Opened 7 months ago

Last modified 5 months ago

#3018 new task

Email messages inconsistently signed

Reported by: lnicola Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2024-III
Component: SysAdmin/Postfix Keywords: dkim, spf, dmarc
Cc:

Description (last modified by lnicola)

  • a Welcome to the "postgis-tickets" mailing list message I got was not DKIM-signed
  • a [SCM] PostGIS branch master updated. 3.4.0rc1-749-g42f04a29e message was signed, but with a broken signature:
    dkim=fail (message has been altered, 2048-bit rsa key sha256)
      header.d=osgeo.org header.i=@osgeo.org header.b=HFXPb4eW
      header.a=rsa-sha256 header.s=mail;
    dkim=pass (2048-bit rsa key sha256) header.d=osgeo.org
      header.i=@osgeo.org header.b=B8QP3oc/ header.a=rsa-sha256
      header.s=mail;
  • [SAC] [OSGeo] #3013: Submission service to send formal emails (was: Mail Submission Agent service to send formal emails) was not signed at all
  • strk says outgoing messages are signed, not sure which ones

Change History (7)

comment:1 by lnicola, 7 months ago

Description: modified (diff)

comment:2 by strk, 7 months ago

  • The [SCM] message comes from tracsvn machine via a git hook. This should go via postgis-ticket so not sure why signature is broken, can you tell ?
  • The [SAC] message is from sac mailing list, which is currently modifying the message and should stop doing so, see https://trac.osgeo.org/osgeo/ticket/3011#comment:23
  • The welcome message should be coming from pickup service but I'll be able to tell more if you provide a message-id for it

comment:3 by strk, 7 months ago

The opendkim configuration is now in ansible, if you want to take a look, lnicola

comment:4 by strk, 6 months ago

Maybe we could use the trac wiki to document the various ways outgoing emails are signed, I've just received one from the new discourse service (discourse.osgeo.org) and it is not signed at all:

dkim=none; dmarc=pass (policy=none) header.from=osgeo.org; spf=pass (spool.mail.gandi.net: domain of                                             
        "SRS0=JIbU=HZ=discourse.osgeo.org=noreply@osgeo.org" designates 140.211.15.3 as permitted sender) smtp.mailfrom="SRS0=JIbU=HZ=discourse.osgeo.org=noreply@osgeo.org"  

comment:5 by strk, 6 months ago

Keywords: dkim spf dmarc added

comment:6 by strk, 5 months ago

Milestone: UnplannedSysadmin Contract 2024-III
Note: See TracTickets for help on using tickets.