diff options
author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2016-12-23 12:11:10 +0100 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2016-12-23 12:14:03 +0100 |
commit | fd3961f062107c5c64016cff0331fd2cf1181cdd (patch) | |
tree | 582f9a6acf6fcaeb436886e70bf350332dc78caf | |
parent | 46672dc8be913fb02f0aa822d79c590fac276182 (diff) | |
download | exim4-fd3961f062107c5c64016cff0331fd2cf1181cdd.tar.gz |
Testsuite: backport 4510 (DKIM information leak)
-rw-r--r-- | test/aux-fixed/dkim/dkim.private | 15 | ||||
-rw-r--r-- | test/aux-fixed/dkim/dkim512.private | 9 | ||||
-rw-r--r-- | test/aux-fixed/dkim/sign.pl | 45 | ||||
-rw-r--r-- | test/confs/4510 | 6 | ||||
-rw-r--r-- | test/dnszones-src/db.test.ex | 13 | ||||
-rw-r--r-- | test/log/4510 | 23 | ||||
-rw-r--r-- | test/mail/4510.store | 58 | ||||
-rw-r--r-- | test/scripts/4510-DKIM-Bounces/REQUIRES | 1 |
8 files changed, 91 insertions, 79 deletions
diff --git a/test/aux-fixed/dkim/dkim.private b/test/aux-fixed/dkim/dkim.private new file mode 100644 index 000000000..e509ee027 --- /dev/null +++ b/test/aux-fixed/dkim/dkim.private @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd ++cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y +dhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB +AoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ +bO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf ++69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO +x+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk +Rv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5 +HFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP +ZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX +SIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4 +oHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK +fKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/dkim/dkim512.private b/test/aux-fixed/dkim/dkim512.private new file mode 100644 index 000000000..159852be3 --- /dev/null +++ b/test/aux-fixed/dkim/dkim512.private @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOAIBAAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97f +xXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQI/d+Dmx+BPvOsYzjZ03HX/ +pt51OxwP/HwQa8oBJGGLfGBJbxdKZoqZu1srifgA9o25x3YrSjfK9zrUgdqJEZRp +AiEA5hUWdth65YX8dNMs93lsV0YkXdYzZ6Yxw6xyBAmpMh8CIQDUFtrIV8EYwgjq +Ck0Un4RXbZleqOljmvhK+t7IBJsjDQIgGSMEqUdNZfYVds37g64IYCCRqI7WXuSR +W0djzX0gtxECIEpwQxWyByoDYFGUj/0/B5oP85aPvmqhR6g5aNvXEgQ5AiBFgvNg +ecXPBzNb52PZWOwH/DyuYE4agI2zLTmTsDJ09Q== +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/dkim/sign.pl b/test/aux-fixed/dkim/sign.pl new file mode 100644 index 000000000..a08f38f56 --- /dev/null +++ b/test/aux-fixed/dkim/sign.pl @@ -0,0 +1,45 @@ +use Mail::DKIM::Signer; +use Mail::DKIM::TextWrap; #recommended +use Getopt::Long; + +# default option values +my $method = "simple/simple"; +my $selector = "sel"; +my $keyfile = "aux-fixed/dkim/dkim.private"; +my $algorithm = "rsa-sha1"; + +GetOptions( + "method=s" => \$method, + "selector=s" => \$selector, + "keyfile=s" => \$keyfile, + "algorithm=s" => \$algorithm, +); + +# create a signer object +my $dkim = Mail::DKIM::Signer->new( + Algorithm => $algorithm, + Method => $method, + Domain => "test.ex", + Selector => $selector, + KeyFile => $keyfile, + ); + +# read an email and pass it into the signer, one line at a time +while (<STDIN>) +{ + # remove local line terminators + chomp; + s/\015$//; + + # use SMTP line terminators + $dkim->PRINT("$_\015\012"); +} +$dkim->CLOSE; + +# what is the signature result? +my $signature = $dkim->signature; +print $signature->as_string; +print "\n"; + +#print $dkim->headers; +#print "\n"; diff --git a/test/confs/4510 b/test/confs/4510 index feab4c0b6..b18185fed 100644 --- a/test/confs/4510 +++ b/test/confs/4510 @@ -4,7 +4,6 @@ SERVER= OPT= exim_path = EXIM_PATH -keep_environment = host_lookup_order = bydns spool_directory = DIR/spool @@ -24,10 +23,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- acl_smtp_rcpt = accept -acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames -acl_smtp_data_prdr = accept local_parts = okuser - -prdr_enable +acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: h=$dkim_headernames # ----- Routers diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index 843a35b09..bb9f81481 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -382,4 +382,17 @@ _client._smtp.csa2 SRV 1 1 0 csa2.test.ex. csa1 A V4NET.9.8.7 csa2 A V4NET.9.8.8 +; ------- DKIM --------- + +; public key, base64 - matches private key in aux-fixed/dkim/dkim.private +; openssl genrsa -out aux-fixed/dkim/dkim.private 1024 +; openssl rsa -in aux-fixed/dkim/dkim.private -out /dev/stdout -pubout -outform PEM +; +; Another, 512-bit (with a Notes field) +; +sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" + +ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ==" + + ; End diff --git a/test/log/4510 b/test/log/4510 index 0d826ab32..00aa243a5 100644 --- a/test/log/4510 +++ b/test/log/4510 @@ -1,20 +1,13 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal -1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R=<okuser@test.ex> acceptance" -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00" -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaX-0005vi-00 => baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaX-0005vi-00 -> okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From -1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<baduser@test.ex> refusal -1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<okuser@test.ex> acceptance -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@myhost.test.ex> R=server_store T=store -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: h=From:From +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <baduser@test.ex> R=server_dump +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/mail/4510.store b/test/mail/4510.store deleted file mode 100644 index d75e40906..000000000 --- a/test/mail/4510.store +++ /dev/null @@ -1,58 +0,0 @@ -From MAILER-DAEMON Tue Mar 02 09:44:33 1999 -Return-path: <> -Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtp (Exim x.yz) - id 10HmaZ-0005vi-00 - for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz) - id 10HmaY-0005vi-00 - for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -X-Failed-Recipients: baduser@test.ex -Auto-Submitted: auto-replied -From: Mail Delivery System <Mailer-Daemon@myhost.test.ex> -To: CALLER@myhost.test.ex -Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM -MIME-Version: 1.0 -Subject: Mail delivery failed: returning message to sender -Message-Id: <E10HmaY-0005vi-00@myhost.test.ex> -Date: Tue, 2 Mar 1999 09:44:33 +0000 - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: text/plain; charset=us-ascii - -This message was created automatically by mail delivery software. - -A message that you sent could not be delivered to one or more of its -recipients. This is a permanent error. The following address(es) failed: - - baduser@test.ex - host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4] - PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: message/delivery-status - -Reporting-MTA: dns; myhost.test.ex - -Action: failed -Final-Recipient: rfc822;baduser@test.ex -Status: 5.0.0 -Diagnostic-Code: smtp; 550 PRDR R=<baduser@test.ex> refusal - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: message/rfc822 - -Return-path: <CALLER@myhost.test.ex> -Received: from CALLER by myhost.test.ex with local (Exim x.yz) - (envelope-from <CALLER@myhost.test.ex>) - id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 -From: nobody@example.com -From: second@example.com -Message-Id: <E10HmaX-0005vi-00@myhost.test.ex> -Sender: CALLER_NAME <CALLER@myhost.test.ex> -Date: Tue, 2 Mar 1999 09:44:33 +0000 - -content - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM-- - diff --git a/test/scripts/4510-DKIM-Bounces/REQUIRES b/test/scripts/4510-DKIM-Bounces/REQUIRES index a75b81c54..ec7e42a24 100644 --- a/test/scripts/4510-DKIM-Bounces/REQUIRES +++ b/test/scripts/4510-DKIM-Bounces/REQUIRES @@ -1,2 +1 @@ support DKIM -support PRDR |