DKIM - Internal Error, SPAM email with DKIM && 'Header does not contain address'

[tadpole2077]

Enhancement suggestion to improve handling of SPAM emails using malformed DKIM

Receiving SPAM/Malware email that result in a DKIM display of "Internal Error" which IMO is not ideal may cause user to accept the email as valid.

Email Header contents:

From - Thu Feb 11 18:45:15 2021
X-Account-Key: account2
X-UIDL: 391443
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: 27746-54067-153460-7271-pobrien=tadpolesoftware.com@mail.survivalpro.guru
Received: from roger.survivalpro.guru (Unknown [72.19.13.70])
by mail.arrecifal.com with ESMTP
; Thu, 11 Feb 2021 18:44:57 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=survivalpro.guru;
h=Mime-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID; i=MonogamousForLife]@survivalpro.guru;
bh=ANTXinVMsIzERuFn3WU5p62J8fU=;
b=rhJ487321NYzCMOIdz6qU/Htpf9r4VWcw+/vP1HsVuJ1v045+M52vTpnA41Cul/HBWpFqPiKrZiS
BqrUTIgmh4LBIb4GrdHXMeVZZQ/h+nkqeyLGsk/tJzxr//V5l56fYAPgz06GThr9+7dpKD5whbNk
SlesHJtNrvwt4ziKOsE=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=survivalpro.guru;
b=EWWygvzcUlvoDN/GTh1O46gIgwziANFLpMWX3yQEhzN841UtD7+mIuRRVzCCaeUhT6jPyNQgJduJ
usPlCYOHx4txwBYkNDrix44BYDanHg0mkTMEcafH8QM4GkP18VST0lS5UbRKTc3KWxlCCNYM9EHB
p+ydNVU6pFJWTFFrIHo=;
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="cdd82547f1c4f9f8a56081d7cd03af14_d333_25774"
Date: Thu, 11 Feb 2021 13:34:58 -0500
From: "Get Your Mans Attention" <MonogamousForLife]@survivalpro.guru>
Reply-To: "Amazing Technique" <AmazingTechnique]@survivalpro.guru>
Subject: How to make a man OBSESSED with you . . . even if you’re overweight
To: pobrien@tadpolesoftware.com
Message-ID: vedqqrod793dzq92-ytsut8ifp1z8pyxs-d333-25774@survivalpro.guru
X-EsetId: 37303A299D832D67617161

I'll need to run though the code to identify code block throwing the internal error, but likely related to Received: from roger.survivalpro.guru (Unknown [72.19.13.70]), unknown source mail server domain perhaps with no rDNS.

From the debug log side:

A generic root error of "Invalid" or "E-mail is not correctly formatted" (maybe better mapping available) would provide a better response while utilizing existing locale mappings to reduce change overheads.
Problem i feel is the current error would indicate to users that its an internal fault of the DKIM plugin causing the issue, and they may then proceed to ignore the DKIM check.

[tadpole2077]

did a little digging...

{From Debug Watch - walkthrough}
Source Email ln 24 : From: "Get Your Mans Attention" <MonogamousForLife]@survivalpro.guru>
headerValue: " "Get Your Mans Attention" <MonogamousForLife]@survivalpro.guru>\r\n"
File: msgParser.mjs.js
Ln: 160 : regExpMatch = headerValue.match(new RegExp(^${addrSpecC}\r\n$));
Results : regExpMatch = null

Which then throws the error at Ln 165 >> throw new Error("From header does not contain an address");
and that then results in the UI error of >> DKIM: "Internal Error" msg.

Issue here is email address formatting and valid/invalid chars used within.
This Wikipedia article provides a good detailed description as to what is allowed under the RFC 5322 and RFC 822 spec. https://en.wikipedia.org/wiki/Email_address#Local-part

From wiki:

Three local-part of the email address may use any of these ASCII characters:

• uppercase and lowercase Latin letters A to Z and a to z;
• digits 0 to 9;
• special characters !#$%&'*+-/=?^_`{|}~;
• dot ., provided that it is not the first or last character unless quoted, and provided also that it does not appear consecutively unless quoted (e.g. John..Doe@example.com is not allowed but "John..Doe"@example.com is allowed);
• space and "(),:;<>@[] characters are allowed with restrictions (they are only allowed inside a quoted string, as described in the paragraph below, and in addition, a backslash or double-quote must be preceded by a backslash);
• comments are allowed with parentheses at either end of the local-part; e.g. john.smith(comment)@example.com and (comment)john.smith@example.com are both equivalent to john.smith@example.com.

From that article char ] is allowed but only in a quoted string.
so this email "MonogamousForLife]"@survivalpro.guru would be valid according to latest spec but MonogamousForLife]@survivalpro.guru is not valid.

Note that a valid quoted email "MonogamousForLife]"@survivalpro.guru would also throw an invalid message too. Maybe a bug issue to add on that derived issue.

[lieser]

Thanks for reporting, and nice debugging.

Like you already found out, the problem is the ]. But with the quotes added (From: "Get Your Mans Attention" <"MonogamousForLife]"@survivalpro.guru>) it should work.
Depending how you tried to test this, the problem may be that Thunderbird does not properly distinguish between mails with the same Message-ID in regards to the extensions API.
Either:

• change the Message-ID. Note that this would break the DKIM signature
• restart Thunderbird, and only view the modified message, not the original

I noticed that Thunderbird seem to silently fix the from address by adding quotes.

I will have to think about what I will do about it. Current options I consider:

1. Add a new more specific error message about invalid email format
2. Use the by Thunderbird silently fixed address as a staring base

[hawran]

Hi,
I've just come across the similar issue: DKIM results in Internal error.
As I'm not familiar with DKIM the only things I can provide are as follows:

• A message from the error console:

DKIM_Verifier.background	FATAL	 Unexpected error during onMessageDisplayed Error: From header does not contain an address
    parseFromHeader moz-extension://36667424-2346-40ff-894c-fc3b6971c18d/modules/msgParser.mjs.js:165
    verify moz-extension://36667424-2346-40ff-894c-fc3b6971c18d/modules/AuthVerifier.mjs.js:122
background.mjs.js:164:7

where
parseFromHeader moz-extension://36667424-2346-40ff-894c-fc3b6971c18d/modules/msgParser.mjs.js:165
points to

                ...
		// Try to parse as address without <> (addr-spec)
		regExpMatch = headerValue.match(new RegExp(`^${addrSpecC}\r\n$`));
		if (regExpMatch !== null) {
			return joinAddress(regExpMatch);
		}

		throw new Error("From header does not contain an address");

and
verify moz-extension://36667424-2346-40ff-894c-fc3b6971c18d/modules/AuthVerifier.mjs.js:122
points to

                ...
		const msg = {
			headerFields: msgParsed.headers,
			bodyPlain: msgParsed.body,
			from: MsgParser.parseFromHeader(fromHeader[0]),

• DKIM-Signature:

a=rsa-sha256; v=1; c=relaxed/relaxed; d=news.kytary.cz; q=dns/txt;
 s=k1; t=1616868040; h=Content-Transfer-Encoding: Mime-Version:
 Content-Type: Subject: From: To: Message-Id: Sender: Date:
 List-Unsubscribe: List-Unsubscribe-Post;
 bh=y0J7z/jOV8HlU3DfVsgK473dCwNxQZ4x7Mzx+uhO1tE=; b=dawMiewyHHDz/wtkLTz3r9KhyoTgEfdJ1DQO0XIoEtldDjBmzl0KWUmWfKdbzjCRI9bbsvOM
 +sZDws0yMkFwp1hFcKTTIo7xMiuO59Vubb7bGqDUzePnAFcFZ7DTXBg5JGbvpZLYSJIdw6wL
 +vrn/Z6+c9vsH6BD/7GIwzoKMQM=

From my point of view I've got just two things:

1. I would recommend a less generic message (if it's possible, of course).
2. Should I report a malformed / incorrect DKIM signature to the sender? (if this is the case).

Thank you,
haw

[lieser]

@hawran Can you please post the from header (or send via mail if you don't want to post it here)?

Without the From header it is impossible to tell if it has an invalid format, or if it is a bug in the parsing.

I would recommend a less generic message (if it's possible, of course).

I will probably do that for 4.1.0

Should I report a malformed / incorrect DKIM signature to the sender? (if this is the case).

The add-on is failing to parse the from header. The DKIM signature itself could still be valid.
But if the From address turns out to have an invalid format (and it is not just a bug in the add-on), you could of course still report that to the sender.

[hawran]

Hi @lieser , sorry for the delay, my reactions in lines...

@hawran Can you please post the from header (or send via mail if you don't want to post it here)?

Without the From header it is impossible to tell if it has an invalid format, or if it is a bug in the parsing.

From: Kytary.cz <info@news.kytary.cz>

I would recommend a less generic message (if it's possible, of course).

I will probably do that for 4.1.0

Thank you.

Should I report a malformed / incorrect DKIM signature to the sender? (if this is the case).

The add-on is failing to parse the from header. The DKIM signature itself could still be valid.
But if the From address turns out to have an invalid format (and it is not just a bug in the add-on), you could of course still report that to the sender.

OK, point taken.

[lieser]

@hawran Your issue seems to be a duplicate of #235. The version I posted in #199 (comment) should work with it.

The problem is the dot in the name (without the name being in quotes). This is an obsolete syntax, which should no longer be used in newly created mails.

[hawran]

@hawran Your issue seems to be a duplicate of #235. The version I posted in #199 (comment) should work with it.

The problem is the dot in the name (without the name being in quotes). This is an obsolete syntax, which should no longer be used in newly created mails.

Hi @lieser , thank you for info.
(And I'll report it to the sender.)

[lieser]

The next version will show a proper error message (From address is ill-formed) instead if just Internal error.

Note that Thunderbird's fix for the from address in this case seems to only apply to the shown address. The API provided for add-ons still exposes the original invalid value.
I therefore decided to keep it simply and not try to use the shown fixed address.