group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1770532] Re: DKIM signing not working in bionic

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <1770532@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Apr 2019 18:47:42 -0000
Reply-to: Bug 1770532 <1770532@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: amavisd-new (Debian)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1770532

Title:
  DKIM signing not working in bionic

Status in amavisd-new package in Ubuntu:
  Fix Released
Status in amavisd-new source package in Xenial:
  Won't Fix
Status in amavisd-new source package in Bionic:
  Fix Released
Status in amavisd-new source package in Cosmic:
  Fix Released
Status in amavisd-new package in Debian:
  Fix Released

Bug description:
  [Impact]

   * There is a known upstream issue in 2.0.11 breaking DKIM signing.
     - https://bugzilla.redhat.com/show_bug.cgi?id=1364730
     - https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html

   * given the activity on the report it seems plenty of people set this up 
     pre-Bionic and are now running into these failures on upgrade to the 
     current LTS.

   * Add a fix to avoid more people being hit by this on upgrade and forced 
     to deploy workarounds (or drop the functionality)

  [Test Case]

   * Setup amavisd for DKIM signing, see 
     https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
     or any of
     https://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/
     https://nwgat.ninja/setting-up-dkim-and-spf-with-amavis-on-ubuntu-16-04-2/
     ...
     There seem to be a lot all doing the same essential steps.

     TL;DR would be:
     $ apt install amavisd-new
     $ mkdir -p /var/db/dkim/
     $ amavisd-new genrsa /var/db/dkim/example-foo.key.pem
     Add in /etc/amavis/conf.d/21-ubuntu_defaults
  $enable_dkim_signing = 1;
  dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem');
  @dkim_signature_options_bysender_maps = (
  { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
  @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
  192.168.0.0/16);  # list your internal networks
  - Now showkeys will report your key including the pblic key you'll need
   - amavisd-new showkeys
  - add the public key (as displayed) to your DNS zone, increment SOA sequence number and reload DNS;
  - then test signing and a published key
     - amavisd-new testkeys

  Never the less you'd need to setup a lot of details and it feels
  unclear if you test the right thing, therefor my preference is with so
  many users reporting about the issue to rely on them to test their
  real setups.

  [Regression Potential]

   * Lacking upstream being active there is always a chance things are 
     missed, but multiple people came up with very similar solutions and 
     multiple people tested these successfully.
     The actual change sets the originating flag where it is needed on the 
     creation of dkim signatures.
     Due to that setups not triggering dkim_make_signatures should be not 
     affected at all. And those that use dkim_make_signatures are those 
     failing now due to the issue.

  [Other Info]
   
   * Upstream seems essentially dead atm, so it is on the community (users 
     reporting patches on the ML) and the Distributions (e.g. Fedora have 
     taken a very similar change) alone for now.
   * For some extra confidence I'd ask for some extra time in proposed for 
     this update.

  ----

  Upon upgrading to bionic, amavisd-new DKIM signing no longer works.

  A quick google search reveals that this is a known bug in amavisd
  2.11.0:

  https://bugzilla.redhat.com/show_bug.cgi?id=1364730
  https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html

  The redhat bug includes a proposed (one-line) patch.  Fedora has
  already taken up this patch in their repo.  I've applied the patch to
  my bionic server and it is a good fix there, too.

  Requesting that ubuntu also includes this patch in its repo.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: amavisd-new 1:2.11.0-1ubuntu1 [modified: usr/sbin/amavisd-new]
  ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
  Uname: Linux 4.15.0-20-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Thu May 10 18:57:32 2018
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: amavisd-new
  UpgradeStatus: Upgraded to bionic on 2018-05-10 (0 days ago)
  modified.conffile..etc.amavis.conf.d.15-content_filter_mode: [modified]
  modified.conffile..etc.amavis.conf.d.50-user: [modified]
  mtime.conffile..etc.amavis.conf.d.15-content_filter_mode: 2016-12-11T19:39:20.357027
  mtime.conffile..etc.amavis.conf.d.50-user: 2017-06-19T06:44:56.517411

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1770532/+subscriptions