Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using anonymous_sender breaks sender authentication #1899

Open
adam12b1 opened this issue Oct 2, 2024 · 5 comments
Open

Using anonymous_sender breaks sender authentication #1899

adam12b1 opened this issue Oct 2, 2024 · 5 comments
Labels
question

Comments

@adam12b1
Copy link

adam12b1 commented Oct 2, 2024
edited
Loading

Version

Sympa 6.2.72

Installation method

FreeBSD package

Expected behavior

All emails should be authenticated with SPF/DKIM

Actual behavior

If you use the anonymous_sender setting with a sender domain not hosted on the same system, the messages will all lack any sender authentication, and will thus be rejected by many providers.

Additional information

Very similar to #1846 (thank you for acting on that!), a remnant of an earlier era of the internet before sender auth... but the fix for this one may not be so simple. Is there any way to make this feature work in the modern world?
@adam12b1 adam12b1 added the bug label Oct 2, 2024
@ikedas
Copy link
Member

ikedas commented Oct 5, 2024

Hi @adam12b1 ,

You may set dkim_parameters.signer_domain to be the domain of anonymous sender.

@ikedas ikedas added question and removed bug labels Oct 8, 2024
@ikedas
Copy link
Member

ikedas commented Oct 16, 2024

@adam12b1 , if the problem you had encountered has been solved, please close this issue. Otherwise please provide more information if possible.

@adam12b1
Copy link
Author

Oh, thank you for following up... and thank you for the dkim_parameters.signer_domain suggestion, and I can see how that would solve the authentication problem.

It's not really something we can expect from our users - it would have to be automatic for them, probably. Like Sympa would have to override dkim_parameters.signer_domain for them if they used anonymous_sender, maybe? But it's probably not correct to call this a bug, more of a feature request. And there are other things we care a lot more about. :)

So I will close it.

@adam12b1
Copy link
Author

Wait, I'm sorry... re-opening! Changing dkim_parameters.signer_domain only works if Sympa knows how to sign for the new domain, right? But if this is a user setting an address in an arbitrary domain (@gmail.com or anything else) as the anonymous_sender, we don't have that DKIM private key, so we can't sign the email... right? So this anonymous sender feature still won't work for most people.

Or am I missing something?

@adam12b1 adam12b1 reopened this Oct 22, 2024
@ikedas
Copy link
Member

ikedas commented Oct 23, 2024

@adam12b1 , the user should prepare private (and also public) key for that domain. Or if they cannot do it by themselves, they should ask someone who has the authority to create the keys (and add a DNS record for the public key).

This is the same thing when you want to enable DKIM signing on the regular mailing lists, isn't this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ikedas @adam12b1