Alex-Jordan
commented
4 months ago Open Alex-Jordan opened 4 months ago
Alex-Jordan
commented
4 months ago Alex-Jordan
commented
4 months ago The issue here will sooner or later affect all WeBWorK servers that allow students to set their own email address. If a student sets their email address to name@whatever.net then when they send an email instructor message, WeBWorK will try to send it "from" name@whatever.net. There's no way the WW admin or school mail server admin will have known to arrange for such an address to be signed with DKIM, so the message will be sent unsigned. And the instructor is more and more likely to never receive that message.
See: https://postmarkapp.com/blog/2024-gmail-yahoo-email-requirements. Brad alerted me that this has been happening the past few months, and more and more universities (especially those that use Google for mail) have been affected. This explains why things were basically issue-free with the WW Runestone server and email the past year or so, but then suddenly for about a month or two I've had sporadic complaints of messages not getting through.
Alex-Jordan
commented
4 months ago Can others try an experiment? On a production server, create a course. Change your own email address to something like a gmail.com address that you own. (Anything that is clearly outside the scope of your university mail server.) Then go to a page and use Email Instructor to send yourself a message. When I do this, I get a page full of errors. It starts out as:
Failed to send message: 5.7.1 <jordancanonical@gmail.com>: Sender address rejected: Mail from non-PCC addresses not allowedIt seems my school's smtp server is (wisely) not going to send a message that is "From" a gmail.com address. We don't allow students to change their WW email address here, but nothing would stop an instructor from changing to a different address if they wanted to. Well, nothing except errors like this.
I could also imagine a student in a course not having an email address, and typing it in at the time of sending their message. And typing their yahoo.com address or whatever. This is not uncommon on the RS server where a school wanted to keep their student emails out of an external database like RS. Since RS uses postfix and it's not configured restrictively like my school's smtp server, these get sent through. Although they do not get signed, and are more likely to be declared to be spam. (Well, not since yesterday, since I changed how RS sends emails.)
I'm not looking forward to this, but I think WW needs to redesign how it handles email. There are at least two models and we could try to support both, or just support the more versatile option.
site.conf would have a list of email domains that are approved. In my school's case, this would only be @pcc.edu. Any email entry would have to use a domain from this list. It's the server admin's job to make sure that the smtp server is willing to send out email that is "From" these domains.feedback@webwork.school.edu, notification@webwork.school.edu, instructor@webwork.school.edu, etc. These can go out with appropriate ReplyTo addresses. Even the "From" can have a person's name on it. So your student could send you an Email Instructor message that is "From" Lester Student <feedback@webwork.school.edu> with a reply-to address Lester Student <lester.student@school.edu>.I've found four places email goes out:
And I've been imagining (for a while now, with no action) email alerts to students about upcoming due dates on incomplete assignments, etc.
Anyway, it will be a big project. I don't want to get started without consensus on what the problem is and what the right model is to address it.
I have a situation with the RS server that many WW server admins would not run into. For most other installations, all user emails have the same
@domain.edu, and it is a domain where the WW server is a subdomain. With the RS server, this is not the case.For some institutions, emails from the WW server are rejected if they are not DKIM signed. Normally, it's easy to sign because there is just one
domain.eduto worry about, and it's actually a domain you have authority with. But when the "From" address is a student's...@whatever.eduthen I can't (shouldn't?) set things up to give a DKIM signature for all the possibilities forwhatever.edu.I've tested in a RS WW course, that if I set my email address to
alex.jordan@pcc.eduand send a message to a mail testing service, it is not DKIM signed. But if I change my email toalex@webwork-hosting.runestone.academythen it will be signed. This makes sense...opendkimis configured to sign forwebwork-hosting.runestone.academy:)So the issue is that I need the WW server to send emails from a
webwork-hosting.runestone.academyaddress, but there are two immediate issues with that.someone@webwork-hosting.runestone.academyinstead of from the student. How confusing will this be for them?As I think about this, it starts to seem "wrong" that we send emails that are "from" an
institution.eduaddress. Of course it's fine when you work at that institution and the institutional mail server is actually the mail server you are using, and the admin supports your cause. But RS is using postfix to send mail, and can't be the only WW server where this DKIM signing issue is an issue.Note that most RS subscribing schools have "low" standards and the emails do get through, even without a DKIM signature. It's a few (but growing number) that are bouncing the messages back.
Unless people have good ideas, I think I will have to alter the RS WW server to send from some generic
webwork-hosting.runestone.academyaddress and make sure thereply-tois the student address.