Bug #17406: Notification emails are DKIM-signed, but key isn't published

Bug #17406

Notification emails are DKIM-signed, but key isn't published

Added by jimfenton 2020-01-07 22:56:49 . Updated 2020-01-09 02:00:52 .

Status:

New

Priority:

Normal

Assignee:

Category:

Infrastructure

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Sysadmin

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Emails (such as the recently sent announcement for Tails 4.2) have a DKIM-Signature header field, but the public key isn’t published in DNS, so the signature can’t be verified.

The DKIM-Signature header field looks like:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boum.org; s=stigmate; t=1578420772; bh=NgMFrvAo9txelbtOaQzhLZjhzoWwFkE0Xk0evQlJHi8=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To:From; b=tiEniD01Hmllbx81bllRqpZtaf9VTyaHdVNNvV4D8zs+7SfWNKDy7eJBHDIKb/yxY OnDhiLR+Z5NtJkHk0tMWaZlhexy7Rv7O4I3dlcBcxRsWjlQGaMIz/25g7oMrGHa1/p PrJJTK4orS4j14+9HodOktSDN7sCy/Icnclbm9Kc=

the selector (s= value) is stigmate, so there should be a DNS TXT record containing the public key for the signature at stigmate._domainkey.boum.org, but that record doesn’t exist. Instead, my email server reports:

Authentication-Results: <hostname redacted>; dkim=permerror reason="key not found" header.d=boum.org header.i=boum.org
header.b=tiEniD01; dkim-adsp=none (unprotected policy);
dkim-atps=neutral
@

Subtasks

History

#1 Updated by jimfenton 2020-01-09 02:00:52

This can adversely affect the delivery of announcement emails, so ought to be fixed.