bulk.pl daemon crashes if it failed to load private key

[Salo15]

We recently had the problem that a moderation email could not be sent to the owners of a list for which there is a certificate and through which encrypted emails can be sent.
The error was that the correct value for the key_passwd parameter was not set in the Sympa config and the error message "failed to load the private key" appeared in the Sympa log.
This was my error and caused the email to the list moderators to get stuck in the queue /var/spool/sympa/bulk/msg/.

The problem with this situation, however, was that during the time Sympa kept trying to send this email, the emails to subscribers of all the other mailing lists were not being sent.
So the mailing list server was accepting and processing emails for the lists, but the emails to the subscribers of the list were sent only after we detected and fixed the above problem.

Do you have any idea why this one email blocked the sending of emails to the subscribers of all other lists?
It looks like this one email blocked the entire bulk spool.
Of course, we would like to avoid that in a similar case in the future the outgoing mail dispatch could be blocked again.

We use Sympa version 6.2.16 and Sympa is installed as Debian Package.

Kind regards,
Sabine

[ikedas]

Hi @Salo15 ,
Could you please show us Sympa's log from when the error message "failed to load the private key" appeared to when you knew that an email to subscribers of any other mailing list had not been sent?

[Salo15]

Hi, It has been more than a week since the error occurred, so we no longer have that day's log entries (we are only allowed to keep log entries for one week at a time). Since I don't want to recreate the problem on the production server, I need to request a certificate for a list on our test server first, so I can recreate the problem on the test server. I will do that when I find some time to do it. Thanks and kind regards, Sabine Von: IKEDA Soji <[email protected]> Gesendet: Mittwoch, 3. Februar 2021 00:48 An: sympa-community/sympa <[email protected]> Cc: Lorenz, Sabine (SCC) <[email protected]>; Mention <[email protected]> Betreff: Re: [sympa-community/sympa] Moderation mail that could not be sent blocked all outgoing mail (#1110) Hi @Salo15 <https://github.com/Salo15> , Could you please show us Sympa's log from when the error message "failed to load the private key" appeared to when you know that an email to subscribers of any other mailing list was not being sent? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1110 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMIOBG2WY3VNNJANABGIDLLS5CFJTANCNFSM4W6NWBZQ> .

[racke]

This is serious issue that I'm encountering once in a while on a 6.2.22 install. Once Sympa dies during processing, it will not retire the culprit to bad directory. The consequences is that it mindlessly tries the same message again and again and again, which means no emails are processed any more.

Log file excerpt:

var/log/sympa.log.5.gz:Jan 29 22:24:04 post sympa_msg[27464]: err main::#243 > Sympa::Spindle::spin#92 > Sympa::Spindle::DoCommand::_twist#120 > Sympa::Spindle::spin#75 > Sympa::Request::Message::next#42 > Sympa::Request::Message::_load#104 > Sympa::Message::get_plain_body#2176 > MIME::Charset::new#433 > MIME::Charset::_find_encoder#467 > (eval)#1 > (eval)#1 > MIME::Charset::BEGIN#1 DIED: Can't locate Encode/EUCJPASCII.pm in @INC (you may need to install the Encode::EUCJPASCII module) (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 408) line 1.
/var/log/sympa.log.5.gz:Jan 29 22:24:21 post sympa_msg[27527]: err main::#243 > Sympa::Spindle::spin#92 > Sympa::Spindle::DoCommand::_twist#120 > Sympa::Spindle::spin#75 > Sympa::Request::Message::next#42 > Sympa::Request::Message::_load#104 > Sympa::Message::get_plain_body#2176 > MIME::Charset::new#433 > MIME::Charset::_find_encoder#467 > (eval)#1 > (eval)#1 > MIME::Charset::BEGIN#1 DIED: Can't locate Encode/EUCJPASCII.pm in @INC (you may need to install the Encode::EUCJPASCII module) (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 408) line 1.
/var/log/sympa.log.5.gz:Jan 29 22:24:39 post sympa_msg[27586]: err main::#243 > Sympa::Spindle::spin#92 > Sympa::Spindle::DoCommand::_twist#120 > Sympa::Spindle::spin#75 > Sympa::Request::Message::next#42 > Sympa::Request::Message::_load#104 > Sympa::Message::get_plain_body#2176 > MIME::Charset::new#433 > MIME::Charset::_find_encoder#467 > (eval)#1 > (eval)#1 > MIME::Charset::BEGIN#1 DIED: Can't locate Encode/EUCJPASCII.pm in @INC (you may need to install the Encode::EUCJPASCII module) (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 408) line 1.
/var/log/sympa.log.5.gz:Jan 29 22:24:57 post sympa_msg[27646]: err main::#243 > Sympa::Spindle::spin#92 > Sympa::Spindle::DoCommand::_twist#120 > Sympa::Spindle::spin#75 > Sympa::Request::Message::next#42 > Sympa::Request::Message::_load#104 > Sympa::Message::get_plain_body#2176 > MIME::Charset::new#433 > MIME::Charset::_find_encoder#467 > (eval)#1 > (eval)#1 > MIME::Charset::BEGIN#1 DIED: Can't locate Encode/EUCJPASCII.pm in @INC (you may need to install the Encode::EUCJPASCII module) (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 408) line 1.

So regardless of the reason of the crash, the bad email needs to be removed from the queue without any exceptions.

[ikedas]

I got it! It‘s duplicate of #8 .

Dependent module MIME-Charset (libmime-charset-perl on Debian) has to be updated. It hss been fixed on 1.011.3 (cf.Changelog.).

[ikedas]

@Salo15 , can you find the same log line as that racke quoted?

[ikedas]

@Salo15 , I found the way to fix.

If possible, could you please apply this patch on your Sympa 6.2.16, and check if delivery will no longer be stopped?

[racke]

Thanks for the quick fix @ikedas, but it solves the problem only for this specific case. In my opinion any crashes of the bulk daemon should be intercepted.

[ikedas]

Thanks for the quick fix @ikedas, but it solves the problem only for this specific case. In my opinion any crashes of the bulk daemon should be intercepted.

Do you know any other reason by which bulk daemon will crash?

[racke]

I don't but as Sympa is certainly not bug free it will happen again eventually. Why is it so complicated to move away such emails? It is not likely to work the next time and it brings the system to a grinding halt.

[ikedas]

I don't but as Sympa is certainly not bug free it will happen again eventually. Why is it so complicated to move away such emails? It is not likely to work the next time and it brings the system to a grinding halt.

Imagine that we could let the process investigate why the process crashed. How about crashing process that is investigating crash? You ask the endless question.

Instead, when a process crashes, the traceback is recorded on the log, and the human can investigate why the process crashed. That's why I usually ask people "Please show the log from when ... to when ...".

[racke]

It isn't an endless question. The expectation of a daemon/service on Linux is that it never crashes and definitely not on user input. So the bulk daemon is currently inferior to other daemon software like nginx, postfix etc. I suggest to move this topic to general discussion / separate issue though.

[ikedas]

It's off-topic and I'll stop conversasion by this response:

Postfix, Linux kernel and so on will also crash by unexpected errors. Why they look never crashing is that many people have been eliminating the bugs they could expect. OTOH Sympa has many bugs not yet eliminated. It's simply a matter of degree.

In this time I found that Sympa should not terminate if the methods of Crypt::SMIME fails. By this, Sympa is one step closer to the software that do never crash --- although it is not possible that Sympa will be completely so.

[Salo15]

Unfortunately, I am not able to restore the error again. The error does not occur now, even if I set a wrong value for the key_passwd parameter in the sympa config. (Also, when I call openssl rsa -in /var/lib/sympa/list_data/test3.lists.kit.edu/testlist_encrypt/private_key, I am now no longer asked for the password, and I suspect that key_passwd is not being read from Sympa-Config at all at the moment). With this, I can't currently test if the patch fixes the problem. If the error reappears, I will test that then and read the logs accordingly. From my point of view this ticket can be closed. Thanks for the help, Sabine Von: IKEDA Soji <[email protected]> Gesendet: Donnerstag, 4. Februar 2021 00:23 An: sympa-community/sympa <[email protected]> Cc: Lorenz, Sabine (SCC) <[email protected]>; Mention <[email protected]> Betreff: Re: [sympa-community/sympa] Moderation mail that could not be sent blocked all outgoing mail (#1110) @Salo15 <https://github.com/Salo15> , can you find the same log line as that racke quoted? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1110 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMIOBG3ZGBSRCADCLJEFKWLS5HLGZANCNFSM4W6NWBZQ> .

[ikedas]

@Salo15 , thank you for follow up.

But I'd like to ask one thing: As I'd like to confirm that a process has crashed, could you please show us the log line reporting the problem? (confidential information like host name may be masked.) If it is, that is the line including a phrase "DIED:".

[Salo15]

O yes, of course. These are the lines from the log of the time when the problem occurred: Jan 18 10:53:45 xxx.scc.kit. edu bulk[20227]: err main::#157 > Sympa::Spindle::spin#80 > Sympa::Spindle::ProcessOutgoing::_twist#390 > Sympa::Message::smime_sign#1057 DIED: Crypt:: SMIME#setPrivateKey: konnte den privaten Schlüssel nicht laden: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt at /usr/share/sympa/lib/Sympa/Message. pm Zeile 1058. Jan 18 10:53:45 xxx.scc.kit. edu bulk[20238]: err main::#157 > Sympa::Spindle::spin#80 > Sympa::Spindle::ProcessOutgoing::_twist#390 > Sympa::Message::smime_sign#1057 DIED: Crypt:: SMIME#setPrivateKey: konnte den privaten Schlüssel nicht laden: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt at /usr/share/sympa/lib/Sympa/Message. pm Zeile 1058. Jan 18 10:53:45 xxx.scc.kit. edu bulk[20193]: err main::#157 > Sympa::Spindle::spin#80 > Sympa::Spindle::ProcessOutgoing::_twist#390 > Sympa::Message::smime_sign#1057 DIED: Crypt:: SMIME#setPrivateKey: konnte den privaten Schlüssel nicht laden: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt at /usr/share/sympa/lib/Sympa/Message. pm Zeile 1058. Kind regards, Sabine Von: IKEDA Soji <[email protected]> Gesendet: Donnerstag, 4. Februar 2021 10:11 An: sympa-community/sympa <[email protected]> Cc: Lorenz, Sabine (SCC) <[email protected]>; Mention <[email protected]> Betreff: Re: [sympa-community/sympa] Moderation mail that could not be sent blocked all outgoing mail (#1110) @Salo15 <https://github.com/Salo15> , thank you for follow up. But I'd like to ask one thing: As I'd like to confirm that a process has crashed, could you please show us the log line reporting the problem? (confidential information like host name may be masked.) If it is, that is the line including a phrase "DIED:". — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1110 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMIOBG2B6K7BTGPIIYIBWJ3S5JQAVANCNFSM4W6NWBZQ> .

[ikedas]

@Salo15 , thanks for information! The information are exactly what I expected, and it confirmed the fix I made was correct.

When the fix will be merged, this issue will be closed. If you would realize something wrong, feel free to request reopen of this issue.