group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #27635
[Bug 1770532] Re: DKIM signing not working in bionic
Hi Neustradamus,
the initial bug was reported as "Upon upgrading to bionic, amavisd-new DKIM signing no longer works." so no one thought about former releases.
This also matches that there were no bugs about that issue, prior to Bionic being released.
Also there is an increased risk the further changes are backported.
In this case all >=Bionic was on 2.11, but Xenial is 2.10 and Trusty even on 2.7.
So even if it happens in older versions the tradeoff between regressions for current users vs the benefit of the fix for others might be different.
Especially with a somewhat dead upstream and a patch that existed in three variants - also the test instructions are ok'ish but not totally complete to try it in different variants. Therefore the risk is too high to apply it further back (IMHO).
The old patch applies, but with a 788 line offset in a 34k line perl
file - oO
For now - for me personally - this is Won't Fix, but I'm open to be
convinced if we get enough confirmation and confidence in it. So if you
really think the very same issue affects Xenial, please share some
details about why you think so. Do the testing steps above trigger it
for you, if you can add extra details about testing if needed for
Xenial.
** Also affects: amavisd-new (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: amavisd-new (Ubuntu Xenial)
Status: New => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1770532
Title:
DKIM signing not working in bionic
Status in amavisd-new package in Ubuntu:
Fix Released
Status in amavisd-new source package in Xenial:
Won't Fix
Status in amavisd-new source package in Bionic:
Fix Released
Status in amavisd-new source package in Cosmic:
Fix Released
Status in amavisd-new package in Debian:
Confirmed
Bug description:
[Impact]
* There is a known upstream issue in 2.0.11 breaking DKIM signing.
- https://bugzilla.redhat.com/show_bug.cgi?id=1364730
- https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html
* given the activity on the report it seems plenty of people set this up
pre-Bionic and are now running into these failures on upgrade to the
current LTS.
* Add a fix to avoid more people being hit by this on upgrade and forced
to deploy workarounds (or drop the functionality)
[Test Case]
* Setup amavisd for DKIM signing, see
https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
or any of
https://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/
https://nwgat.ninja/setting-up-dkim-and-spf-with-amavis-on-ubuntu-16-04-2/
...
There seem to be a lot all doing the same essential steps.
TL;DR would be:
$ apt install amavisd-new
$ mkdir -p /var/db/dkim/
$ amavisd-new genrsa /var/db/dkim/example-foo.key.pem
Add in /etc/amavis/conf.d/21-ubuntu_defaults
$enable_dkim_signing = 1;
dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem');
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16); # list your internal networks
- Now showkeys will report your key including the pblic key you'll need
- amavisd-new showkeys
- add the public key (as displayed) to your DNS zone, increment SOA sequence number and reload DNS;
- then test signing and a published key
- amavisd-new testkeys
Never the less you'd need to setup a lot of details and it feels
unclear if you test the right thing, therefor my preference is with so
many users reporting about the issue to rely on them to test their
real setups.
[Regression Potential]
* Lacking upstream being active there is always a chance things are
missed, but multiple people came up with very similar solutions and
multiple people tested these successfully.
The actual change sets the originating flag where it is needed on the
creation of dkim signatures.
Due to that setups not triggering dkim_make_signatures should be not
affected at all. And those that use dkim_make_signatures are those
failing now due to the issue.
[Other Info]
* Upstream seems essentially dead atm, so it is on the community (users
reporting patches on the ML) and the Distributions (e.g. Fedora have
taken a very similar change) alone for now.
* For some extra confidence I'd ask for some extra time in proposed for
this update.
----
Upon upgrading to bionic, amavisd-new DKIM signing no longer works.
A quick google search reveals that this is a known bug in amavisd
2.11.0:
https://bugzilla.redhat.com/show_bug.cgi?id=1364730
https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html
The redhat bug includes a proposed (one-line) patch. Fedora has
already taken up this patch in their repo. I've applied the patch to
my bionic server and it is a good fix there, too.
Requesting that ubuntu also includes this patch in its repo.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: amavisd-new 1:2.11.0-1ubuntu1 [modified: usr/sbin/amavisd-new]
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Thu May 10 18:57:32 2018
PackageArchitecture: all
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: amavisd-new
UpgradeStatus: Upgraded to bionic on 2018-05-10 (0 days ago)
modified.conffile..etc.amavis.conf.d.15-content_filter_mode: [modified]
modified.conffile..etc.amavis.conf.d.50-user: [modified]
mtime.conffile..etc.amavis.conf.d.15-content_filter_mode: 2016-12-11T19:39:20.357027
mtime.conffile..etc.amavis.conf.d.50-user: 2017-06-19T06:44:56.517411
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1770532/+subscriptions
