: 5.0.0
-Diagnostic-Code: smtp; 550 PRDR R=<baduser@test.ex> refusal
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: message/rfc822
-
-Return-path: <CALLER@myhost.test.ex>
-Received: from CALLER by myhost.test.ex with local (Exim x.yz)
-	(envelope-from <CALLER@myhost.test.ex>)
-	id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
-From: nobody@example.com
-From: second@example.com
-Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
-Sender: CALLER_NAME <CALLER@myhost.test.ex>
-Date: Tue, 2 Mar 1999 09:44:33 +0000
-
-content
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM--
-
diff --git a/test/scripts/4510-DKIM-Bounces/REQUIRES b/test/scripts/4510-DKIM-Bounces/REQUIRES
index a75b81c54..ec7e42a24 100644
--- a/test/scripts/4510-DKIM-Bounces/REQUIRES
+++ b/test/scripts/4510-DKIM-Bounces/REQUIRES
@@ -1,2 +1 @@
 support DKIM
-support PRDR