Re: Gmail bounce unauthenticated @debian.org addresses
On 3/4/22 18:29, Marco d'Itri wrote: On Mar 04, Baptiste Beauplat wrote: Looking at your email headers, I would guess that gmail is already doing it. X-Google-DKIM-Signature: v=1; a=rsa-sha256... There is somewhat some irony in Gmail blocking email without a DKIM signature while they are using a non-standard header that other provider/tools might miss. Just a thought. > No irony, you are just missing the point. gmail uses this X header for internal purposes, and there is no DKIM signature because the message has a @debian.org 822.from address hence gmail obviously lacks a valid key for it. Thanks for pointing this out Marco. I did check a mail coming from @gmail.com and indeed the correct header was used. Stephan, sorry then. I don't use gmail and I won't be able to point you to the correct how-to :/ -- Baptiste BEAUPLAT - lyknode
Bug#1006804: ITP: janitor -- management platform for large-scale automated code improvements
Package: wnpp Severity: wishlist Owner: Jelmer Vernooij X-Debbugs-Cc: team+jani...@tracker.debian.orgr debian-devel@lists.debian.org * Package name: janitor Version : 0.1.0 Upstream Author : Jelmer Vernooij * URL : https://github.com/jelmer/janitor/ * License : GPL Programming Lang: Python Description : management platform for large-scale automated code improvements The Janitor is a platform for running code improvement tools on a large number of repositories. It takes a collection of VCS repositories and will regularly try to run a set of specified code improvement tools on those repositories. Scheduling takes into account tool-specific hints, past success and chances of success. The web UI allows review and analysis of changes made. Depending on policy set, changes are either pushed directly back to the repository or included in a pull request (that is kept up to date). The Janitor currently powers the Debian Janitor @ https://janitor.debian.net/.
Bug#1006806: ITP: libmock-sub-perl -- module to mock subroutines for unit testing
Package: wnpp Owner: gregor herrmann Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org * Package name: libmock-sub-perl Version : 1.09 Upstream Author : Steve Bertrand * URL : https://metacpan.org/release/Mock-Sub * License : Artistic or GPL-1+ Programming Lang: Perl Description : module to mock subroutines for unit testing Mock::Sub is an easy to use and very lightweight module for mocking out sub calls. It is useful for testing areas of your own modules where getting coverage may be difficult due to nothing to test against, and/or to reduce test run time by eliminating the need to call subs that you really don't want or need to test. The package will be maintained under the umbrella of the Debian Perl Group. -- Generated with the help of dpt-gen-itp(1) from pkg-perl-tools. signature.asc Description: Digital Signature
Re: Gmail bounce unauthenticated @debian.org addresses
Baptiste Beauplat wrote: >We recently discovered that Gmail started to bounce email from >mentors.debian.net with the following message: > >550-5.7.26 This message does not have authentication information or >fails to 550-5.7.26 pass authentication > checks. To best protect our users from spam, the 550-5.7.26 message has >been blocked. Please visit 550-5.7.26 >https://support.google.com/mail/answer/81126#authentication for more 5 >50 5.7.26 information. Yup. I've seen this too. Thanks for starting the thread here, which has prompted useful clues on how to deal with this. It's maddening to see Google continue to f*ck up mail requirements for everybody else. Of course, they continue to be (one of?) the biggest sources of spam on the net and show no interest in doing anything about it. "Don't be evil" indeed... :-( -- Steve McIntyre, Cambridge, UK.st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
Re: Gmail bounce unauthenticated @debian.org addresses
On Fri, 4 Mar 2022 at 23:34, Ansgar wrote: > On Fri, 2022-03-04 at 13:27 +0100, Stephan Lachnit wrote: > > On Fri, Mar 4, 2022 at 12:47 PM Baptiste Beauplat > > wrote: > > > As a reminder debian.org addresses does support DKIM. After > > > configuration on your mail server, you can publish your DKIM public > > > key > > > to db.debian.org [1][2]. > > > > Can you point to some quick guide on how to do this for gmail? The > > support page seems kinda confusing to me. > > This usually requires you running your own mail server (for outgoing > mail). > > I don't think mail providers like GMail allow you to set up DKIM for > individual IP addresses. This is basically how I do it. My setup is I have G-Suite or whatever its name is this week and a separate outbound server. I'm not sure what the "to do this for gmail" means here, so there is three parts to this: * What Gmail does with DKIM * How I send emails from @debian.org using mutt etc * How I send emails from @debian.org using Gmail First, Gmail likes DKIM signed mails; some of these bounces are caused by DKIM problems. DKIM is basically a signature to say the senders server is allow to send those emails. You have to set it up (sign) on the outbound servers and check it on the inbound servers. For any of my servers/laptops I send outbound email to my own outbound server. This server signs emails using opendkim with the dropbear.xyz key or the debian key depending on the from address. It's no good sending email from j...@cow.com with a key good for j...@sheep.net Last of all, to send emails within Gmail using csm...@debian.org as my from address, you go into Settings->Accounts->Send mail as. The outbound mailserver is my server (that signs my debian emails). Of course my outbound server requires a username and password to send emails so that is recorded in the settings too (and is unique for each sending system/server). The result is this goodness I can see with an email from my laptop into Gsuite using my debian email address: Authentication-Results: mx.google.com; dkim=pass header.i=@debian.org header.s=debian1.csmall.user header.b=uVHcNrjO; header.i is identity, e.g. what domain are you trying to prove you can use. header.s is selector, which is what method/key am I using to prove this. header.b is the hash/signature. I'm a network engineer, not a mail server admin so this might not be 100%, but it does give me the happy mailserver headers I want. - Craig
