[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <75ebf18b-0e21-3906-7862-6ca80b2f181d@huawei.com>
Date: Tue, 7 Jun 2022 21:06:55 +0800
From: Yu Kuai <yukuai3@...wei.com>
To: Jan Kara <jack@...e.cz>
CC: <paolo.valente@...aro.org>, <tj@...nel.org>,
<linux-block@...r.kernel.org>, <cgroups@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <yi.zhang@...wei.com>,
Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH -next v5 0/3] support concurrent sync io for bfq on a
specail occasion
在 2022/06/07 19:51, Yu Kuai 写道:
> 在 2022/06/07 17:54, Jan Kara 写道:
>> On Tue 07-06-22 11:10:27, Yu Kuai wrote:
>>> 在 2022/05/23 23:25, Jan Kara 写道:
>>>> Hum, for me all emails from Huawei I've received even today fail the
>>>> DKIM
>>>> check. After some more digging there is interesting inconsistency in
>>>> DMARC
>>>> configuration for huawei.com domain. There is DMARC record for
>>>> huawei.com
>>>> like:
>>>>
>>>> huawei.com. 600 IN TXT
>>>> "v=DMARC1;p=none;rua=mailto:dmarc@....huawei.com"
>>>>
>>>> which means no DKIM is required but _dmarc.huawei.com has:
>>>>
>>>> _dmarc.huawei.com. 600 IN TXT
>>>> "v=DMARC1;p=quarantine;ruf=mailto:dmarc@...wei.com;rua=mailto:dmarc@...wei.com"
>>>>
>>>>
>>>> which says that DKIM is required. I guess this inconsistency may be the
>>>> reason why there are problems with DKIM validation for senders from
>>>> huawei.com. Yu Kuai, can you perhaps take this to your IT support to
>>>> fix
>>>> this? Either make sure huawei.com emails get properly signed with
>>>> DKIM or
>>>> remove the 'quarantine' record from _dmarc.huawei.com. Thanks!
>>>>
>>>> Honza
>>>>
>>> Hi, Jan and Jens
>>>
>>> I just got response from our IT support:
>>>
>>> 'fo' is not set in our dmarc configuration(default is 0), which means
>>> SPF and DKIM verify both failed so that emails will end up in spam.
>>>
>>> It right that DKIM verify is failed because there is no signed key,
>>> however, our IT support are curious how SPF verify faild.
>>>
>>> Can you guys please take a look at ip address of sender? So our IT
>>> support can take a look if they miss it from SPF records.
>>
>> So SPF is what makes me receive direct emails from you. For example on
>> this
>> email I can see:
>>
>> Received: from frasgout.his.huawei.com (frasgout.his.huawei.com
>> [185.176.79.56])
>> (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256
>> (128/128
>> bits))
>> (No client certificate requested)
>> by smtp-in2.suse.de (Postfix) with ESMTPS id 4LHFjN2L0dzZfj
>> for <jack@...e.cz>; Tue, 7 Jun 2022 03:10:32 +0000 (UTC)
>> ...
>> Authentication-Results: smtp-in2.suse.de;
>> dkim=none;
>> dmarc=pass (policy=quarantine) header.from=huawei.com;
>> spf=pass (smtp-in2.suse.de: domain of yukuai3@...wei.com
>> designates
>> 185.176.79.56 as permitted sender)
>> smtp.mailfrom=yukuai3@...wei.com
>>
>> So indeed frasgout.his.huawei.com is correct outgoing server which makes
>> smtp-in2.suse.de believe the email despite missing DKIM signature. But
>> the
>> problem starts when you send email to a mailing list. Let me take for
>> example your email from June 2 with Message-ID
>> <20220602082129.2805890-1-yukuai3@...wei.com>, subject "[PATCH -next]
>> mm/filemap: fix that first page is not mark accessed in filemap_read()".
>> There the mailing list server forwards the email so we have:
>>
>> Received: from smtp-in2.suse.de ([192.168.254.78])
>> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256
>> bits))
>> by dovecot-director2.suse.de with LMTPS
>> id 8MC5NfVvmGIPLwAApTUePA
>> (envelope-from <linux-fsdevel-owner@...r.kernel.org>)
>> for <jack@...p.suse.de>; Thu, 02 Jun 2022 08:08:21 +0000
>> Received: from out1.vger.email (out1.vger.email
>> [IPv6:2620:137:e000::1:20])
>> by smtp-in2.suse.de (Postfix) with ESMTP id 4LDJYK5bf0zZg5
>> for <jack@...e.cz>; Thu, 2 Jun 2022 08:08:21 +0000 (UTC)
>> Received: (majordomo@...r.kernel.org) by vger.kernel.org via listexpand
>> id S232063AbiFBIIM (ORCPT <rfc822;jack@...e.cz>);
>> Thu, 2 Jun 2022 04:08:12 -0400
>> Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO
>> lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
>> vger.kernel.org
>> with ESMTP id S232062AbiFBIIL (ORCPT
>> <rfc822;linux-fsdevel@...r.kernel.org>);
>> Thu, 2 Jun 2022 04:08:11 -0400
>> Received: from szxga02-in.huawei.com (szxga02-in.huawei.com
>> [45.249.212.188])
>> by lindbergh.monkeyblade.net (Postfix) with ESMTPS id
>> 75DDB25FE;
>> Thu, 2 Jun 2022 01:08:08 -0700 (PDT)
>>
>> and thus smtp-in2.suse.de complains:
>>
>> Authentication-Results: smtp-in2.suse.de;
>> dkim=none;
>> dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM"
>> header.from=huawei.com (policy=quarantine);
>> spf=pass (smtp-in2.suse.de: domain of
>> linux-fsdevel-owner@...r.kernel.org designates
>> 2620:137:e000::1:20 as
>> permitted sender)
>> smtp.mailfrom=linux-fsdevel-owner@...r.kernel.org
>>
>> Because now we've got email with "From" header from huawei.com domain
>> from
>> a vger mail server which was forwarding it. So SPF has no chance to match
>> (in fact SPF did pass for the Return-Path header which points to
>> vger.kernel.org but DMARC defines that if "From" and "Return-Path" do not
>> match, additional validation is needed - this is the "SPF not aligned
>> (relaxed)" message above). And missing DKIM (the additional validation
>> method) sends the email to spam.
>
> Thanks a lot for your analysis, afaics, in order to fix the
> problem, either your mail server change the configuration to set
> alignment mode to "relaxed" instead of "strict", or our mail server
> add correct DKIM signature for emails.
>
> I'll contact with our IT support and try to add DKIM signature.
>
> Thanks,
> Kuai
Hi, Jan
Our IT support is worried that add DKIM signature will degrade
performance, may I ask that how is your mail server configuation? policy
is quarantine or none, and dkim signature is supportted or not.
Thanks,
Kuai
Powered by blists - more mailing lists