Gnus development mailing list
 help / color / mirror / Atom feed
* Handling DKIM for nntp articles
@ 2020-06-05 15:19 Adam Sjøgren
  2020-06-05 15:27 ` Emanuel Berg
  2020-06-05 15:58 ` Adam Sjøgren
  0 siblings, 2 replies; 4+ messages in thread
From: Adam Sjøgren @ 2020-06-05 15:19 UTC (permalink / raw)
  To: ding

A while back I wrote a little on emacs-devel, and was a little dismayed
to see my articles munged:

  From: =?UTF-8?Q?Adam_Sj=C3=83=C2=B8gren_via_=22Emacs_development_discussions=2E?= <emacs-devel@gnu.org>

One thing is the double encoding of the 'ø' in my last name, but why was
From: rewritten by Mailman at all?

Rereading "Actually, DMARC works fine with mailing lists"¹ today made me
realize why.

Here are the key sentences:

  "A mailing list is going to have a hard time relaying messages for any
   domain that uses DMARC and SPF but not DKIM."

  "If the sending domain uses DKIM, it avoids the need for From-munging
   or other hacks. It works under the condition that the list does not
   modify the message."

I've got SPF and DMARC configured for my domain, and my MTA does DKIM
signing of all my outgoing emails.

So what's the problem?

I'm sending my messages to emacs-devel over nntp via Gmane!

So the article doesn't pass through my MTA, and thus not through
opendkim, so articles I send this way do not get DKIM signed!

Various mailing lists handle this in different ways - when I post to
ding via Gmane I usually get some reports about my emails being rejected
in various places - this is what emacs-devel avoid by rewriting From.
This also due to DKIM missing.

One solution would be not to post via Gmane, but to always post via
email instead.

That's doable, but kind of icky/finicky.

Could Gnus somehow do the DKIM signing and add the appropriate headers?


  Best regards,

    Adam


¹ https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html

-- 
 "The light at the end of the tunnel                        Adam Sjøgren
  Is nothing but the burglar alarm"                    asjo@koldfront.dk


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Handling DKIM for nntp articles
  2020-06-05 15:19 Handling DKIM for nntp articles Adam Sjøgren
@ 2020-06-05 15:27 ` Emanuel Berg
  2020-06-05 15:58 ` Adam Sjøgren
  1 sibling, 0 replies; 4+ messages in thread
From: Emanuel Berg @ 2020-06-05 15:27 UTC (permalink / raw)
  To: ding

Adam Sjøgren wrote:

> Rereading "Actually, DMARC works fine with mailing
> Here are the key sentences [...]
>
> So what's the problem?

I don't know but this has been like this for at least
a year, I think...

Here are a bunch of hyperlinks I collected on the
issue then, maybe they can be of use to you -
especially the gmane.emacs.help thread, I think.

# DMARC issue:
#
#   https://en.wikipedia.org/wiki/DMARC
#   https://mailarchive.ietf.org/arch/msg/ietf/kL24edUthAOuHuwK3ZnpFkCXduI
#
#   http://lists.gnu.org/archive/html/help-gnu-emacs/2019-05/msg00476.html
#
#   RFC 7489: "Domain-based Message Authentication,
#              Reporting, and Conformance (DMARC)"
#   https://tools.ietf.org/html/rfc7489
#
# commands:
#
#   http://lists.gnu.org/archive/html/help-gnu-emacs/2019-05/msg00481.html
#   http://lists.gnu.org/archive/html/help-gnu-emacs/2019-05/msg00477.html

-- 
underground experts united
http://user.it.uu.se/~embe8573
https://dataswamp.org/~incal



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Handling DKIM for nntp articles
  2020-06-05 15:19 Handling DKIM for nntp articles Adam Sjøgren
  2020-06-05 15:27 ` Emanuel Berg
@ 2020-06-05 15:58 ` Adam Sjøgren
  2020-06-05 17:18   ` Adam Sjøgren
  1 sibling, 1 reply; 4+ messages in thread
From: Adam Sjøgren @ 2020-06-05 15:58 UTC (permalink / raw)
  To: ding

Adam writes:

> Could Gnus somehow do the DKIM signing and add the appropriate headers?

Looks like it should be possible to simply run the article through
opendkim before posting:

  asjo@virgil:~$ cat /tmp/testfile.txt | sudo -u opendkim /usr/sbin/opendkim -bs -F 1591370389 -t -
  opendkim: (stdin):
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=koldfront.dk;
          s=mail; t=1591370389;
          bh=hqfL1ITTQ4B1RpkOnxmjCzjxNXe3XG5MEy6afWAA/T0=;
          h=From:To:Subject:Date:From;
          b=b09B3T1YBn9khocxOKBwg7K3B6l8CVkJkpnn/CYYBhzAVY04llRIf8er7uQxPuA19
           0moTf3b0scCZjIVaykukLVNvszX+PF7AaZonAgim+tejwcuAHJyQRGMCid+9J4X6w2
           T8fRSZ9G2oZXkxKGQuWopUtFvbpcrpe7Nd1fXeol/AuhcMMAzpM28GKTM5LBCBcq5q
           YLDibcJKnQkdGUZyFljMP0hHh4gWlouUW+5vyTqps4Ty0iMAcu/gc6GDuOosAxPij8
           S1B/xt97VXTkhoxFr48hvcoFZvIOq+cuEekyEbz56dqtLYb4R/EtXCsZObhFNARuky
           T0jbLG2O3h0yA==

This is with the content of the email I am replying to here, taken from
my sent-folder, in /tmp/testfile.txt - and the header output is
identical to the one my MTA added.

So now I just need to find the right hook to run the outgoing article
through opendkim in, and Bob's my uncle.


  Best regards,

    Adam


P.S. This reply sent via Gmane, so it won't have a DKIM-Signature:
     header.

-- 
 "All the truth in the world adds up to one big lie"        Adam Sjøgren
                                                       asjo@koldfront.dk



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Handling DKIM for nntp articles
  2020-06-05 15:58 ` Adam Sjøgren
@ 2020-06-05 17:18   ` Adam Sjøgren
  0 siblings, 0 replies; 4+ messages in thread
From: Adam Sjøgren @ 2020-06-05 17:18 UTC (permalink / raw)
  To: ding

Adam writes:

> So now I just need to find the right hook to run the outgoing article
> through opendkim in, and Bob's my uncle.

Adding this:

  (add-hook 'message-send-news-hook 'asjo-add-dkim-signature)

  (defun asjo-add-dkim-signature ()
    "Add a DKIM-signature: header."
    (save-excursion
      (message-goto-eoh)
      (insert (asjo-generate-dkim-signature))))

  (defun asjo-generate-dkim-signature ()
    "Genedate DKIM signature from current buffer by calling opendkim."
    (save-excursion
      (shell-command-on-region (point-min) (point-max) "sudo -u opendkim /usr/sbin/opendkim -bs -t - | awk 'NR > 1'" " *asjo-generate-dkim-output")
      (with-current-buffer " *asjo-generate-dkim-output"
        (buffer-string))))

to my .gnus, along with installing and configuring opendkim on my laptop
and adding the new key to news._domainkey in DNS, I think/hope it's now
working.


  Best regards,

    Adam

-- 
 "Ours is wicked cool."                                     Adam Sjøgren
                                                       asjo@koldfront.dk



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-06-05 17:19 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-05 15:19 Handling DKIM for nntp articles Adam Sjøgren
2020-06-05 15:27 ` Emanuel Berg
2020-06-05 15:58 ` Adam Sjøgren
2020-06-05 17:18   ` Adam Sjøgren

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).