Errors in script

erothoff · October 14, 2023, 9:46pm

Found an errors in the installation script.
*) got a “DMARC report” today for my new self hosted ecloud, and it looks like the instructions for the DKIM record is wrong. It has the mail._domainkey for host in the TXT record, but it looks like it should be “default.domainkey” My other domain has that instead, and when I changed it on this domain, it passed the DKIM check.

Found an error in the README for installation.
This is wrong:>

bash /mnt/repo-base/scripts/showInfo.sh

instead it should be bash /mnt/repo-base/scripts/show-info.sh

I’ll wait a few days to see if I get any more “DMARC report” before filing a bug report.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services phone

smu44 · October 15, 2023, 8:41am

Didn’t catch that, as I use shell completion
Thanks! I’ll suggest this to be corrected by Murena team, in next release.

Could be interesting to know who sent this report!
Microsoft, maybe?

Don’t see the point needing a selector rename and removing the underscore…

Could be interesting to know how your check is performed!

Let’s add some information:

DKIM record content is generated by mailserver2 Docker image, and documented here: https://github.com/mailserver2/mailserver/tree/e10532a2261ae10d87dae4fbc36232538e005a03#dns-setup. Self-hosting script just perform a display, removing line feeds (https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/blob/master/scripts/postinstall.sh?ref_type=heads#L171)
– even if it’s possible to change the selector name, the suggested DNS record name syntax will stay the same
“_domainkey” syntax is described here: https://datatracker.ietf.org/doc/html/rfc6376#section-7.5
DKIM guide here https://dmarcguide.globalcyberalliance.org/dkim outputs “_domainkey” record (althrough it is missing the s and t tags, that we have in self-hosting)
domains with “mail._domainkey” pass https://www.mail-tester.com and https://mxtoolbox.com/dkim.aspx
– MXToolBox can use 2 different syntax for DKIM, both tried OK

So, the “_domainkey” DKIM record is probably not wrong.
It could really be of value to know more about the DKIM check you are performing, and the detailed output for the problem
Maybe some servers you are sending email to, are expecting a different (diverging from RFC) syntax that we could add…

erothoff · October 17, 2023, 3:33am

I thought I fixed it by the change I made, (Because it then passed the tester I was using.) But when I send another test message, (It is going to a @comcast.net account.) Comcast sends me a “Domain Report”. I am still trying to translate what it is saying… but I know the first email did go through, but went into the spam folder. I just finished another project, so I should be able to work on this tomorrow.

erothoff · October 24, 2023, 4:08am

You are correct. I made a mistake in reading the report. Where I saw “rejected” was actually the policy that I was giving, not the result of the test. My second report failed the dkim test. When I ran the test at the website, it must have used the old DNS entry, not the new one. My email still went to the spam filter, so I need to look more at why that would be.

smu44 · October 24, 2023, 5:01am

If you got an encrypted SPAMCAUSE, this may be of help: https://stackoverflow.com/questions/41507130/is-it-possible-to-decode-a-spamcause-field-in-a-mail-header

system · January 12, 2024, 9:46pm

This topic was automatically closed after 90 days. New replies are no longer allowed.