Opened 2 years ago

Closed 2 years ago

#2726 closed task (fixed)

DKIM and DMARC for mail.osgeo.org, lists.osgeo.org

Reported by: robe Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2022-II
Component: SysAdmin Keywords:
Cc:

Description

Mail providers are now requiring DMARC and DKIM as an extra precaution against spam.

I've enabled DMARC reporting in #2721. This ticket will change the email it is being sent to -- right now it sends to sysadmin+dmarc which ends up sending to all sysadmins.

The next part is configuring DKIM which requires keys to be setup on osgeo6 to handle.

Change History (8)

comment:1 by neteler, 2 years ago

Not sure if this is the right ticket but we have list server troubles with Google:

From: Mail Delivery System <MAILER-DAEMON@mageia.org>
To: grass-dev-bounces@lists.osgeo.org
Cc: 
Bcc: 
Date: Fri,  1 Apr 2022 18:29:20 +0200 (CEST)
Subject: Undelivered Mail Returned to Sender
This is the mail system at host sucuk.mageia.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<XXXXXXXX@gmail.com>: host gmail-smtp-in.l.google.com[142.250.13.27] said:
    550-5.7.26 This message does not have authentication information or fails
    to 550-5.7.26 pass authentication checks. To best protect our users from
    spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26
    https://support.google.com/mail/answer/81126#authentication for more 550
    5.7.26 information. az8-20020adfe188000000b00203e90195c1si1921618wrb.837 -
    gsmtp (in reply to end of DATA command)

comment:2 by robe, 2 years ago

@neteler,

Is this a recent issue or been like this for a while?

comment:3 by Neteler, 2 years ago

I have seen it only recently.

comment:4 by robe, 2 years ago

Resolution: fixed
Status: newclosed

I've configured DKIM on osgeo6 now so the mails should be signed now, but I think there might be a lag on when we see that. I published the public key in pairsdomain.

Details here - https://git.osgeo.org/gitea/sac/osgeo6-etc-apache2/wiki/Configure-DKIM

comment:5 by robe, 2 years ago

Okay I think it might be working. I just got notice after submitting this ticket and looking at the headers, it now shows DMARC as passing. Hopefully this will reduce the number of issues with people getting emails.

comment:6 by robe, 2 years ago

Resolution: fixed
Status: closedreopened

Just realized past records show DMARC success too and test message is not showing as signed. So I think there is something I am missing in my configs.

comment:7 by robe, 2 years ago

Testing again - ignore this.

comment:8 by robe, 2 years ago

Resolution: fixed
Status: reopenedclosed

okay I think I got it right this time. Now seeing dkim signature in email back and that it is passing dkim check (mail from sac mailing list)

Note: See TracTickets for help on using tickets.