From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 29617 invoked from network); 13 Apr 2020 09:25:58 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with UTF8ESMTPZ; 13 Apr 2020 09:25:58 -0000 Received: (qmail 17670 invoked by uid 550); 13 Apr 2020 09:25:54 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 17637 invoked from network); 13 Apr 2020 09:25:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1586769942; bh=1sWGHIySFLatVoSyMdQl1vE9t4vJ6CHnplY60PaXFVE=; h=X-UI-Sender-Class:Subject:From:To:Date; b=hsGnEgtMeuofzCUvAxFq2/E32o5lz+U+/ifkcmQwp4R7fNb4+7tOBoEkJf//8gP0Y Moa/nIwWHgqxRckaB1XqImknHxJEu++a3hhoUmjLsN3fhqDMnnG9soW1vIqkZApX3d UhB1nsk5COL1CUmnF0Q5khcgXzn9/CXZPZaWzNrM= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Message-ID: <9832107bf742db3145a3960c28cde867f924fe1f.camel@web.de> From: Christian To: musl@lists.openwall.com Date: Mon, 13 Apr 2020 11:25:41 +0200 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:vlRw8wLVUtVBiX1THaIFyEYs19QR3bQlA1p6VohA0MxBcmQerAm TYhBBDOw4UToK6+DfNteE6eAmC8Fb+TNGUewnvwJWgrJkyYgMhvHTCmsbjVHRMbDan2DxM2 U+I4igYDcLVMCVH//bsQb4C1Rya7BjpITN4xxQ3rj/Mir+bK1ZYVdNDvVdHTFbRyovHgP8L w6wPZRNDj4J/xxz74gzJw== X-UI-Out-Filterresults: notjunk:1;V03:K0:ORNBiM2dtgM=:W9gvgPzSg0mGFQyIRGZA+/ SRnLHcRR68wIwAEGRgy0FeBmdAO/5TCLGTE75TrUufwer09vcf6kLKm55VnWAU2AmreY/bfG/ 2oPvqn6xUj4VlO3KL/sGMjzTgdN3HbyWIGT/fqk/IPXE5hPo2sGAG+2MjymF3cNVNVM7DizTU XhYyHEVe+zzqAzgiPBjiEc36aOVRFGYOF0wmGWT3xyrL3fPnFEzeofPlLqbZYcmwmEjnMmctW hhRXD/SpfoiJ9AP5zykAdKggCmn7dVe2zvml9iVH1H8/zxH0H++jfE42kbJKZp5MWa7Me88jO FuxwnzQ0hEZQq3AI0Tl0FGDPAYQVl8BRlioAUFplK3iEkBYwkkoTr3ZKIMVK0nT9ucTeQR0N3 06gnxBsSEuAjxIFNTItmI0RACQGVVCRJsGN5iZXz+Qpzyx3rCM9vNqjcNwH72HMRYIhudILRb vvC2Ew6za3ziOoiFTdYpMpgBpxC2nGkn43GLEFfr8SY2z9kJgJ6kPeX4ZkGjxya3a3voez6TN Jl6qFl8KNx9Q5byhksoqY46I5XLuX366jaHTlIjAC9WbdBQpBYrAa8HDdqoJnjPu7/YKqVDkY GRlhQ5SAHHdvoDQwNp4QJmOwe4AMMFYe5pF9SMnluIp6iFv7aZkvI513Bwkj+rooGw1B2/s2d JCIsEHgBEoU/fplixKvVYZUomA4eU1ht33bCZSKDp4nJ/gRsTYZu6a80f7G5TY/mUOtxn2zhx atO/qCrbPNAA2KkhYGP4cgfR7PGq8GkFzkyoWDN7Lf/3ohjQlbSETUuJuHZ/7IYpn2SmRWnrV Gid55SwSChuVZtlRviFYGWTxr4chfVCHAoXnEUqvAJL8nFjvywIyjCP3B4dOn9nT1JRSCoBi+ JJk73dsaN0jkb/74chfk/87deUvhj0j/Zy54q/eVjs5cgPG5UCTgWk+Gq2DWxQb89p+/boDza Ur/ATXKY15LJgmCyor6SDmgewXCWncycxboI9/z5Tr8PWl8tHa8u8Q5LC3akAb+Vy7+b8Si9s v9pIZsKOJuc+bvRg2JkOG1NT170oOGXBPIA1DFNZsr4EMfVQJIxg4nslFkzLUHg7ly6kPaSfp /9v7Qc1FXOo6ttxdzgCTI0u3jJPk8SWbUz6LTM3H8vy926XKWH/eziQkYFB5p2f8wXMb1KIAw m9D6ntKBmVnAGDRzBdH4KJRPp5XgQ7dEZgP0YYHFzQ0fW8Ab7jnnC8MRcA0EcxyvNmnt8Tk83 cqONlP+o2zzwbGAAH Subject: [musl] Resolver routines, Postfix DNSSEC troubles - how to check for incompatibilities? Hi there, I am having an issue in my alpine docker setup with Postfix. I activated DANE for my server and did some tests if E-Mails are handled correctly. In that I found the outgoing mails to fail using DANE. Investigating the issue with Viktor Dukhovni over at postfix-users, we figured, that Postfix has troubles recognising the DANE parameters of the target server I am sending my E-Mails to. If you are interested in the conversation: https://pastebin.com/1e3sR0Hq In the tcpdumps we could figure, that no DNSSEC flags are in the request by Postfix, hence not getting the information to properly do DANE. That explains the failure of DANE, however not why this is happening. I am no programmer, hence not sure about libc etc. but Viktors last thought: "When Postfix is configured with "smtp_dns_support_level = dnssec", the RES_USE_DNSSEC and RES_USE_EDNS0 flags are set around calls to the resolver routines. If your C-library (perhaps only inside docker) has an incopatible resolver API, then you'll need a more compatible resolver library and/or a different container technology." In comparison using dig to check for DNSSEC out of the same container based on alpine works. However I do not know if the request is constructed the same way. So the question is now on how we can go about this to figure if there is an incompatibility? Kind regards Christian