search

sympa-community / sympa

Sympa, Mailing List Management Software
https://www.sympa.community/sympa
GNU General Public License v2.0
237 stars 94 forks source link

DKIM signature is not applyed to all system messagge #1810

Closed morenonardelliunitn closed 4 months ago

morenonardelliunitn commented 4 months ago

On our Sympa system we have activated and configured the DKIM and ARC signature as per the guide. The configurations are implemented at the subdomain in the various robot.conf files. However, we have noticed that some system messages are not signed with DKIM. The relationship found is that messages sent from an envelope from "nomelista-owner@dominio.it" are not signed while those with evelop from "sympa-request@dominio.it" are signed correctly

Version

Sympa 6.2.72

Installation method

rpm package on RHEL 8.7

Expected behavior

I expect Sympa to sign all its system messages

Actual behavior

At the moment this is not the case

Additional information

correct mail:

X-Envelope-From: <sympa-request@domain.it>
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelayserver.subdomain.it 4TgcVq5gbDzGnvn
Authentication-Results: mailrelayserver.subdomain.it;
    dkim=pass (1024-bit key, unprotected) header.d=domain.it header.i=@domain.it header.a=rsa-sha256 header.s=selector-domain.it header.b=BpsRzgAl
...
...
...
X-Authentication-Warning: server-domain.it: sympa set sender to sympa-request@domain.it using -f
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=
    domain.it; h=content-transfer-encoding
    :content-type:date:from:message-id:mime-version:subject:to; s=
    selector-domain.it; bh=vzI0B6UdwhmsJdxw689mcswAEYENz0GFcbhOYg+mf
    Bk=; b=BpsRzgAl8Fcob8Aqi/scBCMkEZ0ucS06YaDFKjarzPGUR6/908IKWOH2u
    c4jHUfBwi2NBSxMpvNP8FoMqjYgUgar9DiLnUzxvKLlJGumhIcclq/p6oNVYkNcA
    G3LYzAbTexG5Hq5u1vWrkhBsUB90Wax1kEjvxSmcBCGs5YN4Ao=
Message-Id: <sympa.1708615728.614853.5515.499@domain.it>

From: "SYMPA" <sympa@domain.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7BIT
Auto-Submitted: auto-generated
To: user@mydomain.it
Subject: Results of your commands
X-Loop: sympa@domain.it
X-Mailer: Sympa 6.2.72

wrong email:

ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of listname-owner@domain.it designates 52.236.146.108 as permitted sender) smtp.mailfrom=listname-owner@domain.it
Return-Path: <listname-owner@domain.it>
Received: from mailrelayserver.subdomain.it (....)
        by mx.google.com with ESMTPS id m5-20020a056402430500b0056431b3a67esi1652554edc.268.2024.02.19.00.12.57
        for <user@mydomain.it>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 19 Feb 2024 00:12:57 -0800 (PST)
Received-SPF: pass (google.com: domain of listname-owner@domain.it designates 52.236.146.108 as permitted sender) client-ip=52.236.146.108;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of listname-owner@domain.it designates 52.236.146.108 as permitted sender) smtp.mailfrom=listname-owner@domain.it
X-Envelope-From: <listname-owner@domain.it>
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelayserver.subdomain.it 4TdZz82hjmzDq78
Received: from domain.it (list-mx.unitn.it [52.236.146.108]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
     key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailrelayserver.subdomain.it (Postfix) with ESMTPS id 4TdZz82hjmzDq78 for <user@mydomain.it>; Mon, 19 Feb 2024 09:12:52 +0100 (CET)
Received: from domain.it (localhost [127.0.0.1]) by domain.it (8.15.2/8.15.2) with ESMTPS id 41J8CpQW1584876 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for <user@mydomain.it>; Mon, 19 Feb 2024 09:12:51 +0100
DKIM-Filter: OpenDKIM Filter v2.11.0 domain.it 41J8CpQW1584876
Authentication-Results: domain.it; dkim=none
Received: (from sympa@localhost) by domain.it (8.15.2/8.15.2/Submit) id 41J8Cp1Q1584873 for user@mydomain.it; Mon, 19 Feb 2024 09:12:51 +0100
X-Authentication-Warning: domain.it: sympa set sender to listname-owner@domain.it using -f
Message-Id: <sympa.1708330371.374665.5599.407@domain.it>
Date: Mon, 19 Feb 2024 09:12:51 +0100
To: user@mydomain.it
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Auto-Submitted: auto-generated
From: listname-request@domain.it
Subject: Conferma cancellazione dalla lista 4test
X-Mailer: Sympa 6.2.72
ikedas commented 4 months ago

Hi @morenonardelliunitn ,

Please show us the steps to reproduce, i.e.:

morenonardelliunitn commented 4 months ago

Hi @ikedas the DKIM configuration was carried out at the robot.conf level by: in /etc/sympa/sympa.conf file inserting the following lines: dkim_feature on dkim_add_signature_to robot dkim_signature_apply_on any

in every robot.conf files inserting the following lines:

dkim_private_key_path /etc/sympa/domain-keys/sub-domain.private dkim_signer_domain sub.domain.it dkim_selector selector-subdom

all files in the folder /etc/sympa/domain-kays/ are owned by the user sympa with 600 permission: -rw------- 1 sympa sympa 887 Feb 3 2021 sub-domain.private

in the list has set custom messages for welcome or goodbye template. These automatic communications occur from the sender nomelista-request@sub.domain.it and are not signed by DKIM. (you can see a mail's header in the my previus second example)

Other communications such as those relating to errors carried out based on moderation operations which have the sender sympa-request@sub.domain.it are correctly signed DKIM (you can see a mail's header mail in the my previus first example)

ikedas commented 4 months ago

This issue is a duplicate of #1739 and will be fixed on the next release. @morenonardelliunitn , thank you for reporting bug! This issue is closed.