Thanks++ > On Nov 5, 2018, at 02:06, Christian Ehrhardt <[email protected]> > wrote: > > Thanks Thomas! > > ** Tags removed: verification-needed verification-needed-bionic > ** Tags added: verification-done verification-done-bionic > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1770532 > > Title: > DKIM signing not working in bionic > > Status in amavisd-new package in Ubuntu: > Fix Released > Status in amavisd-new source package in Bionic: > Fix Committed > Status in amavisd-new source package in Cosmic: > Fix Released > Status in amavisd-new package in Debian: > Confirmed > > Bug description: > [Impact] > > * There is a known upstream issue in 2.0.11 breaking DKIM signing. > - https://bugzilla.redhat.com/show_bug.cgi?id=1364730 > - > https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html > > * given the activity on the report it seems plenty of people set this up > pre-Bionic and are now running into these failures on upgrade to the > current LTS. > > * Add a fix to avoid more people being hit by this on upgrade and forced > to deploy workarounds (or drop the functionality) > > [Test Case] > > * Setup amavisd for DKIM signing, see > https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim > or any of > > https://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/ > https://nwgat.ninja/setting-up-dkim-and-spf-with-amavis-on-ubuntu-16-04-2/ > ... > There seem to be a lot all doing the same essential steps. > > TL;DR would be: > $ apt install amavisd-new > $ mkdir -p /var/db/dkim/ > $ amavisd-new genrsa /var/db/dkim/example-foo.key.pem > Add in /etc/amavis/conf.d/21-ubuntu_defaults > $enable_dkim_signing = 1; > dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem'); > @dkim_signature_options_bysender_maps = ( > { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); > @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 > 192.168.0.0/16); # list your internal networks > - Now showkeys will report your key including the pblic key you'll need > - amavisd-new showkeys > - add the public key (as displayed) to your DNS zone, increment SOA sequence > number and reload DNS; > - then test signing and a published key > - amavisd-new testkeys > > Never the less you'd need to setup a lot of details and it feels > unclear if you test the right thing, therefor my preference is with so > many users reporting about the issue to rely on them to test their > real setups. > > [Regression Potential] > > * Lacking upstream being active there is always a chance things are > missed, but multiple people came up with very similar solutions and > multiple people tested these successfully. > The actual change sets the originating flag where it is needed on the > creation of dkim signatures. > Due to that setups not triggering dkim_make_signatures should be not > affected at all. And those that use dkim_make_signatures are those > failing now due to the issue. > > [Other Info] > > * Upstream seems essentially dead atm, so it is on the community (users > reporting patches on the ML) and the Distributions (e.g. Fedora have > taken a very similar change) alone for now. > * For some extra confidence I'd ask for some extra time in proposed for > this update. > > ---- > > Upon upgrading to bionic, amavisd-new DKIM signing no longer works. > > A quick google search reveals that this is a known bug in amavisd > 2.11.0: > > https://bugzilla.redhat.com/show_bug.cgi?id=1364730 > https://lists.amavis.org/pipermail/amavis-users/2018-February/005292.html > > The redhat bug includes a proposed (one-line) patch. Fedora has > already taken up this patch in their repo. I've applied the patch to > my bionic server and it is a good fix there, too. > > Requesting that ubuntu also includes this patch in its repo. > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: amavisd-new 1:2.11.0-1ubuntu1 [modified: usr/sbin/amavisd-new] > ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 > Uname: Linux 4.15.0-20-generic x86_64 > ApportVersion: 2.20.9-0ubuntu7 > Architecture: amd64 > Date: Thu May 10 18:57:32 2018 > PackageArchitecture: all > ProcEnviron: > TERM=xterm-256color > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=en_US.UTF-8 > SHELL=/bin/bash > SourcePackage: amavisd-new > UpgradeStatus: Upgraded to bionic on 2018-05-10 (0 days ago) > modified.conffile..etc.amavis.conf.d.15-content_filter_mode: [modified] > modified.conffile..etc.amavis.conf.d.50-user: [modified] > mtime.conffile..etc.amavis.conf.d.15-content_filter_mode: > 2016-12-11T19:39:20.357027 > mtime.conffile..etc.amavis.conf.d.50-user: 2017-06-19T06:44:56.517411 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1770532/+subscriptions
** Bug watch added: Red Hat Bugzilla #1364730 https://bugzilla.redhat.com/show_bug.cgi?id=1364730 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770532 Title: DKIM signing not working in bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1770532/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
