[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Backscattering

To: Arvind Singh <arvinds@xxxxxxxxxxxx>, qmail@xxxxxxxxxxxxx
Subject: Re: Backscattering
From: Joerg Backschues <jbacksch-qmail@xxxxxxxxx>
Date: Wed, 07 May 2008 11:00:33 +0200
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Arvind Singh wrote:

I was trying to implement the BATV patch given by John Levine, http://mipassoc.org/pipermail/batv-tech/2007q4/000032.html . The emails are getting signed with this patch But while the bounce mails come to MX the signature is not matching due to which the address is not stripped with the BATV tag.

The qmail BATV patch from John is a little bit "buggy":

First of all qmail-remote uses the old syntax to sign senders:

tag-type "=" loc-core "=" tag-val

The recent syntax from "draft-levine-batv-03.txt" is:

tag-type "=" tag-val "=" loc-core

This are my qmail-remote modifications for BATV with the recent syntax from "draft-levine-batv-03.txt":

stralloc newsender = {0};

signenv()
  {
    int daynumber = (now() / 86400) % 1000;
    int i, atpos;
    char kdate[] = "0000";
    static char hex[] = "0123456789abcdef";
    MD5_CTX md5;
    unsigned char md5digest[MD5_DIGEST_LENGTH];

    if(stralloc_starts(&sender, "prvs=")) return; /* already signed */
    if(stralloc_starts(&sender, "sb*-")) { /* don't sign this */
      sender.len -= 4;
      byte_copy(sender.s, sender.len, sender.s+4);
      return;
    }

if(!stralloc_ready(&newsender, sender.len+(2*BATVLEN+10))) temp_nomem(); if(!stralloc_copyb(&newsender, "prvs=", 5)) temp_nomem();

    /* only one key so far */
    kdate[1] = '0' + daynumber/100;
    kdate[2] = '0' + (daynumber/10)%10;
    kdate[3] = '0' + daynumber%10;

if(!stralloc_catb(&newsender, kdate, 4)) temp_nomem();

    MD5_Init(&md5);
    MD5_Update(&md5, kdate, 4);
    MD5_Update(&md5, sender.s, sender.len);
    MD5_Update(&md5, signkey.s, signkey.len);
    MD5_Final(md5digest, &md5);

    for(i = 0; i < BATVLEN; i++) {
      char md5hex[2];

      md5hex[0] = hex[md5digest[i]>>4];
      md5hex[1] = hex[md5digest[i]&15];
      if(!stralloc_catb(&newsender, md5hex, 2))  temp_nomem();
    }

    /*  separator */
    if(!stralloc_catb(&newsender, "=", 1)) temp_nomem();

/* copy in the mailbox */ if(!stralloc_0(&sender)) temp_nomem(); sender.len--; /* null isn't part of of the sender */ atpos = str_rchr(sender.s, '@'); if(!stralloc_catb(&newsender, sender.s, atpos)) temp_nomem();

if(!stralloc_catb(&newsender, sender.s+atpos, sender.len-atpos)) temp_nomem(); if(!stralloc_copy(&sender, &newsender)) temp_nomem(); if(!stralloc_copys(&newsender, "")) temp_nomem(); }

But when it comes inside its batv  tag donât get stripped I checked the code
its failing on byte compare.

The BATV checker of qmail-smtpd uses the very old syntax with "/":

local-part= tag-type "=" loc-core "/" tag-val

The modifications for qmail-smtpd are not ready yet.
I'm working on it.

Please consider:
<http://mipassoc.org/pipermail/batv-tech/2008q2/000045.html>
<http://mipassoc.org/pipermail/batv-tech/2008q2/000049.html>

--
Greetings
JÃrg Backschues

Prev by Date: qmail's sendmail, SELinux, and apache/php
Next by Date: RE: per domain access control
Previous by thread: Re: Backscattering
Next by thread: Providing better service to known hosts
Index(es):
- Date
- Thread