Thanks for noticing, Joachim! Ben Gamari is still the primary contact for GitLab configuration... Ben, maybe you know something about this? On Wed, Nov 30, 2022 at 7:12 PM Viktor Dukhovni wrote:

On Wed, Nov 30, 2022 at 05:33:44PM +0100, Joachim Breitner wrote:

...

I noticed that a small number of Gitlab notification emails end up in my spamfilter. While there is not much you can do about triggering some bayesian style spam filter at my email provider (mailbox.org), I did notice this in the headers:

X-Spam-Status: No, score=2.704 tagged_above=2 required=6 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HS_RSPAMD_10_11=2.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new); dkim=fail (1024-bit key) reason="fail (bad RSA signature)" header.d=gitlab.haskell.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gitlab.haskell.org; s=mail; t=1669733134; bh=D0NUcHiskEnwSP99umP3zo8Fz8fl74OgAJ8NRDKCsp4=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:List-Id: List-Unsubscribe; b=R+WMLfhRZZdYxMd6K6w+iodDe8EHzwONNArNyboqsU5NnafPRhKZ1UeGxO/BCMvEK M7XHRRrBsPfRYpTph7xSGY427KGXieASVg1GDhAiwKSLBCiqDdkBaoJLLUIfUD02NS ouI3tvQ9mddNdaEK7retq8N+29hzs/ezf9cpgy+Q=

Indeed the signature in "b=" was not made by the key at mail._domainkey.gitlab.haskell.org. Running the below:

sig=$( printf "%s\n%s\n%s\n" \ R+WMLfhRZZdYxMd6K6w+iodDe8EHzwONNArNyboqsU5NnafPRhKZ1UeGxO/BCMvE \ KM7XHRRrBsPfRYpTph7xSGY427KGXieASVg1GDhAiwKSLBCiqDdkBaoJLLUIfUD0 \ 2NSouI3tvQ9mddNdaEK7retq8N+29hzs/ezf9cpgy+Q= )

pkey=$( dig +short -t txt mail._domainkey.gitlab.haskell.org | perl -MMIME::Base64 -ne ' /^"v=DKIM1;/ or next; print decode_base64($1) if m{;\s*p=(\S+?)(?:;|$)} ' | openssl pkey -pubin -inform DER )

openssl rsautl -raw -encrypt -pubin \ -inkey <( printf "%s\n" "$pkey" ) \ -in <(printf "%s\n" "$sig" | openssl base64 -d) | xxd -p

the output is:

509bfc93a492f1b5328308e51624d9a7ed1378861f577b11413c5034bc0c 673d61660434d4bc30844e7648da0f9605923805973a313a8c3bc82215cc ac447e47551087c544a0592ac3ae48474584bad7d9ca5b850a67493a7977 d28aaa3a9a7580d165dc4f31ff484bdbc40e94a2be1750e71c51c555b5c1 6bc051947bb07ae4

Which is not a PKCS#1.5 padded signature block. So either the "b=" value was corrupted in transit, or it was signed by a key that is different from what is published in DNS.

...

but maybe Postfix is not using the right key?

Strictly speaking that's not Postfix itself, but some DKIM milter, but nits aside, more likely a stale public key is published in DNS.

-- Viktor. _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs

On Mon, Jan 23, 2023 at 03:41:21PM +0100, Joachim Breitner wrote:

Hi Ben,

gentle reminder about this issue? I’m worried I (and maybe others) are going to miss gitlab notifications.

A recent gitlab notice has: Received: by gitlab.haskell.org (Postfix, from userid 165) id AF9E627CA9; Mon, 16 Jan 2023 20:50:59 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gitlab.haskell.org; s=mail; t=1673920259; bh=bezCH96kI1N9pklJv6GEpVDADij1+8Q/zwCT65Djz/4=; h=Date:From:Reply-To:To:Subject:List-Id; b=L7ikqNV+Hn0OZzM9AH+rLIvP5P9COe8/zuP7bmSsMJ50kFJ2a7gJy4cbxoX83bNqU oBQV78j6nIFV/SRgbaF9vQciNBzWu1GNACMGaqVMVjTBki93xw/hvMv8JDIhAdAYaV da96BBtxrTDoDUtFBtYlb5n361TqIDHXHkCqE5Dc= The DKIM data in DNS is: $ dig +short +nosplit -t txt mail._domainkey.gitlab.haskell.org "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiTJ9J8+wWWFRzHjjr5CCbOx33rZaDH2PQsQtTLwOPVZDTSjz8pwUuyQ4s+Xxq6f6UEEAIo/8ZHySJqXG6HN3b6/Gq2SwnE2xLk307gcWzZgyF/9UM5SpcJ46VxYPu2spBQSWhDnRbp849ZouuY/orKT/HMb/9xow25KwWbAyh8wIDAQAB" Putting it together: $ echo MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiTJ9J8+wWWFRzHjjr5CCbOx33rZaDH2PQsQtTLwOPVZDTSjz8pwUuyQ4s+Xxq6f6UEEAIo/8ZHySJqXG6HN3b6/Gq2SwnE2xLk307gcWzZgyF/9UM5SpcJ46VxYPu2spBQSWhDnRbp849ZouuY/orKT/HMb/9xow25KwWbAyh8wIDAQAB | openssl base64 -A -d | openssl pkey -pubin -inform DER -out /tmp/pkey.pem $ openssl base64 -d <<-\EOF > /tmp/sig.dat L7ikqNV+Hn0OZzM9AH+rLIvP5P9COe8/zuP7bmSsMJ50kFJ2a7gJy4cbxoX83bNq UoBQV78j6nIFV/SRgbaF9vQciNBzWu1GNACMGaqVMVjTBki93xw/hvMv8JDIhAdA YaVda96BBtxrTDoDUtFBtYlb5n361TqIDHXHkCqE5Dc= EOF $ openssl pkeyutl -pubin -inkey /tmp/pkey.pem \ -encrypt -pkeyopt rsa_padding_mode:none \ -in /tmp/sig.dat -hexdump 0000 - 52 90 e5 01 80 fa 77 53-b3 19 97 16 33 70 1e 29 R.....wS....3p.) 0010 - 7e 7b cf 5c a4 51 b2 eb-7c fa 88 dc ce 92 b2 ac ~{.\.Q..|....... 0020 - 4f 86 d4 f1 32 83 55 0a-0b c0 49 92 a3 4a 54 47 O...2.U...I..JTG 0030 - dc 6b 5d bd 2c 1e 5d 85-cf f4 4f c8 3c c5 3f bd .k].,.]...O.<.?. 0040 - 9d 56 29 a2 b5 dc 94 13-50 c3 28 23 0c a0 64 0b .V).....P.(#..d. 0050 - 0e 99 96 4a 0f b4 36 1a-3a d6 ff 6f 50 00 1a 38 ...J..6.:..oP..8 0060 - 09 34 75 a6 d5 29 da 80-7c c1 bd 77 c4 a3 01 32 .4u..)..|..w...2 0070 - d1 16 b4 8f 6c 3d fd a4-25 8d 53 2b 64 9c d8 ed ....l=..%.S+d... We see that the RSA public key operation does not produce a valid PKCS#1 padded block, so most likely an outdated key is published in DNS, or the wrong "selector" ("s=" value, currently "mail") was added to the DKIM signature header (if the correct key is published under some other selector). -- Viktor.