Opened 7 months ago

Last modified 5 months ago

#3018 new task

Email messages inconsistently signed

Reported by: lnicola Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2024-III
Component: SysAdmin/Postfix Keywords: dkim, spf, dmarc

Description (last modified by lnicola)

  • a Welcome to the "postgis-tickets" mailing list message I got was not DKIM-signed
  • a [SCM] PostGIS branch master updated. 3.4.0rc1-749-g42f04a29e message was signed, but with a broken signature:
    dkim=fail (message has been altered, 2048-bit rsa key sha256) header.b=HFXPb4eW
      header.a=rsa-sha256 header.s=mail;
    dkim=pass (2048-bit rsa key sha256) header.b=B8QP3oc/ header.a=rsa-sha256
  • [SAC] [OSGeo] #3013: Submission service to send formal emails (was: Mail Submission Agent service to send formal emails) was not signed at all
  • strk says outgoing messages are signed, not sure which ones

Change History (7)

comment:1 by lnicola, 7 months ago

Description: modified (diff)

comment:2 by strk, 7 months ago

  • The [SCM] message comes from tracsvn machine via a git hook. This should go via postgis-ticket so not sure why signature is broken, can you tell ?
  • The [SAC] message is from sac mailing list, which is currently modifying the message and should stop doing so, see
  • The welcome message should be coming from pickup service but I'll be able to tell more if you provide a message-id for it

comment:3 by strk, 7 months ago

The opendkim configuration is now in ansible, if you want to take a look, lnicola

comment:4 by strk, 6 months ago

Maybe we could use the trac wiki to document the various ways outgoing emails are signed, I've just received one from the new discourse service ( and it is not signed at all:

dkim=none; dmarc=pass (policy=none); spf=pass ( domain of                                             
        "" designates as permitted sender) smtp.mailfrom=""  

comment:5 by strk, 6 months ago

Keywords: dkim spf dmarc added

comment:6 by strk, 5 months ago

Milestone: UnplannedSysadmin Contract 2024-III
Note: See TracTickets for help on using tickets.