OT: dkim (was Re: patch dkimproxy: use rsa-sha256 in sample signing config)
On Sun, May 12, 2024 at 11:13:46AM +0100, Kirill A. Korinsky wrote: > On Sun, 12 May 2024 00:26:50 +0100, > Steffen Nurpmeso wrote: > > > > What they are doing is wrong. Maybe if you move it out of Junk > > a few times their algorithm learns or what, i do not know. > > I would start screaming, but normally noone listens anyhow, sure. > > > > Yes, they are. > > But they delivery into Junk messages from Mail Delivery System > . A real one. Not fake one. Really. > > So I doubt that anything may help here. > While on the subject : https://16years.secvuln.info/ The old Debian OpenSSL bug from 2006 still haunts DKIM signatures today. -- Matthieu Herrb
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On Sun, 12 May 2024 00:26:50 +0100, Steffen Nurpmeso wrote: > > What they are doing is wrong. Maybe if you move it out of Junk > a few times their algorithm learns or what, i do not know. > I would start screaming, but normally noone listens anyhow, sure. > Yes, they are. But they delivery into Junk messages from Mail Delivery System . A real one. Not fake one. Really. So I doubt that anything may help here. -- wbr, Kirill
Re: patch dkimproxy: use rsa-sha256 in sample signing config
Hello Kirill. Kirill A. Korinsky wrote in <98c1f03bc1d6c...@mx1.catap.net>: ... |> Kirill A. Korinsky wrote in |> <2fdd33f2325e6...@mx2.catap.net>: |>|>|I imply that using ed25519 usually leads to malformed signature, \ ... |>|> Then these are not standard compliant. The DKIM standard 6376 |>|> *explicitly* supports multiple signatures. |>| |>|Yes, RFC may imply that but OpenDKMI was released quite a while ago \ |>|and the |>|last stable release seems that doesn't handle well this case. |> |> OpenDKIM cannot. I looked at its code in about January and there |> is no notion of it. zdkimfilter as of courier bases upon it, and |> supports it. (Very preprocessor sprinkled crypto code in between |> several libraries that uses, though, and the OpenSSL 3.0 thing |> even fiddles with openssl parameters which i have *not* |> understood from my short glance..) | |And here the issue and my point: until OpenDKIM is supporting anything else |than RSA may lead to delivery emails into Junk. No, Kirill, you are misunderstanding a little bit how DKIM works. ... |> I could very much imagine that if you change to RSA-SHA256 then |> your problem will vanish. | |Nope, it doesn't | |See mxtoolbox [1] for the case of RSA-SHA256 and icloud says, let me quote: | | Authentication-Results: dkim-verifier.icloud.com; dkim=permerror \ | (0-bit key) header.d=korins.ky header.i=@korins.ky header.b=VNwI9oir | Authentication-Results: dkim-verifier.icloud.com; dkim=pass (2048-bit \ | key) header.d=korins.ky header.i=@korins.ky header.b=qwDQ6QCD | |The issue that one of signatures is invalid, and icloud moves mail to the |Junk folder. Because DKIM says that as long as *one* signature passes correctly, DKIM has succeeded. The introduction of new algorithms and key changes etc is quite broadly foreseen in a lot of RFCs regarding public key infrastructure in the last two decades (my view is very limited however, but, still..). |As soon as I use only RSA signatures, emails are delivered to inbox. This is broken behaviour of these people, see RFC 6376, 6.1: INFORMATIVE NOTE: The rationale of this requirement is to permit messages that have invalid signatures but also a valid signature to work. ... the message should succeed even in the presence of the known-broken signature. What they are doing is wrong. Maybe if you move it out of Junk a few times their algorithm learns or what, i do not know. I would start screaming, but normally noone listens anyhow, sure. |Footnotes: |[1] https://mxtoolbox.com/deliverability/86e2b0ff-ba95-47f3-b71e-4ead73\ |653a73 Ah, you, i do not look, this required Javascript and whatnot. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: patch dkimproxy: use rsa-sha256 in sample signing config
Hello Steffen, On Sat, 11 May 2024 21:27:09 +0100, Steffen Nurpmeso wrote: > > Kirill A. Korinsky wrote in > <2fdd33f2325e6...@mx2.catap.net>: > > |>|I imply that using ed25519 usually leads to malformed signature, and some > |>|big hosting providers treat double signature as bad signature if some of > |>|them are not RSA-SHA256. A notable example is icloud.com, which delivers \ > |>|\ > |>|all > |>|emails with double signatures to the junk folder. At least that's \ > |>|what they > |>|did the last time I checked in December'23. > |> > |> Then these are not standard compliant. The DKIM standard 6376 > |> *explicitly* supports multiple signatures. > | > |Yes, RFC may imply that but OpenDKMI was released quite a while ago and the > |last stable release seems that doesn't handle well this case. > > OpenDKIM cannot. I looked at its code in about January and there > is no notion of it. zdkimfilter as of courier bases upon it, and > supports it. (Very preprocessor sprinkled crypto code in between > several libraries that uses, though, and the OpenSSL 3.0 thing > even fiddles with openssl parameters which i have *not* > understood from my short glance..) > And here the issue and my point: until OpenDKIM is supporting anything else than RSA may lead to delivery emails into Junk. > |>|So I suggest to put in README and config exmaple that using anything \ > |>|other > |>|than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ > |>|this > |>|includes duble signatures as well. > |> > |> On the IETF DKIM list there are people which told me they use such > |> a configuration since 2019 without any issues, and i myself use it > |> for two months, too, and did not have problems; that cloud thing > |> i never saw, though. > | > |Here I've sent to some tool which is used to check email configuration a > |test email with 2 singatures [1] and with 1 [2], the same behaviour \ > |I saw in > |icloud.com. > | > |I've tracked that issue last Decemner and it had status that second > |signature or non RSA-SHA256 leads to not valid signature and delivery email > |into junk folder. Probably. > | > |Footnotes: > |[1] https://mxtoolbox.com/deliverability/8d9efa25-f421-4582-a0fb-652f01\ > |46dfce > | > |[2] https://mxtoolbox.com/deliverability/42b985b2-c8a1-44b2-a9ed-4bf86a\ > |604e54 > > It does not matter that the Ed25519 code is not understood, the > RFC 6376 is a very, very thought through standard and has all that > foreseen indeed. From a short look at the first it seems your > real problem why this fails is that *all* signatures are rejected, > and the RSA is because it uses SHA-1, however, SHA-1 was > explicitly forbidden by RFC 8301 as of January 2018: > >Due to the recognized weakness of the SHA-1 hash algorithm (see >[RFC6194]) and the wide availability of the SHA-256 hash algorithm >(it has been a required part of DKIM [RFC6376] since it was >originally standardized in 2007), the SHA-1 hash algorithm MUST NOT >be used. This is being done now to allow the operational community >time to fully shift to SHA-256 in advance of any SHA-1-related >crisis. > > I could very much imagine that if you change to RSA-SHA256 then > your problem will vanish. > Nope, it doesn't See mxtoolbox [1] for the case of RSA-SHA256 and icloud says, let me quote: Authentication-Results: dkim-verifier.icloud.com; dkim=permerror (0-bit key) header.d=korins.ky header.i=@korins.ky header.b=VNwI9oir Authentication-Results: dkim-verifier.icloud.com; dkim=pass (2048-bit key) header.d=korins.ky header.i=@korins.ky header.b=qwDQ6QCD The issue that one of signatures is invalid, and icloud moves mail to the Junk folder. As soon as I use only RSA signatures, emails are delivered to inbox. Footnotes: [1] https://mxtoolbox.com/deliverability/86e2b0ff-ba95-47f3-b71e-4ead73653a73 -- wbr, Kirill
Re: patch dkimproxy: use rsa-sha256 in sample signing config
Hello Kirill. Kirill A. Korinsky wrote in <2fdd33f2325e6...@mx2.catap.net>: |On Sat, 11 May 2024 00:21:18 +0100, |Steffen Nurpmeso wrote: |> Kirill A. Korinsky wrote in |> <5285e80cbc0d1...@mx2.catap.net>: | |BTW this is quite wired address which seems like Message-Id That is what it is. |>|I imply that using ed25519 usually leads to malformed signature, and some |>|big hosting providers treat double signature as bad signature if some of |>|them are not RSA-SHA256. A notable example is icloud.com, which delivers \ |>|\ |>|all |>|emails with double signatures to the junk folder. At least that's \ |>|what they |>|did the last time I checked in December'23. |> |> Then these are not standard compliant. The DKIM standard 6376 |> *explicitly* supports multiple signatures. | |Yes, RFC may imply that but OpenDKMI was released quite a while ago and the |last stable release seems that doesn't handle well this case. OpenDKIM cannot. I looked at its code in about January and there is no notion of it. zdkimfilter as of courier bases upon it, and supports it. (Very preprocessor sprinkled crypto code in between several libraries that uses, though, and the OpenSSL 3.0 thing even fiddles with openssl parameters which i have *not* understood from my short glance..) |>|So I suggest to put in README and config exmaple that using anything \ |>|other |>|than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ |>|this |>|includes duble signatures as well. |> |> On the IETF DKIM list there are people which told me they use such |> a configuration since 2019 without any issues, and i myself use it |> for two months, too, and did not have problems; that cloud thing |> i never saw, though. | |Here I've sent to some tool which is used to check email configuration a |test email with 2 singatures [1] and with 1 [2], the same behaviour \ |I saw in |icloud.com. | |I've tracked that issue last Decemner and it had status that second |signature or non RSA-SHA256 leads to not valid signature and delivery email |into junk folder. Probably. | |Footnotes: |[1] https://mxtoolbox.com/deliverability/8d9efa25-f421-4582-a0fb-652f01\ |46dfce | |[2] https://mxtoolbox.com/deliverability/42b985b2-c8a1-44b2-a9ed-4bf86a\ |604e54 It does not matter that the Ed25519 code is not understood, the RFC 6376 is a very, very thought through standard and has all that foreseen indeed. From a short look at the first it seems your real problem why this fails is that *all* signatures are rejected, and the RSA is because it uses SHA-1, however, SHA-1 was explicitly forbidden by RFC 8301 as of January 2018: Due to the recognized weakness of the SHA-1 hash algorithm (see [RFC6194]) and the wide availability of the SHA-256 hash algorithm (it has been a required part of DKIM [RFC6376] since it was originally standardized in 2007), the SHA-1 hash algorithm MUST NOT be used. This is being done now to allow the operational community time to fully shift to SHA-256 in advance of any SHA-1-related crisis. I could very much imagine that if you change to RSA-SHA256 then your problem will vanish. --End of <2fdd33f2325e6...@mx2.catap.net> Ciao, --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: patch dkimproxy: use rsa-sha256 in sample signing config
Greetings, On Sat, 11 May 2024 00:21:18 +0100, Steffen Nurpmeso wrote: > > Hello. > > Kirill A. Korinsky wrote in > <5285e80cbc0d1...@mx2.catap.net>: BTW this is quite wired address which seems like Message-Id > | > |I imply that using ed25519 usually leads to malformed signature, and some > |big hosting providers treat double signature as bad signature if some of > |them are not RSA-SHA256. A notable example is icloud.com, which delivers \ > |all > |emails with double signatures to the junk folder. At least that's what they > |did the last time I checked in December'23. > > Then these are not standard compliant. The DKIM standard 6376 > *explicitly* supports multiple signatures. > Yes, RFC may imply that but OpenDKMI was released quite a while ago and the last stable release seems that doesn't handle well this case. > |So I suggest to put in README and config exmaple that using anything other > |than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ > |this > |includes duble signatures as well. > > On the IETF DKIM list there are people which told me they use such > a configuration since 2019 without any issues, and i myself use it > for two months, too, and did not have problems; that cloud thing > i never saw, though. > Here I've sent to some tool which is used to check email configuration a test email with 2 singatures [1] and with 1 [2], the same behaviour I saw in icloud.com. I've tracked that issue last Decemner and it had status that second signature or non RSA-SHA256 leads to not valid signature and delivery email into junk folder. Probably. Footnotes: [1] https://mxtoolbox.com/deliverability/8d9efa25-f421-4582-a0fb-652f0146dfce [2] https://mxtoolbox.com/deliverability/42b985b2-c8a1-44b2-a9ed-4bf86a604e54 -- wbr, Kirill
Re: patch dkimproxy: use rsa-sha256 in sample signing config
Hello. Kirill A. Korinsky wrote in <5285e80cbc0d1...@mx2.catap.net>: |On Fri, 10 May 2024 10:47:43 +0100, |Stuart Henderson wrote: |> On 2024/05/10 11:40, Matthieu Herrb wrote: |>> Afaict dkimpproxy is not using opendkim but p5-Mail-DKIM. dkimproxy |>> itself also hasn't seen a update since many years, but the underlying |>> perl lib has been last updated last january (and could use an update |>> in the port). |>> |>> So unless you imply that because many people use opendkim, ed25519 |>> based signatures shouldn't be used at all I'm not sure I understand |>> what you're saying. |> |> ed25519 can be used, but at the moment if you do use it, you probably |> want to be double-signing with both that + rsa-sha256. |> | |I imply that using ed25519 usually leads to malformed signature, and some |big hosting providers treat double signature as bad signature if some of |them are not RSA-SHA256. A notable example is icloud.com, which delivers \ |all |emails with double signatures to the junk folder. At least that's what they |did the last time I checked in December'23. Then these are not standard compliant. The DKIM standard 6376 *explicitly* supports multiple signatures. |So I suggest to put in README and config exmaple that using anything other |than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, \ |this |includes duble signatures as well. On the IETF DKIM list there are people which told me they use such a configuration since 2019 without any issues, and i myself use it for two months, too, and did not have problems; that cloud thing i never saw, though. Btw my postfix-only s-dkim-sign will become a port soon, i only want to have an update to s-postgray first, and then do all the ports in one go. Dunno whether i make it tomorrow, but early next week for sure. (It simply compiles, tests and runs on OpenBSD out of the box.) --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On Fri, 10 May 2024 10:47:43 +0100, Stuart Henderson wrote: > > On 2024/05/10 11:40, Matthieu Herrb wrote: > > > > Afaict dkimpproxy is not using opendkim but p5-Mail-DKIM. dkimproxy > > itself also hasn't seen a update since many years, but the underlying > > perl lib has been last updated last january (and could use an update > > in the port). > > > > So unless you imply that because many people use opendkim, ed25519 > > based signatures shouldn't be used at all I'm not sure I understand > > what you're saying. > > ed25519 can be used, but at the moment if you do use it, you probably > want to be double-signing with both that + rsa-sha256. > I imply that using ed25519 usually leads to malformed signature, and some big hosting providers treat double signature as bad signature if some of them are not RSA-SHA256. A notable example is icloud.com, which delivers all emails with double signatures to the junk folder. At least that's what they did the last time I checked in December'23. So I suggest to put in README and config exmaple that using anything other than RSA-SHA256 may lead to delivery email to thte junk. Unfortunately, this includes duble signatures as well. -- wbr, Kirill
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On 2024/05/10 11:40, Matthieu Herrb wrote: > On Fri, May 10, 2024 at 10:19:22AM +0100, Kirill A. Korinsky wrote: > > On Fri, 10 May 2024 06:57:20 +0100, > > Matthieu Herrb wrote: > > > > > > https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that > > > rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses > > > rsa-sha1 by default when no algorithm is specifed. > > > > > > Update the dkimproxy.out sample config... > > > > > > Make aboutmy.email (and other checkers) happier, and hopefully less > > > rejects by hotmail/google and co... > > > > > > comments? ok? > > > > > > > I'd like to point that using anything else whan RSA with SHA256 leads to > > issues. The cause is OpenDKIM which is widley used. It had well known issue > > with ed25519 [1] which probably will be fixed in the next release. > > > > Anyway, the last release had happened in 2015 and this project seems to be > > not that alive, so, no hope that it will be released and distributed soon. > > > > My point: let add reference to this issue and suggest to use only > > RSA/SHA256. > > > > Footnotes: > > [1] https://github.com/trusteddomainproject/OpenDKIM/issues/6 > > > Hi, > > Afaict dkimpproxy is not using opendkim but p5-Mail-DKIM. dkimproxy > itself also hasn't seen a update since many years, but the underlying > perl lib has been last updated last january (and could use an update > in the port). > > So unless you imply that because many people use opendkim, ed25519 > based signatures shouldn't be used at all I'm not sure I understand > what you're saying. ed25519 can be used, but at the moment if you do use it, you probably want to be double-signing with both that + rsa-sha256.
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On Fri, May 10, 2024 at 10:19:22AM +0100, Kirill A. Korinsky wrote: > On Fri, 10 May 2024 06:57:20 +0100, > Matthieu Herrb wrote: > > > > https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that > > rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses > > rsa-sha1 by default when no algorithm is specifed. > > > > Update the dkimproxy.out sample config... > > > > Make aboutmy.email (and other checkers) happier, and hopefully less > > rejects by hotmail/google and co... > > > > comments? ok? > > > > I'd like to point that using anything else whan RSA with SHA256 leads to > issues. The cause is OpenDKIM which is widley used. It had well known issue > with ed25519 [1] which probably will be fixed in the next release. > > Anyway, the last release had happened in 2015 and this project seems to be > not that alive, so, no hope that it will be released and distributed soon. > > My point: let add reference to this issue and suggest to use only RSA/SHA256. > > Footnotes: > [1] https://github.com/trusteddomainproject/OpenDKIM/issues/6 > Hi, Afaict dkimpproxy is not using opendkim but p5-Mail-DKIM. dkimproxy itself also hasn't seen a update since many years, but the underlying perl lib has been last updated last january (and could use an update in the port). So unless you imply that because many people use opendkim, ed25519 based signatures shouldn't be used at all I'm not sure I understand what you're saying. -- Matthieu Herrb
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On Fri, 10 May 2024 06:57:20 +0100, Matthieu Herrb wrote: > > https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that > rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses > rsa-sha1 by default when no algorithm is specifed. > > Update the dkimproxy.out sample config... > > Make aboutmy.email (and other checkers) happier, and hopefully less > rejects by hotmail/google and co... > > comments? ok? > I'd like to point that using anything else whan RSA with SHA256 leads to issues. The cause is OpenDKIM which is widley used. It had well known issue with ed25519 [1] which probably will be fixed in the next release. Anyway, the last release had happened in 2015 and this project seems to be not that alive, so, no hope that it will be released and distributed soon. My point: let add reference to this issue and suggest to use only RSA/SHA256. Footnotes: [1] https://github.com/trusteddomainproject/OpenDKIM/issues/6 -- wbr, Kirill
Re: patch dkimproxy: use rsa-sha256 in sample signing config
On 5/10/24 01:57, Matthieu Herrb wrote: > Hi > > > I use dkimpproxy on my outgoing e-mail. > > https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that > rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses > rsa-sha1 by default when no algorithm is specifed. > > Update the dkimproxy.out sample config... > > Make aboutmy.email (and other checkers) happier, and hopefully less > rejects by hotmail/google and co... > > comments? ok? makes sense OK aisha > > Index: Makefile > === > RCS file: /local/cvs/ports/mail/dkimproxy/Makefile,v > diff -u -p -u -r1.8 Makefile > --- Makefile 7 Nov 2023 14:19:36 - 1.8 > +++ Makefile 10 May 2024 05:51:47 - > @@ -1,7 +1,7 @@ > COMMENT =SMTP proxy to verify or add DKIM signatures > > DISTNAME = dkimproxy-1.4.1 > -REVISION = 3 > +REVISION = 4 > > CATEGORIES = mail > > Index: patches/patch-scripts_dkimproxy_out_conf_example > === > RCS file: patches/patch-scripts_dkimproxy_out_conf_example > diff -N patches/patch-scripts_dkimproxy_out_conf_example > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-scripts_dkimproxy_out_conf_example 10 May 2024 05:51:47 > - > @@ -0,0 +1,15 @@ > +Default to rsa-sha256 > +https://www.rfc-editor.org/rfc/rfc6376#section-3.3 > + > +Index: scripts/dkimproxy_out.conf.example > +--- scripts/dkimproxy_out.conf.example.orig > scripts/dkimproxy_out.conf.example > +@@ -8,7 +8,7 @@ relay 127.0.0.1:10028 > + domainexample.org > + > + # specify what signatures to add > +-signature dkim(c=relaxed) > ++signature dkim(a=rsa-sha256,c=relaxed) > + signature domainkeys(c=nofws) > + > + # specify location of the private key >
patch dkimproxy: use rsa-sha256 in sample signing config
Hi I use dkimpproxy on my outgoing e-mail. https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses rsa-sha1 by default when no algorithm is specifed. Update the dkimproxy.out sample config... Make aboutmy.email (and other checkers) happier, and hopefully less rejects by hotmail/google and co... comments? ok? Index: Makefile === RCS file: /local/cvs/ports/mail/dkimproxy/Makefile,v diff -u -p -u -r1.8 Makefile --- Makefile7 Nov 2023 14:19:36 - 1.8 +++ Makefile10 May 2024 05:51:47 - @@ -1,7 +1,7 @@ COMMENT = SMTP proxy to verify or add DKIM signatures DISTNAME = dkimproxy-1.4.1 -REVISION = 3 +REVISION = 4 CATEGORIES = mail Index: patches/patch-scripts_dkimproxy_out_conf_example === RCS file: patches/patch-scripts_dkimproxy_out_conf_example diff -N patches/patch-scripts_dkimproxy_out_conf_example --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-scripts_dkimproxy_out_conf_example10 May 2024 05:51:47 - @@ -0,0 +1,15 @@ +Default to rsa-sha256 +https://www.rfc-editor.org/rfc/rfc6376#section-3.3 + +Index: scripts/dkimproxy_out.conf.example +--- scripts/dkimproxy_out.conf.example.orig scripts/dkimproxy_out.conf.example +@@ -8,7 +8,7 @@ relay 127.0.0.1:10028 + domainexample.org + + # specify what signatures to add +-signature dkim(c=relaxed) ++signature dkim(a=rsa-sha256,c=relaxed) + signature domainkeys(c=nofws) + + # specify location of the private key -- Matthieu Herrb