** Description changed: + [Impact] + + * There is a known upstream issue in 2.0.11 breaking DKIM signing. + - https://bugzilla.redhat.com/show_bug.cgi?id=1364730 + - https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html + + * given the activity on the report it seems plenty of people set this up + pre-Bionic and are now running into these failures on upgrade to the + current LTS. + + * Add a fix to avoid more people being hit by this on upgrade and forced + to deploy workarounds (or drop the functionality) + + [Test Case] + + * Setup amavisd for DKIM signing, see + https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim + or any of + https://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/ + https://nwgat.ninja/setting-up-dkim-and-spf-with-amavis-on-ubuntu-16-04-2/ + ... + There seem to be a lot all doing the same essential steps. + + TL;DR would be: + $ apt install amavisd-new + $ mkdir -p /var/db/dkim/ + $ amavisd-new genrsa /var/db/dkim/example-foo.key.pem + Add in /etc/amavis/conf.d/21-ubuntu_defaults + $enable_dkim_signing = 1; + dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem'); + @dkim_signature_options_bysender_maps = ( + { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); + @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 + 192.168.0.0/16); # list your internal networks + - Now showkeys will report your key including the pblic key you'll need + - amavisd-new showkeys + - add the public key (as displayed) to your DNS zone, increment SOA sequence number and reload DNS; + - then test signing and a published key + - amavisd-new testkeys + + Never the less you'd need to setup a lot of details and it feels unclear + if you test the right thing, therefor my preference is with so many + users reporting about the issue to rely on them to test their real + setups. + + [Regression Potential] + + * Lacking upstream being active there is always a chance things are + missed, but multiple people came up with very similar solutions and + multiple people tested these successfully. + The actual change sets the originating flag where it is needed on the + creation of dkim signatures. + Due to that setups not triggering dkim_make_signatures should be not + affected at all. And those that use dkim_make_signatures are those + failing now due to the issue. + + [Other Info] + + * Upstream seems essentially dead atm, so it is on the community (users + reporting patches on the ML) and the Distributions (e.g. Fedora have + taken a very similar change) alone for now. + * For some extra confidence I'd ask for some extra time in proposed for + this update. + + ---- + Upon upgrading to bionic, amavisd-new DKIM signing no longer works. A quick google search reveals that this is a known bug in amavisd 2.11.0: https://bugzilla.redhat.com/show_bug.cgi?id=1364730 https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html The redhat bug includes a proposed (one-line) patch. Fedora has already taken up this patch in their repo. I've applied the patch to my bionic server and it is a good fix there, too. Requesting that ubuntu also includes this patch in its repo. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: amavisd-new 1:2.11.0-1ubuntu1 [modified: usr/sbin/amavisd-new] ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Thu May 10 18:57:32 2018 PackageArchitecture: all ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: amavisd-new UpgradeStatus: Upgraded to bionic on 2018-05-10 (0 days ago) modified.conffile..etc.amavis.conf.d.15-content_filter_mode: [modified] modified.conffile..etc.amavis.conf.d.50-user: [modified] mtime.conffile..etc.amavis.conf.d.15-content_filter_mode: 2016-12-11T19:39:20.357027 mtime.conffile..etc.amavis.conf.d.50-user: 2017-06-19T06:44:56.517411
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770532 Title: DKIM signing not working in bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1770532/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
