croessner / sigh Goto Github PK

Hello,
https://superuser.com/questions/885435/signing-milter-smime-how-are-this-email-signed-incorrectly
Outlook 2016 at least is claiming email modification. is there any fix for that issue?

Tried it with sigh and sign-milter

thanks,
Stefan

Just a heads up, I'm not sure if this is much of a problem in practice: signals and pthreads don't really mix well.

In particular:

• std::cout and friends are not async-safe and thus not safe to be called from a signal handler. The same probably holds for resetting and re-reading the mapfile during signal handling.
• Since signals maybe delivered to any thread, it is unclear, which thread (main or milter) is executing the signal handler. Since now, mapfile::Map isn't thread safe (and probably cannot be used safely from a signal handler, too). this might also be a potential concurrency issue.

Given the fact that you cannot really to anything pthread-related while a signal handler is active (none of the pthread*() functions are async-safe), to be on the safe side, one needs a special signal handler thread that continuously loops over sigsuspend() and does the appropriate actions, while all other threads run with blocked signals.

I'll see if I can fix this via some patches.

I'm using sigh with two postfix nodes for quite a while now. So far without any problems. Two days ago sigh started to eat up my cpu on both nodes, which is interesting, as one node is passive and not handling any mails. After a restart everything settles down but start to raise after some minutes.

The logfile says:

sigh: /opt/sigh/src/client.cpp:95: static const string mlt::Client::prepareIPandPort(sockaddr*): Assertion `hostaddr != nullptr' failed.

So far I mitigate the problem by restarting sigh every hour, but I'm afraid loosing mails or send out unsigned mails by doing so.

Hello,
noticed a warning when assembling, is it okay?

/usr/src/sigh# make
[ 16%] Building CXX object CMakeFiles/sigh.dir/src/milter.cpp.o
[ 33%] Building CXX object CMakeFiles/sigh.dir/src/client.cpp.o
[ 50%] Building CXX object CMakeFiles/sigh.dir/src/config.cpp.o
[ 66%] Building CXX object CMakeFiles/sigh.dir/src/smime.cpp.o
/usr/src/sigh/src/smime.cpp:42:22: warning: ‘long unsigned int thread_id()’ defined but not used [-Wunused-function]
static unsigned long thread_id(void) {
^~~~~~~~~
/usr/src/sigh/src/smime.cpp:30:13: warning: ‘void lock_callback(int, int, char*, int)’ defined but not used [-Wunused-function]
static void lock_callback(int mode, int type, char *file, int line) {
^~~~~~~~~~~~~
[ 83%] Building CXX object CMakeFiles/sigh.dir/src/mapfile.cpp.o
[100%] Linking CXX executable sigh

The file itself is assembled and the letters are signed.

Just noticed when I raised sigh -c /etc/sigh/sigh.cfg -d on mta
I send a test letter from the email client from the address for which there is an s/mime certificate, then outlook says there are problems with the signature https://pasteboard.co/I3myDIS.png

Thanks.

Hi there,

i would like to also sign every E-Mail which is sent to a certain addresse or even better a certain domain. For archiving purposes. Is this already possible?

Cheers,
Alex

With GCC 11.2 and GNU ld 2.38, I get the following link errors:

/usr/bin/ld: CMakeFiles/sigh.dir/src/smime.cpp.o:(.bss+0x0): multiple definition of `util::ccp'; CMakeFiles/sigh.dir/src/milter.cpp.o:(.bss+0x0): first defined here                                                                                                                        
/usr/bin/ld: CMakeFiles/sigh.dir/src/smime.cpp.o:(.bss+0x1): multiple definition of `util::mlfipriv'; CMakeFiles/sigh.dir/src/milter.cpp.o:(.bss+0x1): first defined here                                                                                                                   

Hi,
I'm using Postfix 3.4.1 as MTA and sigh as a milter.

When Postfix passes sigh a mail, sigh aborts unexpectedly.

Debug Output:

$ /etc/smime/sigh --debug --config /etc/smime/conf/sigh.conf

Configuration file values:
user=smime
group=smime
socket=inet:10004@localhost
pidfile=/var/run/sigh/sigh.pid
daemon=false
mapfile=/etc/smime/conf/mapfile.txt
tmpdir=/etc/smime/tmp
[email protected] valuecol=cert:/etc/certificate.crt,key:/etc/key.key
Initialized group access list
Switched to group smime
Switched to user smime
PID file created
id=1 connect from hostname= socket=[MY:IPV6]:47070
-> sign()
-> loadIntermediate()
        X509_INFO_free() called
        stack empty
        sk_X509_free() called
        sk_X509_INFO_free() called
        BIO_free() called
<- loadIntermediate()
        BUF_MEM_free() called
double free or corruption (fasttop)
Aborted

Certificate and Key are PEM encoded.

Already checked file permissions and socket connection, and they both work, any idea?

Thanks!

Is tickets remain open since several years and there were no updates or new releases.
Is the project still active?