OpenDKIM icon indicating copy to clipboard operation
OpenDKIM copied to clipboard

Published 20 hours ago verified publisher icon trusteddomainproject

Crashes with UTF8 in Domain

Open JannesAlthoff opened this issue 3 years ago • 6 comments

OpenDKIM crashes with SIGABRT(6), if I use SMTPUTF8 and use a UTF8 domain. If I use the punycode translation of the domain, opendkim does not crash.

JannesAlthoff avatar Jan 10 '22 19:01 JannesAlthoff

Can you provide (possibly to me privately, gushi ! gushi = org) your logs as well as your config files?

-Dan

On Jan 10, 2022, at 11:03 AM, Jannes Althoff @.***> wrote:

OpenDKIM crashes with SIGABRT(6), if I use SMTPUTF8 and use a UTF8 domain. If I use the punycode translation of the domain, opendkim does not crash.

— Reply to this email directly, view it on GitHub https://github.com/trusteddomainproject/OpenDKIM/issues/139, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIWKKFRKFVDXORU4MWI6C3UVMUPJANCNFSM5LUNCUGQ. You are receiving this because you are subscribed to this thread.

thegushi avatar Jan 11 '22 09:01 thegushi

I've tried it with 2 separate configuration, one with only the punycode version, but this just results in no email in utf8 getting signed and

74F3280D2B: no signing table match for 'jannes.althoff@κλαρα-σωλις.ευ'

Then I tried adding the punycode version and the unicode version. This results in a crash of OpenDKIM with one message in the syslog

warning: milter inet:127.0.0.1:12345: can't read SMFIC_BODY reply packet header: Success

and

terminated with signal 6, restarting

in systemctl status.

Note that GMail IDN to Punycode Algorithm is wrong, so GMail just does not work with my domain.

On 11.01.22 10:38, Dan Mahoney wrote:

Can you provide (possibly to me privately, gushi ! gushi = org) your logs as well as your config files?

-Dan

On Jan 10, 2022, at 11:03 AM, Jannes Althoff @.***> wrote:

OpenDKIM crashes with SIGABRT(6), if I use SMTPUTF8 and use a UTF8 domain. If I use the punycode translation of the domain, opendkim does not crash.

— Reply to this email directly, view it on GitHub https://github.com/trusteddomainproject/OpenDKIM/issues/139, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIWKKFRKFVDXORU4MWI6C3UVMUPJANCNFSM5LUNCUGQ. You are receiving this because you are subscribed to this thread.

— Reply to this email directly, view it on GitHub https://github.com/trusteddomainproject/OpenDKIM/issues/139#issuecomment-1009764515, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGLU2WID3RQZZ3LL3TMH3BLUVP3ATANCNFSM5LUNCUGQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you authored the thread.Message ID: @.***>

JannesAlthoff avatar Jan 12 '22 03:01 JannesAlthoff

I found a way which makes this work. But it is discouraged by the relevant rfc and could make some dkim Implementations fail. If you use the U-label idn in your signing.table like this

*@κλαρα-σωλις.ευ x-2022

and in your key.table use the a-label version it does not crash and signs the E-mail

x-2022 xn----ylba7abgd9bnh0e.xn--qxa6a:2022:/.../.pem

But now the d= tag of your domain is in a different form compared to your Sender.

JannesAlthoff avatar Jan 12 '22 07:01 JannesAlthoff

OpenDKIM does not contain any IDNA support as far as I know. See also issue #47.

glts avatar Jan 12 '22 07:01 glts

Is there a DKIM milter which works with IDNs in Unicode form? I tried dkimpy but it just crashes.

JannesAlthoff avatar Jan 12 '22 07:01 JannesAlthoff

@JannesAlthoff I don't know. I'm also interested in this, but at least for OpenDKIM it is programming work that someone has to do ... patches welcome.

glts avatar Jan 12 '22 08:01 glts