date:20201103

DKIM & fedora lists

2020-11-03 Thread Dominique Martinet

Hi,

I just enabled dkim/dmarc on my domain last week, so sent my first email
with that setup to devel@ just earlier today and got a few "invalid dkim
signature" return emails...


So I was wondering how do people deal with that?

Normally lists have two ways of handling dkim:
 - either they don't mangle the subject/signed headers (for me:
h=Date:From:To:Cc:Subject:References:In-Reply-To:From).
In that case, just leave the original dkim header and things should just
work™.
That's what e.g. kernel lists do and worked well for me.

 - either they DO mangle headers, often adding a [tag] to the subject
line; in which case the From is also updated to be the list address with
the original sender name (e.g. Bob ) and the
original mail is eventually appended to the Reply-To addresses, with the
original dkim header stripped off.


As far as I can see de...@lists.fedoraproject.org doesn't mangle
anything so should fall into the first category of "doing nothing just
works" -- but it stripped my original dkim header, hence the failures.

I'm pretty sure mailman can deal with this, is that on purpose? Or is it
just a mishap?
my dmarc policy says to ignore dkim failures (for now) so I could just
ignore this but it's a bit annoying that I had setup dmarc/dkim because
my mails often get treated as spam for some reason and such errors won't
be helping...


Thanks!

PS: I subscribed to the infra list just for this, but did look through
the archives quickly and didn't find much, sorry if this had been
brought up before. I'll likely unsubscribe back once that's answered one
way or another.
-- 
Dominique
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: Another Rust MirrorManager experiment

2020-11-03 Thread Kevin Fenzi

On Mon, Nov 02, 2020 at 07:34:12AM +0100, Adrian Reber wrote:
> On Tue, Oct 06, 2020 at 10:38:40AM -0400, Stephen John Smoogen wrote:
> > On Tue, 6 Oct 2020 at 03:46, Adrian Reber  wrote:
> > 
> > > On Mon, Oct 05, 2020 at 08:30:12AM -0400, Stephen John Smoogen wrote:
> > > > On Mon, 5 Oct 2020 at 02:24, Adrian Reber  wrote:
> > > >
> > >
> > > > We are not wanting to deploy new EL7 systems but would probably install
> > > an
> > > > EL8 box for this. Does this change the need for moving to Fedora on it?
> > >
> > > I just asked on #fedora-rust, but it seems it is not easily possible to
> > > build the Fedora Rust packages for EL8. If I am understanding it
> > > correctly it seems we need to run the Rust based mirrorlist cache
> > > generation on a Fedora host. If we have a second mm-backend system
> > > (mm-backend02) that is Fedora based to generate the mirrorlist cache we
> > > could decrease the amount of RAM (32GB) on mm-backend01 to something
> > > like 8GB.
> > >
> > >
> > OK that makes sense. This will be something that needs upgrading every 6
> > months like our proxies, but it is what it is.
> 
> I have also seen that countme is deployed from ansible directly from
> git. I could do that also for mirrorlist cache generation code on RHEL 7
> which would mean we do not need any other hosts. We could just run it
> directly on mm-backend01 as it is right now and switch between the
> existing Python based code and the new Rust based code just as we need
> it.

Sure, thats ok with me, as long as in ansible we pin to a specific ref
on the git repo (ie, don't just say HEAD and get changes on ansible
runs). 

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: DKIM & fedora lists

2020-11-03 Thread Kevin Fenzi

On Tue, Nov 03, 2020 at 06:13:14PM +0100, Dominique Martinet wrote:
> Hi,
> 
> I just enabled dkim/dmarc on my domain last week, so sent my first email
> with that setup to devel@ just earlier today and got a few "invalid dkim
> signature" return emails...
> 
> 
> So I was wondering how do people deal with that?
> 
> Normally lists have two ways of handling dkim:
>  - either they don't mangle the subject/signed headers (for me:
> h=Date:From:To:Cc:Subject:References:In-Reply-To:From).
> In that case, just leave the original dkim header and things should just
> work™.
> That's what e.g. kernel lists do and worked well for me.
> 
>  - either they DO mangle headers, often adding a [tag] to the subject
> line; in which case the From is also updated to be the list address with
> the original sender name (e.g. Bob ) and the
> original mail is eventually appended to the Reply-To addresses, with the
> original dkim header stripped off.

Or add a footer, or handle mime attachments in different ways or ... any
number of things.

> As far as I can see de...@lists.fedoraproject.org doesn't mangle
> anything so should fall into the first category of "doing nothing just
> works" -- but it stripped my original dkim header, hence the failures.

It does. It adds a footer. 

> I'm pretty sure mailman can deal with this, is that on purpose? Or is it
> just a mishap?
> my dmarc policy says to ignore dkim failures (for now) so I could just
> ignore this but it's a bit annoying that I had setup dmarc/dkim because
> my mails often get treated as spam for some reason and such errors won't
> be helping...

Mailman can detect if someone has set dmarc to reject and if so, change
the from address to be the address from the list. This is a per list
setting. I think I reluctantly enabled it on devel and users, I am not
sure what other lists enable it. 

It should have worked for you, I am not sure why not... 

IMHO, setting dmarc to reject is a really bad idea if you send any
emails from your domain that go to lists. 

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: Possible outdated Jenkins jobs

2020-11-03 Thread Leonardo Rossetti

ha no worries we can keep it and make it work :)

On Mon, Nov 2, 2020 at 2:16 PM Vít Ondruch  wrote:

>
> Dne 02. 11. 20 v 15:30 Leonardo Rossetti napsal(a):
> > https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby-chkbuild/
> > 
> >
> > https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby/
> > 
>
>
> I have never found the energy to make this work after migration from
> Fedora CI to CentOS CI :/
>
>
> Vít
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>


-- 

Leonardo Rossetti

Senior Software Engineer,

Red Hat 

lross...@redhat.com
M: +55-11-99703-0621

___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: DKIM & fedora lists

2020-11-03 Thread Daniel Pocock



On 03/11/2020 18:25, Kevin Fenzi wrote:
> On Tue, Nov 03, 2020 at 06:13:14PM +0100, Dominique Martinet wrote:
>> Hi,
>>
>> I just enabled dkim/dmarc on my domain last week, so sent my first email
>> with that setup to devel@ just earlier today and got a few "invalid dkim
>> signature" return emails...
>>
>>
>> So I was wondering how do people deal with that?
>>
>> Normally lists have two ways of handling dkim:
>>  - either they don't mangle the subject/signed headers (for me:
>> h=Date:From:To:Cc:Subject:References:In-Reply-To:From).
>> In that case, just leave the original dkim header and things should just
>> work™.
>> That's what e.g. kernel lists do and worked well for me.
>>
>>  - either they DO mangle headers, often adding a [tag] to the subject
>> line; in which case the From is also updated to be the list address with
>> the original sender name (e.g. Bob ) and the
>> original mail is eventually appended to the Reply-To addresses, with the
>> original dkim header stripped off.
> 
> Or add a footer, or handle mime attachments in different ways or ... any
> number of things.
> 
>> As far as I can see de...@lists.fedoraproject.org doesn't mangle
>> anything so should fall into the first category of "doing nothing just
>> works" -- but it stripped my original dkim header, hence the failures.
> 
> It does. It adds a footer. 
> 
>> I'm pretty sure mailman can deal with this, is that on purpose? Or is it
>> just a mishap?
>> my dmarc policy says to ignore dkim failures (for now) so I could just
>> ignore this but it's a bit annoying that I had setup dmarc/dkim because
>> my mails often get treated as spam for some reason and such errors won't
>> be helping...
> 
> Mailman can detect if someone has set dmarc to reject and if so, change
> the from address to be the address from the list. This is a per list
> setting. I think I reluctantly enabled it on devel and users, I am not
> sure what other lists enable it. 
> 
> It should have worked for you, I am not sure why not... 
> 
> IMHO, setting dmarc to reject is a really bad idea if you send any
> emails from your domain that go to lists. 
> 

It may be helpful for some people, there are various sites to test your
DKIM setup

For example, this site shows you a random address, you send a message to
the address and they show you a report

https://dkimvalidator.com/

___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: Possible outdated Jenkins jobs

2020-11-03 Thread Vít Ondruch

I have rather suggesting the opposite direction, i.e. dropping it and if 
I by a chance found the energy, I'll set it up again. But thx for 
cheering me up ;)



Vít


Dne 03. 11. 20 v 18:30 Leonardo Rossetti napsal(a):

ha no worries we can keep it and make it work :)

On Mon, Nov 2, 2020 at 2:16 PM Vít Ondruch > wrote:



Dne 02. 11. 20 v 15:30 Leonardo Rossetti napsal(a):
>
https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby-chkbuild/

>
>
>
> https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby/

> >


I have never found the energy to make this work after migration from
Fedora CI to CentOS CI :/


Vít
___
infrastructure mailing list --
infrastructure@lists.fedoraproject.org

To unsubscribe send an email to
infrastructure-le...@lists.fedoraproject.org

Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives:

https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org





--

Leonardo Rossetti

Senior Software Engineer,

Red Hat 

lross...@redhat.com 
M: +55-11-99703-0621 




___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: Possible outdated Jenkins jobs

2020-11-03 Thread Leonardo Rossetti

sounds good :-)

On Tue, Nov 3, 2020 at 2:33 PM Vít Ondruch  wrote:

> I have rather suggesting the opposite direction, i.e. dropping it and if I
> by a chance found the energy, I'll set it up again. But thx for cheering me
> up ;)
>
>
> Vít
>
>
> Dne 03. 11. 20 v 18:30 Leonardo Rossetti napsal(a):
>
> ha no worries we can keep it and make it work :)
>
> On Mon, Nov 2, 2020 at 2:16 PM Vít Ondruch  wrote:
>
>>
>> Dne 02. 11. 20 v 15:30 Leonardo Rossetti napsal(a):
>> > https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby-chkbuild/
>> > 
>> >
>> > https://jenkins-fedora-infra.apps.ci.centos.org/job/ruby/
>> > 
>>
>>
>> I have never found the energy to make this work after migration from
>> Fedora CI to CentOS CI :/
>>
>>
>> Vít
>> ___
>> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
>> To unsubscribe send an email to
>> infrastructure-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>>
>
>
> --
>
> Leonardo Rossetti
>
> Senior Software Engineer,
>
> Red Hat 
>
> lross...@redhat.com
> M: +55-11-99703-0621
> 
>
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>


-- 

Leonardo Rossetti

Senior Software Engineer,

Red Hat 

lross...@redhat.com
M: +55-11-99703-0621

___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

Re: DKIM & fedora lists

2020-11-03 Thread Dominique Martinet

Kevin Fenzi wrote on Tue, Nov 03, 2020:
> >  - either they DO mangle headers, often adding a [tag] to the subject
> > line; in which case the From is also updated to be the list address with
> > the original sender name (e.g. Bob ) and the
> > original mail is eventually appended to the Reply-To addresses, with the
> > original dkim header stripped off.
> 
> Or add a footer, or handle mime attachments in different ways or ... any
> number of things.

Ah, right -- I had somehow missed that. So it would need to mangle the
from supposedly as the body is part of the signed content.

> > I'm pretty sure mailman can deal with this, is that on purpose? Or is it
> > just a mishap?
> > my dmarc policy says to ignore dkim failures (for now) so I could just
> > ignore this but it's a bit annoying that I had setup dmarc/dkim because
> > my mails often get treated as spam for some reason and such errors won't
> > be helping...
> 
> Mailman can detect if someone has set dmarc to reject and if so, change
> the from address to be the address from the list. This is a per list
> setting. I think I reluctantly enabled it on devel and users, I am not
> sure what other lists enable it. 
> 
> It should have worked for you, I am not sure why not... 

If mailman really looks at dmarc for reject instructions then mine is
set to ignore, so it's working as expected. I'm just going to get 3+
reports of dkim failures everytime I send the list a mail, so I'm a bit
surprised by the conditional as that's going to be mildly annoying.

The only way I can picture things happening from there is me getting
tired of these and setting the ruf address to something I never read and
not noticing real problems down the road :/

> IMHO, setting dmarc to reject is a really bad idea if you send any
> emails from your domain that go to lists. 

Yeah, well, it's not planned for now that's sure; but this is the first
list that actually gave me trouble so I figured I'd ask :)


Out of curiosity, if you're reluctant to change the from, could mailman
disable the footer if there is dkim involved instead?

I honestly I don't see much use in that footer for devel@ as most of it
is redondant with the List-xxx headers that good mail clients handle and
display accordingly (well, the code of conduct is missing, but could be
sent at list subscription time)
I can understand it could be useful for more user-oriented lists but
maybe I'm overestimating developers... And the fact I hadn't noticed
devel@ has a footer in ~5 years of subscription shows how much attention
it gets from me!


Daniel Pocock wrote on Tue, Nov 03, 2020:
> It may be helpful for some people, there are various sites to test
> your DKIM setup
> 
> For example, this site shows you a random address, you send a message
> to the address and they show you a report
> 
> https://dkimvalidator.com/

I tested by sending the message to a gmail address and looking at
headers there, but just to make sure tested again, it looks good to me
(unfortunately can't see how to permalink to a result page, but it
said pass to both dkim and spf)

Thanks,
-- 
Dominique
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org

DKIM & fedora lists

Re: Another Rust MirrorManager experiment

Re: DKIM & fedora lists

Re: Possible outdated Jenkins jobs

Re: DKIM & fedora lists

Re: Possible outdated Jenkins jobs

Re: Possible outdated Jenkins jobs

Re: DKIM & fedora lists

8 matches

Site Navigation

Mail list logo

Footer information