DKIM CVE and Amavis behavior
Mark.Martinec+amavis at ijs.si
Tue Oct 30 15:29:16 CET 2012
> There's been a lot of news recently about
Yes, I've noticed.
> I am curious to know if Amavis with DKIM verification enabled "does the
> right thing" in relation to "test" DKIM keys and DKIM keys with a small bit
> size (less than 1024). I know opendkim just rev'd to 2.7.0 to take care of
> the CVE.
Currently (2.8.0 and older) amavisd does not test for DKIM key size.
If a sender is using a short key, it's his decision and his risk.
If a recipient is accepting a valid signature for whitelisting
purposes, that was his own decision when he investigated reputation
of a signing domain and trustfulness of their key and explicitly
and intentionally decided to use it for whitelisting purposes.
> Among the major changes in OpenDKIM 2.7.0:
> o SECURITY: The library will now decline to generate a signature, or pass
> a valid signature, if the signing key is comprised of too few bits, thus
> being insecure. The default is 1024. This can be controlled through the
> API, and the setting can also be adjusted in the filter via the new
> "MinimumKeyBits" setting.
With 2.8.1 amavis will issue a warning if someone wants to generate
or use a key shorter than 1024 bits.
It will also ignore a valid signature with a key below a configurable
size (default 786) for purposes of loading a policy bank
(DKIM-based whitelisting - @author_to_policy_bank_maps).
> Also, there is this bit:
> 1) CWE-347: Improper Verification of Cryptographic Signature: DKIM
> information is conveyed in an email header called a DKIM-Signature header
> field. A Signer can indicate that a domain is testing DKIM by setting the
> DKIM Selector Flag (t=) flag to t=y. Some verifiers accept DKIM messages in
> testing mode when the messages should be treated as if they were not DKIM
> signed. From RFC 6376:
> t= Flags, represented as a colon-separated list of names (plain-
> text; OPTIONAL, default is no flags set). Unrecognized flags MUST
> be ignored. The defined flags are as follows:
> y This domain is testing DKIM. Verifiers MUST NOT treat messages
> from Signers in testing mode differently from unsigned email,
> even should the signature fail to verify.
If a signature fails to verify amavisd never treated it any differently
that unsigned mail, regardless of the testing flag.
If a signature is valid, it is silly to diregard it even when it has
a testing flag. It is all up to a signer's reputation / trustfulness
in the eye of a recipient when he decides to use (or not to use)
their valid signature for some whitelisting purpose.
More information about the amavis-users