Opened 6 years ago

Closed 6 years ago

#10003 closed defect (fixed)

BridgeDB's DKIM validator seems to be broken

Reported by: isis Owned by: isis
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords: bridgedb-email
Cc: isis, sysrqb Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I didn't even know we were using this Python package -- it wasn't mentioned in any of the docs, nor the requirements.txt file, and not to mention it appears to be installed via the system package manager.

This seems to be the package, and these are the errors:

Traceback (most recent call last):
  File "/usr/bin/dkimverify", line 40, in <module>
    res = dkim.verify(message)
  File "/usr/lib/python2.7/dist-packages/dkim/__init__.py", line 603, in verify
    return d.verify(dnsfunc=dnsfunc)
  File "/usr/lib/python2.7/dist-packages/dkim/__init__.py", line 505, in verify
    validate_signature_fields(sig)
  File "/usr/lib/python2.7/dist-packages/dkim/__init__.py", line 180, in validate_signature_fields
    if int(sig[b'x']) < int(sig[b't']):
KeyError: 't'


and

Traceback (most recent call last):
  File "/usr/bin/dkimverify", line 40, in <module>
    res = dkim.verify(message)
  File "/usr/lib/python2.7/dist-packages/dkim/__init__.py", line 603, in verify
    return d.verify(dnsfunc=dnsfunc)
  File "/usr/lib/python2.7/dist-packages/dkim/__init__.py", line 538, in verify
    s = dnsfunc(name)
  File "/usr/lib/python2.7/dist-packages/dkim/dnsplug.py", line 82, in get_txt
    txt = _get_txt(unicode_name)
  File "/usr/lib/python2.7/dist-packages/dkim/dnsplug.py", line 31, in get_txt_dnspython
    a = dns.resolver.query(name, dns.rdatatype.TXT,raise_on_no_answer=False)
  File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 920, in query
    raise_on_no_answer, source_port)
  File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 847, in query
    timeout = self._compute_timeout(start)
  File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 692, in _compute_timeout
    raise Timeout
dns.exception.Timeout
procmail: [11285] Thu Jun 20 13:07:45 2013
procmail: No match on "^To: yangcong@bridges.torproject.org"
procmail: Executing "formail,-I,X-DKIM-Authentication-Results: dunno"
procmail: Match on "^DKIM-Signature:"
procmail: Executing "dkimverify"
procmail: Non-zero exitcode (1) from "dkimverify"
procmail: No match on "dkimverify"
procmail: Executing "esmtp,-C,/srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver,bridges@bridgedb"
procmail: Assigning "LASTFOLDER=esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver bridges@bridgedb"
procmail: Notified comsat: "bridgedb@:/home/bridgedb/esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver bridges@bridgedb"
From aagbsn@gmail.com  Thu Jun 20 13:07:45 2013
 Subject: get bridges
  Folder: esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-de     3524
procmail: [11291] Thu Jun 20 13:07:47 2013
procmail: No match on "^To: yangcong@bridges.torproject.org"
procmail: Executing "formail,-I,X-DKIM-Authentication-Results: dunno"
procmail: Match on "^DKIM-Signature:"
procmail: Executing "dkimverify"
procmail: Non-zero exitcode (1) from "dkimverify"
procmail: No match on "dkimverify"
procmail: Executing "esmtp,-C,/srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver,bridges@bridgedb"
procmail: Assigning "LASTFOLDER=esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver bridges@bridgedb"
procmail: Notified comsat: "bridgedb@:/home/bridgedb/esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-deliver bridges@bridgedb"
From aagbsn@gmail.com  Thu Jun 20 13:07:47 2013
 Subject: get bridges
  Folder: esmtp -C /srv/bridges.torproject.org/etc/estmprc-bridgedb-de     4344


Those are old logs, but the errors are still happening.

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by isis

Status: newneeds_information

It seems there was a fork and switchover, with the usual confusing namespace. The one we want to use is probably this one. On PyPI it's here.

It seems that Sukbir had trouble with dkimpy in GetTor, perhaps they can explain if/what the resolution was (the link to a Debian tracker ticket from Sukbir's dkimpy ticket goes to some weird unrelated autoCAD bug).

comment:2 Changed 6 years ago by isis

Resolution: fixed
Status: needs_informationclosed

The dkimpy module was updated and these errors have since disappeared. Additionally, BridgeDB seems to be validating DKIM sigs just fine, I tested by sending a handcrafted email with a bad DKIM signatures, and another from a Gmail account.

Note: See TracTickets for help on using tickets.