Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opendkim: 2.10.3 -> 2.11.0-Beta2 #110317

Merged
1 commit merged into from Jan 31, 2021
Merged

opendkim: 2.10.3 -> 2.11.0-Beta2 #110317

1 commit merged into from Jan 31, 2021

Conversation

ghost
Copy link

@ghost ghost commented Jan 21, 2021
edited by ghost

The last stable opendkim release is from 2015 and does not handle some
signatures such as ed25519 which was standardized for DKIM in 2018.
Both Fedora and Debian ship with 2.11.0 alphas/betas in their stable
releases. Since the development branch has not seen any new commits
since 2018, I doubt there will be a new stable release any time soon.

Motivation for this change

I noticed that the DKIM signatures of some incoming mails were not parsed correctly. For example this valid DKIM ed25519-sha256 signature resulted in an error:

DKIM-Signature: a=ed25519-sha256; bh=qNcvQm/9txhkK90cpARQSVovodq1gvD8UviIMqIHfrs=;
 c=relaxed/relaxed; d=ctu.cx;
 h=Subject:Subject:Sender:To:To:Cc:From:From:Date:Date:MIME-Version:MIME-Version:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Reply-To:In-Reply-To:Message-Id:Message-Id:References:Autocrypt:Openpgp;
 i=@ctu.cx; s=default; t=1611224151; v=1; x=1611656151;
 b=KKlLTXsa+JoY7FaUbrYan02pc9bnpgOfOclKriBgg1iQpKcyxGWboVdFVsX+kw0EE2KMvLq+
 L5ct0hUn4CMIDg==

	dkim=permerror (0-bit key) header.d=ctu.cx header.i=@ctu.cx header.b=KKlLTXsa

So I read a bit on the mailing list and found a hint that the latest development releases support this. I was aware that another mail server running with opendkim on Debian was able to parse the DKIM signature correctly, so I looked at their packaging.
With the latest beta release (from 2018) it parses the header correctly:

dkim=pass header.d=ctu.cx header.i=@ctu.cx header.a=ed25519-sha256 header.s=default header.b=P6dpwuS9
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

opendkim: 2.10.3 -> 2.11.0-Beta2
0ba1051 
The last stable opendkim release is from 2015 and does not handle some
signatures such as ed25519 which was standardized for DKIM in 2018.
Both Fedora and Debian ship with 2.11.0 alphas/betas in their stable
releases. Since the development branch has not seen any new commits
since 2018, I doubt there will be a new stable release any time soon.
@ghost ghost requested review from abbradar and Mic92 January 22, 2021 16:46
@ghost ghost merged commit cb06a8a into NixOS:master Jan 31, 2021
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abbradar abbradar Awaiting requested review from abbradar

@Mic92 Mic92 Awaiting requested review from Mic92

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants