Mark Sapiro pushed to branch master at GNU Mailman / Mailman Core
Commits: a3abd0ff by Jonas Schäfer at 2022-12-13T22:45:35+00:00 Improve ARC documentation I had a bit of a hard time setting up ARC because of gaps in the documentation. First, I had to hunt down the Unparsable private key exception. Then I got a weird Syntax Error exception caused by the lack of `authserv_id` in my config. I did not set that initially because as I read the documentation, I thought I only needed that if mailman does **not** do its own DMARC/DKIM checks (the heading "trusted domains" confused me. It makes somewhat sense in schema.cfg, but not in the rendered docs). I hope this is an improvement, this wording and layout would've helped me a lot anyway. - - - - - b8d8dd5d by Mark Sapiro at 2022-12-13T22:45:35+00:00 Merge branch 'fix/arc-docs' into 'master' Improve ARC documentation See merge request mailman/mailman!1069 - - - - - 2 changed files: - src/mailman/config/schema.cfg - src/mailman/handlers/docs/arc_sign.rst Changes: ===================================== src/mailman/config/schema.cfg ===================================== @@ -693,12 +693,12 @@ enabled: no dmarc: yes dkim: yes -# Trusted Domains -# -# This is the domain name of your mailserver. Necessary to set correctly. -# authserv_id: your_domain.com +# This is the domain name as which Mailman identifies in any authentication +# headers it generates. Mandatory to set for ARC signing to work. authserv_id: +# Trusted Domains +# # This list should include all additional domains # that you manage that may be handling your incoming mail # Only necessary to update if there are local domains or subdomains @@ -714,6 +714,15 @@ trusted_authserv_ids: # See http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-domainkeys-identified-mail-effectively # for reference. The following parameters let the software find your # private & public keys +# +# .. note:: +# +# Some versions of OpenSSL generate private keys which some versions of +# dkimpy (the library used by Mailman for handling ARC) cannot read. +# This manifests in "Unparsable private key" exceptions while processing +# email. If you encounter this, try to regenerate the RSA key with the +# -traditional flag. +# # :: # privkey: /some/location/yourprivatekey.pem # selector: test ===================================== src/mailman/handlers/docs/arc_sign.rst ===================================== @@ -15,14 +15,23 @@ http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-domain for reference, as well as the additional documentaion about ARC configuration in general in schema.cfg. +.. note:: + + Depending on your version of openssl and opendkim-genkey, you might find that + Mailman is unable to read the private key file. This manifests in emails + getting shunted because of "Unparsable private key" exceptions (seen in + mailman.log). + + This is due to a + `bug in a dependency <https://bugs.launchpad.net/dkimpy/+bug/1978835>`_, which + is for instance present in the bullseye release of Debian. + The private key should be secured locally and made readable to Mailman, and the can be specified in ``mailman.cfg``:: [ARC] privkey: /path/to/private.key - - The public key should be put into a DNS TXT record, and located at: #{config.ARC.selector}._domainkey.#{config.ARC.domain} View it on GitLab: https://gitlab.com/mailman/mailman/-/compare/0c1b507d69ae8dd9d75b6cc185dccb154c120b2c...b8d8dd5dcedc38c1c596f52deb25729f2aaee665 -- View it on GitLab: https://gitlab.com/mailman/mailman/-/compare/0c1b507d69ae8dd9d75b6cc185dccb154c120b2c...b8d8dd5dcedc38c1c596f52deb25729f2aaee665 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Mailman-checkins mailing list -- mailman-checkins@python.org To unsubscribe send an email to mailman-checkins-le...@python.org https://mail.python.org/mailman3/lists/mailman-checkins.python.org/ Member address: arch...@jab.org
