Closed ThbtSprt closed 1 year ago
Please check the Summary of parameters in the Administration Manual and confirm you are setting appropriate parameters for your version of Sympa.
Hello @ikedas , thank you, I just checked ; my parameters in sympa.conf
were right.
The messages have DKIM signature when sent from an user to the list, but not when sent from the robot. Here is the headers of a welcom message:
Return-Path: tests-owner@mydomain.fr X-Original-To: usertest@domain.com Delivered-To: usertest@domain.com Received: from mydomain.fr (mydomain.fr [46.226.107.xxx]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mailin036.protonmail.ch (Postfix) with ESMTPS id 4R9ngS0ts5z9vNPp for usertest@domain.com; Wed, 26 Jul 2023 08:51:16 +0000 (UTC) Received: by mydomain.fr (Postfix, from userid 110) id C8FD923114; Wed, 26 Jul 2023 08:51:15 +0000 (UTC) Authentication-Results: mailin036.protonmail.ch; dmarc=pass (p=quarantine dis=none) header.from=mydomain.fr Authentication-Results: mailin036.protonmail.ch; spf=pass smtp.mailfrom=mydomain.fr Authentication-Results: mailin036.protonmail.ch; arc=none smtp.remote-ip=46.226.107.xxx Authentication-Results: mailin036.protonmail.ch; dkim=none Message-Id: sympa.1690361475.14810.34@mydomain.fr Date: Wed, 26 Jul 2023 08:51:15 +0000 To: usertest@domain.com Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: QUOTED-PRINTABLE Auto-Submitted: auto-generated From: tests-request@mydomain.fr Subject: Bienvenue sur la liste tests X-Mailer: Sympa 6.2.60 X-Rspamd-Queue-Id: 4R9ngS0ts5z9vNPp X-Rspamd-Server: cp5-mailin-036.plabs.ch X-Spamd-Result: default: False [-0.70 / 25.00]; DMARC_POLICY_ALLOW(-0.50)[mydomain.fr,quarantine]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; BAYES_HAM(-0.00)[42.06%]; R_DKIM_NA(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; FROM_NEQ_ENVFROM(0.00)[tests-request@mydomain.fr,tests-owner@mydomain.fr]; ASN(0.00)[asn:203476, ipnet:46.226.104.0/22, country:FR]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM(-0.00)[-0.932]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FROM_NO_DN(0.00)[]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+] X-Rspamd-Action: no action X-Pm-Spam: 0yezJI6cihyJeYR3pi42biOpJJvbmsCIeI1msjN3X3blJp7IjBlNIIojwsAjLlITJ otIj3C4MLJCQE9kUjItogsMjSlBITR0fFJFUERDllPVE6iITMwCilR2XnYnVluX2im8ZOsniPJFU CR6IJweyw3NXY0WiuAjODMxAEyMzyTYOMMD03EzNjMyAwiMihW1aZV2ftFmbSZ6IhzImjGFda91z p1WZ2Xi9Vyc2kmVdXIzwwMjMzN0AwiIiunVcX52hiUWbiOhJwtbGhmVZdVHyiMXZCLtJlsYWh2NX dVGn5J3b2Xh5UibWViJOUREBTVEViIiwFpbWjF9bYRXly92ZVew99icmwjoILcj45QTNXf91JzLC kmlcIojijRjNGMlRQ5OD2DUZZImyiNGNzNkhQyN2sn0IINnh7pjImIzlNwX3iW0YOAjsjNnI3blJ owIjzCJLY92yiQWZjOuAwiMCwmVcbJ307pjIlIQN9QRlTVNQIpjbuATLFMs0NQIlIl9RRxUPBB1X 1UiMstOlwC4MXwSiT9FV0QfN9EQkUV9WRhVUJx0XkTiUstOlwC4MX1X9fQ== X-Pm-Origin: external X-Pm-Transfer-Encryption: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) X-Pm-Content-Encryption: on-delivery X-Pm-Spamscore: 0 X-Pm-Spam-Action: inbox
Additional information
I haven't filled the form in the web interface, in order to let the global config apply :
@ThbtSprt ,
You wrote that you are using Sympa 6.2.60. Please check the section "6.2.58 to 6.2.70" in the Summary of parameters.
Yes, thank you @ikedas , I edited the issue in this way, but I still get the same results, after restart of sympa + postfix.
Could you please show the full (except db_XXX
parameters) configuration in sympa.conf
?
Besides, which location of the file are you using, /etc/sympa/sympa.conf
, /etc/sympa/sympa/sympa.conf
or the both!?
Here it is (I use the path /etc/sympa/sympa/sympa.conf
on Debian 11) :
(I replaced my real domain with "mydomain.fr"
lang fr domain mydomain.fr listmaster adress@mydomain.fr cookie 3870e7c0ce14c9d0c2defaae1fc9e5f9ebb67590 db_type mysql db_name xxx db_host xxx db_user xxx db_passwd xxx db_port xxx static_content_path /usr/share/sympa/static_content static_content_url /static css_path /var/lib/sympa/css css_url /css pictures_path /var/lib/sympa/pictures pictures_url /pictures use_fast_cgi 1 wwsympa_url https://mydomain.fr/sympa sendmail_aliases /etc/sympa/sympa_transport aliases_program postmap aliases_db_type hash dkim_feature on dkim_add_signature_to list,robot dkim_signature_apply_on any dkim_private_key_path /etc/opendkim/keys/mydomain.fr/default.private dkim_signer_domain mydomain.fr dkim_selector default arc_feature on dmarc_protection.mode all
Please check if:
/etc/opendkim/keys/mydomain.fr/default.private
exists and it can be read by sympa user;default._domainkey.mydomain.fr
exists and is resolvable on the host of Sympa;yes, i just checked.
Output of ls- l /etc/opendkim/keys/mydomain.fr/default.private
= -rw-r--r-- 1 sympa sympa 1679 Jul 17 18:24 default.private
dig -t txt default._domainkey.mydomain.fr
(executed from the host of Sympa) returns the correct public key
I compared the modulus of private and public keys with openssl, and it outputs the same
Anyways 6.2.60 is a bit older. Please update sympa
and dependent packages (especially libmail-dkim-perl
) to the recent release.
Ok, thank you, I'll try that way.
Unfortunately, it is still this version 6.2.60 that comes with the command apt install sympa
You may use bullseye-backports package.
Thank you, the problem disappeared with upgrade to 6.2.70
Version
6.2.60
Installation method
debian binary (
apt install sympa
) (installation on Debian 11, with Postfix)Expected behavior
DKIM headers of received emails from lists should be populated.
Actual behavior
Message is not signed.
Additional information
/etc/sympa/sympa/sympa.conf :
The TXT record containing the public key well is deployed at default._domainkey.
The private key has been created with opendkim, and sympa has permissions on it.