sbp commented on issue #236:
URL:
https://github.com/apache/tooling-trusted-releases/issues/236#issuecomment-3429189696
We're using the standard `mail-relay`:
```
$ dig mail-relay.apache.org +short
52.204.25.47
116.203.21.61
```
And these are:
* 52.204.25.47 → mailrelay1-ec2-va.apache.org
* 116.203.21.61 → mailrelay1-he-de.apache.org
Both of these are classified as `mailrelay` in p6, which means they use the
`mailrelay` configuration rules, which includes a postfix header check as
follows:
```
- '/^DKIM-Signature:/ IGNORE'
```
So yes, our mail relay is stripping `DKIM-Signature`.
We'll need to discuss with Infra what to do about this. We have had
discussions about DKIM before, but I don't think we came up with any specific
plan. I think it might be a good idea to have a test relay that does signing.
It can't just sign and forward to the existing relay, because of the stripping.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
